SRX Services Gateway
Reply
Visitor
optize
Posts: 4
Registered: ‎01-10-2011
0

Help with port forwarding

Hello -

 

I have a Juniper SRX here at my house, and I'm trying to do simple port forwarding, trying to forward from my external IP, TCP 3389 to my internal, 10.0.15.15, 3389.

 

I can't seem to figure it out, can someone point me in the right direction?

 

Thanks in advance!

 

Super Contributor
colemtb
Posts: 311
Registered: ‎09-30-2009

Re: Help with port forwarding

A "load patch term" for ya.

 

[edit security nat]
+    destination {
+        pool RDP {
+            address 192.168.11.34/32 port 3389;
+        }
+        rule-set External-Dst-Nat {
+            from zone untrust;
+            rule Dst-Nat {
+                match {
+                    destination-address EXTERNALIP/32;
+                    destination-port 3389;
+                }
+                then {
+                    destination-nat pool RDP;
+                }
+            }
+        }
+    }
[edit security nat proxy-arp]
+     interface ge-0/0/15.0 {
+         address {
+             EXTERNALIP/32;
+         }
+     }
[edit security zones security-zone trust]
+     address-book {
+         address RDP 192.168.11.34/32;
+     }
[edit security policies from-zone untrust to-zone trust]
+     policy RDP-Permit {
+         match {
+             source-address any;
+             destination-address RDP;
+             application RDP;
+         }
+         then {
+             permit;
+         }
+     }
[edit]
+  applications {
+      application RDP {
+          protocol tcp;
+          destination-port 3389;
+      }
+  }

Visitor
optize
Posts: 4
Registered: ‎01-10-2011
0

Re: Help with port forwarding

Thanks, that helped a ton!

 

This is what I added, which works.

 

[edit security nat]
+    destination {
+        pool RDP {
+            address 10.0.15.15/32 port 3389;
+        }
+        rule-set External-Dst-Nat {
+            from zone untrust;
+            rule Dst-Nat {
+                match {
+                    destination-address 98.177.x.x/32;
+                    destination-port 3389;
+                }
+                then {
+                    destination-nat pool RDP;
+                }
+            }
+        }
+    }
[edit security zones security-zone trust]
+     address-book {
+         address RDP 10.0.15.15/32;
+     }
[edit security policies]
     from-zone vpn to-zone trust { ... }
+    from-zone untrust to-zone trust {
+        policy RDP-Permit {
+            match {
+                source-address any;
+                destination-address RDP;
+                application RDP;
+            }
+            then {
+                permit;
+            }
+        }
+    }
[edit applications]
    application junos-ssh { ... }
+   application RDP {
+       protocol tcp;
+       destination-port 3389;
+   }

 

However, my external IP is dhcp, it changes so often so I can't keep that dest-address statement in there, and it won't let me commit without it.   Is there any workaround to that?

 

Super Contributor
colemtb
Posts: 311
Registered: ‎09-30-2009

Re: Help with port forwarding

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.