Hi All I have srx210h I Have a server with an IP address x.x.x.x and want to allow telnet access to it on different port (I chose 3333) , and assigned it the public IP address y.y.y.y But seems not working set security zones security-zone trust address-book address SERVER y.y.y.y/32
set applications application TELNET_DNAT protocol tcp set applications application TELNET_DNAT destination-port 3333 set security nat destination pool DNAT_POOL address y.y.y.y/32 set security nat destination pool DNAT_POOL address port 23 set security nat destination rule-set DNAT_RULE from zone untrust set security nat destination rule-set DNAT_RULE rule rule1 match destination-address x.x.x.x/32 set security nat destination rule-set DNAT_RULE rule rule1 match destination-port 3333 set security nat destination rule-set DNAT_RULE rule rule1 then destination-nat pool DNAT_POOL set security policies from-zone untrust to-zone trust policy DNAT_POLICY match source-address any set security policies from-zone untrust to-zone trust policy DNAT_POLICY match destination-address SERVER set security policies from-zone untrust to-zone trust policy DNAT_POLICY match application TELNET_DNAT set security policies from-zone untrust to-zone trust policy DNAT_POLICY then permit _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp