Hi,
I'm just learning srx and having trouble with filter based forwarding. I found a dozen of article here, but cannot solve my problem.
I'm testing a srx-100 (like to replace an ssg-5. I have two untrust interfaces (one of them fixed, one of them is PPPoE - but in my test environment I use one fix IP and a DHCP client). So main config is the following:
fe-0/0/0.0 192.168.11.1/24 - trust
fe-0/0/1.0 dhcp client - untrust
fe-0/0/2.0 89.133.214.27/28 - untrust gateway: 89.133.214.30
I'd like to route http/https traffic to fe-0/0/2.0 if
Please help! I also attache the full config.
My routing config:
routing-options {
interface-routes {
rib-group inet default;
}
static {
rib-group default;
route 0.0.0.0/0 {
next-hop 192.168.7.1; I filled this up but this address is provided by dhcp I can't use if as next-hop
metric 5;
}
}
rib-groups {
default {
import-rib [ inet.0 upc.inet.0 ];
}
}
}
firewall {
family inet {
filter iroda-input {
term web-traffic {
from {
source-address {
192.168.11.0/24;
}
destination-port [ http https ];
}
then {
routing-instance upc;
}
}
term default {
then accept;
}
}
}
}
routing-instances {
upc {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 89.133.214.30;
}
}
}
}