Hi,
new with junos/network as such, I've been playing around with getting an srx210 configured. It kinda works.
I get an IP on the vdsl2 pim, I can ping out from the device on dns. Here is where it gets weird.
When I hook up a laptop I get connected on skype (IP host). I can access www.google.com and do searches, but not open the resutls, in other words dns works to google but nowhere else. Does anybody have any experience with this?
I suspect I've left out something rather simple but I can't see the trees for the forrest.
Below is the config:
name-server {
195.186.1.162;
195.186.4.162;
}
services {
ssh;
web-management {
https {
system-generated-certificate;
interface ge-0/0/1.0;
}
}
}
}
interfaces {
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.31.254/24;
}
}
}
pt-1/0/0 {
vdsl-options {
vdsl-profile 17a;
}
unit 0 {
encapsulation ppp-over-ether;
}
}
pp0 {
unit 0 {
ppp-options {
chap {
default-chap-secret ""; ## SECRET-DATA
local-name "";
passive;
}
}
pppoe-options {
underlying-interface pt-1/0/0.0;
auto-reconnect 120;
client;
}
family inet {
negotiate-address;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop pp0.0;
}
}
security {
alg {
dns maximum-message-length 8192;
}
nat {
source {
rule-set ALL_TRUST {
from zone TRUST;
to zone UNTRUST;
rule RULE_1 {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone TRUST to-zone UNTRUST {
policy PERMIT_ALL {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone TRUST to-zone TRUST {
policy PERMIT_ALL {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone TRUST {
host-inbound-traffic {
system-services {
ping;
ssh;
https;
}
}
interfaces {
ge-0/0/1.0;
}
}
security-zone UNTRUST {
interfaces {
pt-1/0/0.0;
pp0.0;
}
}
}
}