多平台统一管理软件接口,如何实现多平台统一管理软件接口
542
2022-10-08
Juniper SRX防火墙-静态NAT(一)(juniper认证)
Juniper SRX 静态NAT
win xp----Juniper SRX------win2003
规划:
1、外网电脑 用虚拟机 2003 模拟外网主机,兼模拟DNS、HTTP服务器;
IP:222.0.0.2/27
2、内网主机用虚拟机 XP 模拟内网,兼HTTP服务器,
IP: 192.168.1.8/24
3、SRX 墙untrust 地址:222.0.0.1/27
trust地址:192.168.1.1/24
4、测试软件:HFS、
实验脚本1
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
set interfaces ge-0/0/1 unit 0 family inet address 222.0.0.1/27
set security nat static rule-set static-nat from zone untrust
set security nat static rule-set static-nat rule 1 match destination-address 222.0.0.6/32
set security nat static rule-set static-nat rule 1 then static-nat prefix 192.168.1.6/32
set security nat static rule-set static-nat rule 2 match destination-address 222.0.0.7/32
set security nat static rule-set static-nat rule 2 then static-nat prefix 192.168.1.7/32
set security nat static rule-set static-nat rule 3 match destination-address 222.0.0.8/32
set security nat static rule-set static-nat rule 3 then static-nat prefix 192.168.1.8/32
set security nat proxy-arp interface ge-0/0/1.0 address 222.0.0.8/32
set security nat proxy-arp interface ge-0/0/1.0 address 222.0.0.7/32
set security nat proxy-arp interface ge-0/0/1.0 address 222.0.0.9/32
set security policies from-zone trust to-zone untrust policy rule1 match source-address any
set security policies from-zone trust to-zone untrust policy rule1 match destination-address any
set security policies from-zone trust to-zone untrust policy rule1 match application any
set security policies from-zone trust to-zone untrust policy rule1 then permit
set security policies from-zone untrust to-zone trust policy rule01 match source-address any
set security policies from-zone untrust to-zone trust policy rule01 match destination-address any
set security policies from-zone untrust to-zone trust policy rule01 match application any
set security policies from-zone untrust to-zone trust policy rule01 then permit
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
root@SRX-1> show security flow session
Session ID: 1344, Policy name: rule1/4, Timeout: 2, Valid
In: 192.168.1.8/295 --> 220.0.0.2/61201;icmp, If: ge-0/0/0.0, Pkts: 1, Bytes: 84
Out: 220.0.0.2/61201 --> 220.0.0.8/295;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Session ID: 1345, Policy name: rule1/4, Timeout: 2, Valid
In: 192.168.1.8/296 --> 220.0.0.2/61201;icmp, If: ge-0/0/0.0, Pkts: 1, Bytes: 84
Out: 220.0.0.2/61201 --> 220.0.0.8/296;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Session ID: 1347, Policy name: rule1/4, Timeout: 4, Valid
In: 192.168.1.8/297 --> 220.0.0.2/61201;icmp, If: ge-0/0/0.0, Pkts: 1, Bytes: 84
Out: 220.0.0.2/61201 --> 220.0.0.8/297;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Total sessions: 3
root@SRX-1> show security nat static rule all
Total static-nat rules: 3
Total referenced IPv4/IPv6 ip-prefixes: 6/0
Static NAT rule: 1 Rule-set: static-nat
Rule-Id : 1
Rule position : 1
From zone : untrust
Destination addresses : 220.0.0.6
Host addresses : 192.168.1.6
Netmask : 32
Host routing-instance : N/A
Translation hits : 0
Successful sessions : 0
Failed sessions : 0
Number of sessions : 0
Static NAT rule: 3 Rule-set: static-nat
Rule-Id : 3
Rule position : 3
From zone : untrust
Destination addresses : 220.0.0.8
Host addresses : 192.168.1.8
Netmask : 32
Host routing-instance : N/A
Translation hits : 719
Successful sessions : 719
Failed sessions : 0
Number of sessions : 4
root@SRX-1> show security flow session
Session ID: 2437, Policy name: self-traffic-policy/1, Timeout: 2, Valid
In: 220.0.0.2/0 --> 220.0.0.9/34064;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Out: 220.0.0.9/34064 --> 220.0.0.2/0;icmp, If: .local..0, Pkts: 1, Bytes: 84
Session ID: 2438, Policy name: rule1/4, Timeout: 2, Valid
In: 192.168.1.8/1233 --> 220.0.0.2/61201;icmp, If: ge-0/0/0.0, Pkts: 1, Bytes: 84
Out: 220.0.0.2/61201 --> 220.0.0.8/1233;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Session ID: 2439, Policy name: self-traffic-policy/1, Timeout: 2, Valid
In: 220.0.0.2/1 --> 220.0.0.9/34064;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Out: 220.0.0.9/34064 --> 220.0.0.2/1;icmp, If: .local..0, Pkts: 1, Bytes: 84
Session ID: 2440, Policy name: rule1/4, Timeout: 2, Valid
In: 192.168.1.8/1234 --> 220.0.0.2/61201;icmp, If: ge-0/0/0.0, Pkts: 1, Bytes: 84
Out: 220.0.0.2/61201 --> 220.0.0.8/1234;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Session ID: 2441, Policy name: self-traffic-policy/1, Timeout: 4, Valid
In: 220.0.0.2/2 --> 220.0.0.9/34064;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Out: 220.0.0.9/34064 --> 220.0.0.2/2;icmp, If: .local..0, Pkts: 1, Bytes: 84
Session ID: 2442, Policy name: rule1/4, Timeout: 4, Valid
In: 192.168.1.8/1235 --> 220.0.0.2/61201;icmp, If: ge-0/0/0.0, Pkts: 1, Bytes: 84
Out: 220.0.0.2/61201 --> 220.0.0.8/1235;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Total sessions: 6
非接口子网段NAT实验
set security nat static rule-set static-nat rule 4 match destination-address 111.0.0.8/32
set security nat static rule-set static-nat rule 4 then static-nat prefix 192.168.1.8/32
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
发表评论
暂时没有评论,来抢沙发吧~