Hi. First post on the forum - not sure how active this community is, but I'm optimistic! I'm a relatively new/young network admin, but eager to learn and be taught.
Looking for help with simultaneous network *and* port translation on Juniper SSG-550 with single public IP available. Changing the listening port on the SSH servers is *not* an option.
Specifically, I'm trying to do:
(public) 1.1.1.1:2116 -> (private) 192.168.1.101:22
(public) 1.1.1.1:2117 -> (private) 192.168.1.102:22
(public) 1.1.1.1:2118 -> (private) 192.168.1.103:22
etc...
I've looked through the cookbook but I'm new to MIPs and VIPs; I've only worked with DIPs, besides some of my colleagues
Quote:
I know with DIPs (1-to-1) I would do:
set interface ethernet0/2 dip $some_dip_id 1.1.1.1 1.1.1.1 fix-port
set route 1.1.1.1/32 interface ethernet0/1 gateway 192.168.1.101
set policy from "Untrust" to "DMZ" "Any" "1.1.1.1/32" "SSH" nat dst ip 192.168.1.101 permit
set policy from "DMZ" to "Untrust" "192.168.1.101/32" "ANY" "SSH" nat src dip-id $some_dip_id permit
but this doesn't cover my sitation, because I only have 1 public IP address to run multiple ssh servers behind.
I've come up with this, but looking for verification before I implement.
Code:
Set arp NAT-DST
Set service “SSH-2116-192.168.1.101” protocol tcp src 1024-65535 dst 2116
Set policy from “Untrust” to “Untrust” “ANY” “1.1.1.1/32” “SSH-2116-192.168.1.101” nat dst ip 192.168.1.101 port 22 permit
I'm not sure what the "set arp NAT-DST statement does either, if someone could kindly explain.
Thank you!
-plex
Register
Search 
Login
