Hi,
You were right, using pic1 means i should use si-0/1/0 (si-slot/PIC/port). Right now, i'm using pic0 with si-0/0/0.
Now, some of it is working. It seems like the nat pool that i'm using should not include the ip address of my egress port (172.22.2.47/32). I changed it to 172.22.2.39/32, and bingo! now i can reach 8.8.8.8 from the routers inside interface (ge-0/0/0 address 192.168.1.10), but cannot ping from a client (192.168.1.11) who is directly connected to ge-0/0/0, not even the ip of the interface itself.
The client can ping its gateway when i deactivate the service set configured on ge-0/0/0.
Here is an update of my configuration:
chassis {
fpc 0 {
pic 0 {
##
## Warning: requires 'si-ifd' license
##
inline-services {
bandwidth 1g;
}
}
service-package bundle-nat-ipsec;
}
}
services {
service-set INT-STYLE-SS-NAT1 {
nat-rules SRC-NAT1;
interface-service {
service-interface si-0/0/0.0;
}
}
nat {
pool p1 {
address 172.22.2.39/32;
port {
range low 49160 high 51207;
}
}
rule SRC-NAT1 {
match-direction input;
term r1 {
from {
source-address {
192.168.1.0/24;
}
}
then {
translated {
source-pool p1;
translation-type {
napt-44;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
description INSIDE;
unit 0 {
family inet {
service {
input {
service-set INT-STYLE-SS-NAT1;
}
output {
service-set INT-STYLE-SS-NAT1;
}
}
address 192.168.1.10/24;
}
}
}
si-0/0/0 {
unit 0 {
family inet;
}
}
ge-0/1/3 {
description OUTSIDE;
vlan-tagging;
media-type copper;
gigether-options {
auto-negotiation;
}
unit 0 {
vlan-id 9;
family inet {
address 172.22.2.47/24 {
primary;
}
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 172.22.2.1;
route 192.168.1.0/24 next-hop ge-0/0/0.0;
}
}
Here is a ping from 192.168.1.10 (ge-0/0/0)
root# run ping source 192.168.1.10 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=118 time=14.269 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=12.930 ms
Show services inline nat pool
root# run show services inline nat pool
Interface: si-0/0/0, Service set: INT-STYLE-SS-NAT1
NAT pool: p1, Translation type: NAPT-44
Address range: 172.22.2.39-172.22.2.39
NATed packets: 2530, deNATed packets: 4, Errors: 0, Skipped packets: 0
I know that i have changed a lot in the naming of my pool/rule/services. I hope it won't confuse you guys.