抱歉上個問題暫時耽擱
想問一下新的SRX1500問題,搞了兩天還是無法NAT成功
192.168.70.130還是nat不了192.168.89.101:3389
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security nat destination pool pool-101-port3389 address 192.168.89.101/32
set security nat destination pool pool-101-port3389 address port 3389
set security nat destination rule-set DNAT-3389 from zone untrust
set security nat destination rule-set DNAT-3389 rule rule-130 match destination-address 192.168.70.130/32
set security nat destination rule-set DNAT-3389 rule rule-130 match destination-port 3389
set security nat destination rule-set DNAT-3389 rule rule-130 match protocol tcp
set security nat destination rule-set DNAT-3389 rule rule-130 then destination-nat pool pool-101-port3389
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies from-zone untrust to-zone trust policy 1 match source-address any
set security policies from-zone untrust to-zone trust policy 1 match destination-address any
set security policies from-zone untrust to-zone trust policy 1 match application any
set security policies from-zone untrust to-zone trust policy 1 match source-identity any
set security policies from-zone untrust to-zone trust policy 1 match dynamic-application any
set security policies from-zone untrust to-zone trust policy 1 then permit
set security policies pre-id-default-policy then log session-close
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces xe-0/0/16.0
set security zones security-zone trust interfaces xe-0/0/17.0
set security zones security-zone trust interfaces ge-0/0/1.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services tftp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set interfaces ge-0/0/0 unit 0 family inet address 192.168.70.150/24
set interfaces ge-0/0/1 unit 0 family inet address 192.168.89.254/24
已邀請的邦友 {{ invite_list.length }}/5
iThome鐵人賽
看影片追技術