Juniper SRX SNAT

Juniper SRX DNAT

set security nat source pool test address 1.1.1.1/32    #設定需要的public綁在pool裡面
set security nat source rule-set rule-set trust-to-untrust from zone trust    #設定from zone
set security nat source rule-set rule-set trust-to-untrust to zone untrust    #設定to zone
set security nat source rule-set trust-to-untrust rule r1 match source-address 172.20.16.97/32  #設定match的source IP
set security nat source rule-set trust-to-untrust rule r1 then source-nat pool test      #設定rule的pool
set security nat proxy-arp interface ge-0/0/0.0 address 203.73.96.42/32            #如果IP沒有設在interface上 需要設定arp