Juniper防火墙配置NAT映射

#juniper #网络设备 #网络

cli
configure

set security nat destination pool dst-59014 address 192.168.2.43/32 # 192.168.2.43是iptables 跟 juniper相连的IP
set security nat destination pool dst-59014 address port 59014      # 内网服务器映射在iptables 跟juniper相连IP的端口

set security nat destination rule-set 8 rule dst-59014 match source-address 0.0.0.0/0   # dst-59014，rule描述，建议跟上面的pool名称一致，方便管理，0.0.0.0/0 juniper允许访问的IP范围，一般允许所有IP，不做修改
set security nat destination rule-set 8 rule dst-59014 match destination-address 113.57.x.x/32  # dst-59014，rule描述，113.57.150.159/32公网IP和掩码，一般不修改
set security nat destination rule-set 8 rule dst-59014 match destination-port 59014 # 59014，外网端口，不可重复
set security nat destination rule-set 8 rule dst-59014 then destination-nat pool dst-59014  # 对应的iptables配置池
set security nat destination rule-set 8 rule dst-59014 description "数据管理平台NAT"          # 本条rule整体描述

commit

上一页Juniper防火墙配置Firewall规则屏蔽或允许访问指定端口下一页OpenWRT

最后更新于1年前