juniper SRX 地址埠對映設定

Caomeinico發表於2021-10-26

需求說明:外網IP:123.123.123.123:22222 對映 內網 10.100.200.22:22



定義內網地址池(ssh-22)和埠號

set security nat destination pool ssh-22 address 10.100.200.22/32

set security nat destination pool ssh-22 address port 22


定義外網地址埠


edit security nat destination #進入nat destination 編輯介面

set rule-set u-t0-t from zone untrust #設定 u-to-t 流量從那個區域進入

set rule-set u-t0-t rule ssh22 match source-address 0.0.0.0/0 #原地址

set rule-set u-to-t rule ssh22 match destination-address 123.123.123.123/32 #目標地址

set rule-set u-to-t rule ssh22 match destination-port 22222 #對外開放埠

set rule-set u-to-t rule ssh22 match protocol tcp #使用協義

set rule-set u-to-t rule ssh22 then destination-nat pool ssh-22 #轉換到那個地址池

exit(退出 nat destination 編輯介面)


定義內網協議埠


set applications application tcp-22 protocol tcp

set applications application tcp-22 destination-port 22


定義內網地址


set security zones security-zone trust address-book address ssh22 10.100.200.22


定義策略


edit security policies from-zone untrust to-zone trust

set policy linux-ssh22 match source-address any

set policy linux-ssh22 match destination-address ssh22 #address-book 地址

set policy linux-ssh22 match application tcp-22 #設定為內網真實埠

set policy linux-ssh22 match application junios-ssh

set policy linux-ssh22 then permit



更多建站及原始碼交易資訊請見 GoodMai



來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/70008684/viewspace-2839308/,如需轉載,請註明出處,否則將追究法律責任。

相關文章