Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Forward Traffic on specific port to specific external ip

    Posted 05-12-2011 15:56

    Greetings all,

     

    I'm trying to set up port forwarding for a mail server. we have a /29 block of public IPs, and I want the public source IP from all SMTP traffic from a specific internal mail server (10.0.0.12) to be different from all of our other outbound traffic.

     

    I tried to accomplish this by setting up a DIP for the IP I want to use, then I created a policy with the source set to 10.0.0.12/32, destination ANY, service MAIL, and under advanced, source translation set to the DIP I created.

     

    This has not had any effect, and all mail from this server is still going out over the IP we use for all other outbound traffic.

     

     

    Any suggestions would be greatly appreciated.



  • 2.  RE: Forward Traffic on specific port to specific external ip
    Best Answer

    Posted 05-12-2011 17:20

    Hi,

     

    I typically use a MIP for SMTP, especially since most of my customers want the same (unitque public IP).  MIP's are bidirectional, so the outbound NAT is automatically done for you.  I would create the MIP on your Untrust interface and add a policy that permits the traffic.  I included an example below.  I hope this helps.

     

    set interface "ethernet3/1" mip 1.1.1.1 host 10.0.0.12 netmask 255.255.255.255 vr "trust-vr"

    set policy from "Untrust" to "Trust"  "any"  "MIP(1.1.1.1)" "MAIL" permit 

    set policy from trust to untrust any any any permit nat

     

    Note: replace the interface and 1.1.1.1 with the appropriate info.

     

    John



  • 3.  RE: Forward Traffic on specific port to specific external ip

    Posted 05-13-2011 10:00

    Worked perfectly, thank you very much!