set security policies from-zone untrust to-zone trust policy DNAT_ALTOS_POLICY match application TELNET_DNAT
to set security policies from-zone untrust to-zone trust policy DNAT_ALTOS_POLICY match application junos-telnet Did not work either On Thu, Nov 28, 2013 at 12:30 PM, Per Westerlund <p...@westerlund.se> wrote: > Below is what I believe is a working solution. > > First, with destination nat, matching on public IP/port, the destination > IP/port is translated from 24.173.164.162 :3333 to 132.147.160.3:23. > > Next, the policy match statement has to allow just that, after the > translation: 132.147.160.3:23. "junos-telnet" is a preconfigured way of > saying TCP/23. > > /Per > > ------- snip ------------ > set security zones security-zone trust address-book address ALTOS_SERVER > 132.147.160.3/32 > > set security nat destination pool DNAT_POOL address 132.147.160.3/32 > set security nat destination pool DNAT_POOL address port 23 > > set security nat destination rule-set DNAT_RULE from zone untrust > set security nat destination rule-set DNAT_RULE rule rule1 match > destination-address 24.173.164.162/32 > set security nat destination rule-set DNAT_RULE rule rule1 match > destination-port 3333 > set security nat destination rule-set DNAT_RULE rule rule1 then > destination-nat pool DNAT_POOL > > set security policies from-zone untrust to-zone trust policy > DNAT_ALTOS_POLICY match source-address any > set security policies from-zone untrust to-zone trust policy > DNAT_ALTOS_POLICY match destination-address ALTOS_SERVER > set security policies from-zone untrust to-zone trust policy > DNAT_ALTOS_POLICY match application junos-telnet > > set security policies from-zone untrust to-zone trust policy > DNAT_ALTOS_POLICY then permit > ------- snip ------------ > > > 28 nov 2013 kl. 10:08 skrev Mohammad Khalil <eng.m...@gmail.com>: > > set security policies from-zone untrust to-zone trust policy > DNAT_POLICY match application junos-telnet > > But am already using 3333 right ? and junos-telnet is supposed to work in > 23 ? > > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp