SRX

Here is part of my configuration below, i want to match both TCP and UDP port,  "address 192.168.147.106/32 port 53" specific port 53, this is UDP or TCP port??

nat

destination {

pool domain {
                address 192.168.147.106/32 port 53;
            }

rule domain {
                    match {
                        source-address 0.0.0.0/0;
                        destination-address 1.1.1.1/32;
                        destination-port 53;
                    }
                    then {
                        destination-nat pool domain;
                    }
                }
             }

           }

Junos has some build in applications that can be used.  I have changed part of your config.

match {
source-address 0.0.0.0/0;
destination-address 1.1.1.1/32;
application [ junos-dns-udp junos-dns-tcp ];
}

or you can create your own custom application

EG

match {
source-address any;
 destination-address 192.168.1.1/32;
application HTTPS-TCP-8443;
}

applications {
    application HTTPS-TCP-8443 {
        protocol tcp;
        destination-port 8443;
    }
}

Oh!!

Thanks a lot, its a big help to me

in addition may i ask one more question

the address XXXX port YY command, the port YY mean TCP por or UDP port??

x.x.x.x/y.y  is the IP address and the network bits not the port number

E.G.

a /32 = 1 ip address

a /24 = 256 IP address aka a "C" Class

i mean

address 192.168.147.106/32 port 53;

the port 53 is TCP or UDP?

and i try just now

destination nat cannot use application, it can only specified by port, and I cannot found any information what type of port it is, UDP? or TCP?

I do not know for sure, but I belive that it is TCP only.  I did a quick scan throught the junos docs I have here and could not find out for sure.  In my setup it works to TCP.

anyway thanks for your support

I think I will open a support case on juniper about this

if you find out, can you post the answer here?

sure

I will share the answer here

Hi,

In NAT configuration, port number is not specific to tcp or udp .. it means any application that uses this port ...

you can not classify tcp or udp using port keyword ...

Regards

if I need to specify TCP or UPD port

how can I achieve this?

No you can not do that ...

Possible solutions may be

1. If two services (UDP and TCP) using same port numbers, the try to change the port number ...

2. If port number change is not possible, you can implement a solution where TCP service will undergo NAT but UDP will not using UDP NAT Traversal or UDP hole punching ... (google it)

But i advise instead of going something complex, try to go for option-1

Regards

Dears,

what about source nat with ICMP type-8 = ping

as the protocol type didn't included in the options of the match statement in Junos 10.4