SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Destination nat port forward issue

    Posted 06-13-2016 19:44

     Hi all, 

     

     

    For the SRX 240, I want to set destination nat port forward for below:

     

     

    172.16.1.3:125    --> 192.168.1.108:125
    172.16.1.45:1433 --> 192.168.1.108:1433

     

    The two different internal ip and port to map one internet ip different port . Can I do that?!

     

     

    Best regards,

    The-O

     



  • 2.  RE: Destination nat port forward issue
    Best Answer

    Posted 06-13-2016 22:30

    You'll need something like the below:

     

    root# show security nat destination
    pool 125 {
    address 192.168.1.108/32 port 125;
    }
    pool 1433 {
    address 192.168.1.108/32 port 1433;
    }
    rule-set ruleset1 {
    from zone untrust;
    rule 1 {
    match {
    destination-address 172.16.1.3/32;
    destination-port {
    125;
    }
    }
    then {
    destination-nat {
    pool {
    125;
    }
    }
    }
    }
    rule 2 {
    match {
    destination-address 172.16.1.3/32;
    destination-port {
    1433;
    }
    }
    then {
    destination-nat {
    pool {
    1433;
    }
    }
    }
    }
    }

     

    Dont forget to add proxy-arp. 

     

    Regards,

    Srinath

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too



  • 3.  RE: Destination nat port forward issue

    Posted 06-14-2016 04:10

    Hi, 

     

    rule 2 {
    match {
    destination-address 172.16.1.3/32; <-- It should be 172.16.1.45/32, Right?
    destination-port {
    1433;
    }
    }
    then {
    destination-nat {
    pool {
    1433;
    }
    }
    }
    }
    }



  • 4.  RE: Destination nat port forward issue

    Posted 06-14-2016 19:02

    Yes you are correct. It should be .45 instead of .3. Sorry for the typo.

     

    Regards,

    Srinath