juniper SRX 地址埠對映設定

需求說明：外網IP：123.123.123.123:22222 對映 內網 10.100.200.22:22

定義內網地址池(ssh-22)和埠號

set security nat destination pool ssh-22 address 10.100.200.22/32

set security nat destination pool ssh-22 address port 22

定義外網地址埠

edit security nat destination #進入nat destination 編輯介面

set rule-set u-t0-t from zone untrust #設定 u-to-t 流量從那個區域進入

set rule-set u-t0-t rule ssh22 match source-address 0.0.0.0/0 #原地址

set rule-set u-to-t rule ssh22 match destination-address 123.123.123.123/32 #目標地址

set rule-set u-to-t rule ssh22 match destination-port 22222 #對外開放埠

set rule-set u-to-t rule ssh22 match protocol tcp #使用協義

set rule-set u-to-t rule ssh22 then destination-nat pool ssh-22 #轉換到那個地址池

exit（退出 nat destination 編輯介面)

定義內網協議埠

set applications application tcp-22 protocol tcp

set applications application tcp-22 destination-port 22

定義內網地址

set security zones security-zone trust address-book address ssh22 10.100.200.22

定義策略

edit security policies from-zone untrust to-zone trust

set policy linux-ssh22 match source-address any

set policy linux-ssh22 match destination-address ssh22 #address-book 地址

set policy linux-ssh22 match application tcp-22 #設定為內網真實埠

set policy linux-ssh22 match application junios-ssh

set policy linux-ssh22 then permit

更多建站及原始碼交易資訊請見 GoodMai