SRX Services Gateway
Highlighted
SRX Services Gateway

Publicb server to Internet

‎11-20-2018 07:17 PM

net.png

I wan to public Webserver to internet and the code below

  nat {
        source {
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }

 

 destination {
            pool webserver {
                address 192.168.2.10/32 port 88;
            }
            rule-set WebNat {
                from zone untrust;
                rule RuleWebNat {
                    match {
                        destination-address <public local>/32;
                        destination-port {
                            88;
                        }
                    }
                    then {
                        destination-nat {
                            pool {
                                webserver;
                            }
                        }
                    }
                }
            }
        }
    }

 

 policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy untrust-trust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }

 

routing-options {
    static {
        route 0.0.0.0/0 next-hop [ 192.168.1.1 ];
    }
}

 

but it's not work, I need a help

Thank!

1 REPLY 1
Highlighted
SRX Services Gateway

Re: Publicb server to Internet

‎11-20-2018 11:12 PM

Hello,

 

Is '<public local>/32' in the same subnet of Untrust Interface?

If yes, you will need proxy-arp configured as below:-

 

set security nat proxy-arp interface <untrust-interface> address <public local>/32

commit

 

If it is not in the same subnet, upstream router should have a route for '<public local>/32' pointing to SRX Untrust interface IP.

 

Regards,

 

Rushi

Feedback