Why don't work my nat rules?
root@srx210> show configuration security nat
rule-set rs1 {
from zone trust;
to zone untrust;
rule r1 {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
rule r2 {
match {
source-address 172.30.0.111/32;
destination-address 0.0.0.0/0;
}
then {
source-nat {
off;
}
}
}
}
}
destination {
pool mail-server1 {
address 172.30.0.111/32 port 25;
}
pool mail-server2 {
address 172.30.0.111/32 port 80;
}
pool mail-server3 {
address 172.30.0.111/32 port 443;
}
rule-set mail-server {
from interface fe-0/0/7.0;
rule port-forward1 {
match {
destination-address 62.118.2.200/32;
destination-port 80;
}
then {
destination-nat pool mail-server2;
}
}
rule port-forward2 {
match {
destination-address 62.118.2.200/32;
destination-port 25;
}
then {
destination-nat pool mail-server1;
}
}
rule port-forward3 {
match {
destination-address 62.118.2.200/32;
destination-port 443;
}
then {
destination-nat pool mail-server3;
}
}
}
}
root@srx210> show security flow session source-prefix 172.30.0.111/32
Session ID: 45961, Policy name: trust-to-untrust/4, Timeout: 1800, Valid
In: 172.30.0.111/4789 --> 64.12.73.195/443;tcp, If: ge-0/0/0.4, Pkts: 21, Bytes: 1533
Out: 64.12.73.195/443 --> 62.118.2.205/28879;tcp, If: fe-0/0/7.0, Pkts: 26, Bytes: 17388
Session ID: 46415, Policy name: trust-to-untrust/4, Timeout: 1792, Valid
In: 172.30.0.111/4802 --> 74.125.43.101/80;tcp, If: ge-0/0/0.4, Pkts: 5, Bytes: 958
Out: 74.125.43.101/80 --> 62.118.2.205/2479;tcp, If: fe-0/0/7.0, Pkts: 5, Bytes: 3209
Session ID: 46458, Policy name: trust-to-untrust/4, Timeout: 150, Valid
In: 172.30.0.111/4811 --> 89.208.32.3/80;tcp, If: ge-0/0/0.4, Pkts: 10, Bytes: 1410
Out: 89.208.32.3/80 --> 62.118.2.205/43992;tcp, If: fe-0/0/7.0, Pkts: 11, Bytes: 13532
Session ID: 46534, Policy name: trust-to-untrust/4, Timeout: 1800, Valid
In: 172.30.0.111/4817 --> 89.208.32.3/80;tcp, If: ge-0/0/0.4, Pkts: 2, Bytes: 88
Out: 89.208.32.3/80 --> 62.118.2.205/55370;tcp, If: fe-0/0/7.0, Pkts: 1, Bytes: 48
---(more)---[abort]
root@srx210> show configuration interfaces
ge-0/0/0 {
vlan-tagging;
unit 4 {
vlan-id 4;
family inet {
address 172.30.0.230/24;
}
}
}
fe-0/0/7 {
unit 0 {
family inet {
address 62.118.2.205/24;
root@srx210> show configuration security zones
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
ge-0/0/0.4;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
all {
except;
}
}
protocols {
all {
except;
}
}
}
interfaces {
fe-0/0/7.0;
}
}
root@srx210> show configuration security zones
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
ge-0/0/0.4;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
all {
except;
}
}
protocols {
all {
except;
}
}
}
interfaces {
fe-0/0/7.0;
}
}