Port forwarding in Junos

2014.09.17

First, define your objects:

set security zones security-zone Internal address-book address TSserver1 192.168.1.151/32

and whatever service you need to:

set applications application MS-RDP protocol tcp destination-port 3389

and your destination nat pool:

set security nat destination pool dnat-192_168_1_151 address 192.168.1.151/32

set security nat destination pool dnat-192_168_1_151 address port 3389

and your NAT policy:

Define the NAT policy is configured which specifies the NAT pool that the traffic should be translated to.

set security nat destination rule-set dst-nat from zone Internet

set security nat destination rule-set dst-nat rule rule1 match destination-address 256.1.1.1/32

set security nat destination rule-set dst-nat rule rule1 match destination-port 63389

set security nat destination rule-set dst-nat rule rule1 then destination-nat pool dnat-192_168_1_151

and lastly, your security policy to allow the traffic through:

Use the internal (real) IP address and port of the server — the security/firewall aspect happens after the “networking” aspect of the connection:

set security policies from-zone untrust to-zone trust policy Internet_to_Internal_RDP match source-address any destination-address TSserver1 application MS-RDP
set security policies from-zone untrust to-zone trust policy Internet_to_Internal_RDP then permit

Once you’ve commited the change, an RDP connection to 256.1.1.1:63389 will get translated to 192.168.1.151:3389.

Categories : HowTo