Matt, Now that you've gotten this far, adding inbound static NAT is pretty simple. :-)
Create a NAT pool with your internal address(es). Add a new rule with a match-direction of "output". In this rule, add a term with a "from" clause that matches packets with a destination address of your public address. In the then clause, specify the NAT pool with your internal addresses (as a destination-pool) and a translation type of "destination static". Here's an example which translates 172.17.39.18/32 (outside address) to 192.168.200.1/32 (inside address): services { nat { pool dest-pool { address 192.168.200.2/32; } rule dest-nat { match-direction output; term dest-nat { from { destination-address { 172.17.39.18/32; } } then { translated { destination-pool dest-pool; translation-type { destination static; } } } } } } } Don't forget to match on applications in the rule, if necessary, to activate ALGs. Now, you just add the new rule to the existing service-set and everything should work! -Jon On 11/1/07, Matt Stevens <[EMAIL PROTECTED]> wrote: > I'm a recent Cisco convert - trying to wrap my head around the Juniper > was of dealing with NAT. > > I'm trying to get a setup working where I can allow inbound traffic > through the NAT to specific internal machines. > > Ideally I'd like to be able to map things at a port level - ie. port 80 > on external address X goes to port Y on internal address Z. > > I have things working to the point where I can NAT a specific internal > address to a specific external address (see config at the end), with > everyone else using PAT on a different address. But I can't seem to > figure out how I allow inbound traffic through. > > This is on a J-4350, if that makes any difference... > > Any pointers in the right direction would be most appreciated! > -- > matt > > > Here's my service nat config. I have the service-set for this applied on > the internal interface: > rule NAT { > match-direction input; > term static-matt { > from { > source-address { > 192.168.1.238/32; > } > } > then { > translated { > source-pool static-matt; > translation-type { > source static; > } > } > } > } > term dynamic { > then { > translated { > source-pool dynamic; > translation-type { > source dynamic; > } > } > } > } > } > } > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp