SRX 設定 DNAT方式
CLI 底下
先設定pool的member IP 及 port 號
set security nat destination pool pool-248-port25 address 192.168.10.248/32 port 25 #設定pool name,IP,port號
設定rule-set
set security nat destination rule-set DNAT-204 from interface ge-0/0/0.0 #創建rule-set name和DNAT在哪個interface
set security nat destination rule-set DNAT-204 rule rule-248-port25 match destination-address 1.1.1.1/32 #設定rule-set的public IP
set security nat destination rule-set DNAT-204 rule rule-248-port25 match destination-port 25 #設定rule-set port號
set security nat destination rule-set DNAT-204 rule rule-248-port25 match protocol tcp #設定public ip的protocol 為tcp
set security nat destination rule-set DNAT-204 rule rule-248-port25 then destination-nat pool pool-248-port25 #設定rule-set的pool
set security nat destination rule-set dst-nat rule new-console-rule-8888 description request_by_XXXXX #設定描述
CLI editor 底下
先設定pool的member IP 及 port 號
pool RDP-MAP-302 { address 172.20.16.2/32 port 3389; }
設定rule-set
rule RDP-MAP-302 { match { destination-address (public IP); destination-port { 3389; } protocol tcp; } then { destination-nat { pool { RDP-MAP-323;}}}}
