Thanks for the reply. Please forgive my new username - for some reason, this site demanded I choose a name even though I already chose.
At this point, anything is an option. I absolutely tore my network apart yesterday trying to find some way of making this work. I ended up shutting off the SRX100 and writing an IPTables script to get my stuff working the way it once was. BAM - back online 😃
The NAT instructions Juniper offers me in their KB articles never worked for inbound traffic (tried for hours across three distinct releases of firmware) - your URLs look very similar (in context) to the docs I used yesterday (though your links may still be worth a shot).
But to be honest, I really don't like NAT for servers. I want my servers to route instead of NAT. The only things that should use NAT are my users when they egress to the outside world. I dont like that I can't do "mixed" configurations like I could using an SSG and "binded" interfaces.
I even tried making a "NON-Nat NAT policy for outbound purposes. In other words:
set security nat source rule-set l2-trust from zone l2-trust
set security nat source rule-set l2-trust to interface fe-0/0/0 (this is the public connected interface)
set security nat source rule-set l2-trust rule l2-egress match source-address x.x.x.x/x (public /32 or entire pub /29)
set security nat source rule-set l2-trust rule l2-egress then source-nat off
.... thinking that it would work the same, except without Network Address Translation. It never worked unfortunately.
I am going to try to put together a diagram that will visually "tell the story of what I am trying to do". I'm a little loopy from lack of sleep, and a little frustrated from the difficulties I have faced. "Drawing" my intentions out may be beneficial for everyone.
In any rate, I thank you for your response. I will review these links a little more indepth this morning and try to discern where I went wrong, either in practice or in logic.
Take care
Gropefruit / Gropefruit_1