But I already configured set security zones security-zone trust address-book address SERVER y.y.y.y/32 Which will contain the real IP address right ? I followed the link below http://www.fir3net.com/Juniper-SRX-Series-Gateway/juniper-srx-destination-nat-port-forwarding.html
On Thu, Nov 28, 2013 at 11:08 AM, Asad Raza <asadgard...@gmail.com> wrote: > Hi, > > DNAT is done before the policy match/route lookup. You need to allow > x.x.x.x in the policy instead of y.y.y.y > > Regards, > > Asad > On Nov 28, 2013, at 11:00 AM, Mohammad Khalil <eng.m...@gmail.com> wrote: > > > Hi All > > I have srx210h > > I Have a server with an IP address x.x.x.x and want to allow telnet > access > > to it on different port (I chose 3333) , and assigned it the public IP > > address y.y.y.y > > But seems not working > > set security zones security-zone trust address-book address SERVER > > y.y.y.y/32 > > > > set applications application TELNET_DNAT protocol tcp > > set applications application TELNET_DNAT destination-port 3333 > > > > set security nat destination pool DNAT_POOL address y.y.y.y/32 > > set security nat destination pool DNAT_POOL address port 23 > > > > set security nat destination rule-set DNAT_RULE from zone untrust > > > > set security nat destination rule-set DNAT_RULE rule rule1 match > > destination-address x.x.x.x/32 > > set security nat destination rule-set DNAT_RULE rule rule1 match > > destination-port 3333 > > set security nat destination rule-set DNAT_RULE rule rule1 then > > destination-nat pool DNAT_POOL > > > > set security policies from-zone untrust to-zone trust policy DNAT_POLICY > > match source-address any > > set security policies from-zone untrust to-zone trust policy DNAT_POLICY > > match destination-address SERVER > > set security policies from-zone untrust to-zone trust policy DNAT_POLICY > > match application TELNET_DNAT > > set security policies from-zone untrust to-zone trust policy DNAT_POLICY > > then permit > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp