SRX Services Gateway
SRX Services Gateway

port forwarding without destination address

09.13.10   |  
‎09-13-2010 10:49 PM

Hi,

Is it possible in Junos not to specify the destination address when doing port forwarding?

I try to translate this statement from ScreenOS into Junos:

 

set interface untrust vip untrust 25 "SMTP" 192.168.168.9

 

 

rule-set port-forwarding {
    from zone untrust;
    rule r1 {
        match {
            destination-port 25;
            ## Warning: missing mandatory statement(s): 'destination-address'
        }
        then {
            destination-nat pool s1-SMTP;
        }
    }
}

 

 

Regards,

Tom

4 REPLIES
SRX Services Gateway

Re: port forwarding without destination address

09.15.10   |  
‎09-15-2010 09:08 AM

Hi,

 

Can you please provide the "get conf | i untrust" from the screenOs box.

 

Thanks

Atif

Highlighted
SRX Services Gateway

Re: port forwarding without destination address

09.15.10   |  
‎09-15-2010 09:33 AM

If you do not care about the address in the match condition for destination address provide "0.0.0.0/0"

 

This will match any address and not care about teh specific prefix .

SRX Services Gateway

Re: port forwarding without destination address

09.16.10   |  
‎09-16-2010 06:21 PM

Thanks routeruser, but how to configure the proxy-arp?

 

commit check
[edit security nat proxy-arp interface pp0.0]
  'address 0.0.0.0/0'
    IP address 0.0.0.0 is invalid
error: configuration check-out failed

 

Regards,

Tom

SRX Services Gateway

Re: port forwarding without destination address

09.17.10   |  
‎09-17-2010 04:25 AM

try this, not proxy arp needed if you are using the interface IP.

 

ule-set port-forwarding {
    from zone untrust;
    rule r1 {
        match {
            destination-port 25;
            destination-address 0.0.0.0/0;
        }
        then {
            destination-nat pool s1-SMTP;
        }
    }
}

 

-Pra