Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Netscreen 25 Port Forwarding
- Thread starter readyyy
- Start date
Hello,
You need to define an Untrust (E3) MIP using an available public IP. You can then configure a Policy (Untrust to Trust, any, MIP, permit). This will allow external PC's to connect via the public IP. One thing to note, if you use a MIP the NAT is bidirectional. The other option is to use a VIP. However, using a VIP is unidirectional NAT and uses a single IP to map multiple ports. Hope this helps.
Rgds,
John
You need to define an Untrust (E3) MIP using an available public IP. You can then configure a Policy (Untrust to Trust, any, MIP, permit). This will allow external PC's to connect via the public IP. One thing to note, if you use a MIP the NAT is bidirectional. The other option is to use a VIP. However, using a VIP is unidirectional NAT and uses a single IP to map multiple ports. Hope this helps.
Rgds,
John
you can do it using policy based NAT as well :
Assuming this is your set up
Zone tntrust : netscreen IP = 100.100.100.100, ethernet1
Zone trust : netscreen IP = 192.168.10.1
In zone trust : FTPserver IP = 192.168.10.123, ethernet0
1. Create an object in your *trust* zone :
2. Create a route from untrust to trust
3. Create a policy
This way, you can create many to many inbound connections, using your public IP only, and multiple internal hosts and port combinations
For example, if you have another webserver in your network (192.168.10.124), that is running on port 8080 internally, and you want to make it available from the internet, on port 80, then you can do this
--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
---------------------------------------------------------------
Assuming this is your set up
Zone tntrust : netscreen IP = 100.100.100.100, ethernet1
Zone trust : netscreen IP = 192.168.10.1
In zone trust : FTPserver IP = 192.168.10.123, ethernet0
1. Create an object in your *trust* zone :
Code:
set address trust MyPublicIP 100.100.100.100/322. Create a route from untrust to trust
Code:
set route 100.100.100.100/32 int ethernet03. Create a policy
Code:
set policy from untrust to trust any MyPublicIP ftp nat dst ip 192.168.10.123 permitThis way, you can create many to many inbound connections, using your public IP only, and multiple internal hosts and port combinations
For example, if you have another webserver in your network (192.168.10.124), that is running on port 8080 internally, and you want to make it available from the internet, on port 80, then you can do this
Code:
set policy from untrust to trust any MyPublicIP http nat dst ip 192.168.10.124 port 8080 permit--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
---------------------------------------------------------------
- Status
Similar threads
- Locked
- Question