close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Overview
- play_arrow Next Gen Services Overview
  - Next Gen Services Overview
- play_arrow Configuration Overview
- play_arrow Global System Logging Overview and Configuration
- play_arrow Next Gen Services SNMP MIBS and Traps
  - Next Gen Services SNMP MIBs and Traps
play_arrow Carrier Grade NAT (CGNAT)
- play_arrow Deterministic NAT Overview and Configuration
  - Deterministic NAPT Overview for Next Gen Services
  - Configuring Deterministic NAPT for Next Gen Services
- play_arrow Dynamic Address-Only Source NAT Overview and Configuration
  - Dynamic Address-Only Source Translation Overview
  - Configuring Dynamic Address-Only Source NAT for Next Gen Services
- play_arrow Network Address Port Translation Overview and Configuration
  - Network Address Port Translation (NAPT) Overview
  - Configuring Network Address Port Translation for Next Gen Services
  - Configuring Syslog Events for NAT Rule Conditions with Next Gen Services
- play_arrow NAT46
  - NAT46 Next Gen Services Configuration Examples
- play_arrow Stateful NAT64 Overview and Configuration
  - Stateful NAT64 Overview
  - IPv4 Addresses Embedded in IPv6 Addresses
  - Configuring Next Gen Services Stateful NAT64
- play_arrow IPv4 Connectivity Across IPv6-Only Network Using 464XLAT Overview and Configuration
  - 464XLAT Overview
  - IPv4 Addresses Embedded in IPv6 Addresses
  - Configuring 464XLAT Provider-Side Translator for IPv4 Connectivity Across IPv6-Only Network for Next Gen Services
- play_arrow IPv6 NAT Protocol Translation (NAT PT)
  - IPv6 NAT PT Overview
  - IPv6 NAT-PT Communication Overview
- play_arrow Stateless Source Network Prefix Translation for IPv6 Overview and Configuration
  - Stateless Source Network Prefix Translation for IPv6
- play_arrow Transitioning to IPv6 Using Softwires
  - 6rd Softwires in Next Gen Services
- play_arrow Transitioning to IPv6 Using DS-Lite Softwires
  - DS-Lite Softwires—IPv4 over IPv6 for Next Gen Services
  - Configuring Next Gen Services DS-Lite Softwires
  - DS-Lite Subnet Limitation
  - Protecting CGN Devices Against Denial of Service (DOS) Attacks
- play_arrow Reducing Traffic and Bandwidth Requirements Using Port Control Protocol
  - Port Control Protocol Overview
  - Configuring Port Control Protocol
- play_arrow Transitioning to IPv6 Using Mapping of Address and Port with Encapsulation (MAP-E)
  - Mapping of Address and Port with Encapsulation (MAP-E) for Next Gen Services
  - Equal Cost Multiple Path (ECMP) support for Mapping of Address and Port with Encapsulation (MAP-E)
- play_arrow Monitoring and Troubleshooting Softwires
  - Ping and Traceroute for DS-Lite
  - Monitoring Softwire Statistics
  - Monitoring CGN, Stateful Firewall, and Softwire Flows
- play_arrow Port Forwarding Overview and Configuration
  - Port Forwarding for Next Gen Services
- play_arrow Port Translation Features Overview and Configuration
  - Address Pooling and Endpoint Independent Mapping for Port Translation
  - Round-Robin Port Allocation
  - Secured Port Block Allocation for Port Translation
- play_arrow Static Source NAT Overview and Configuration
  - Static Source NAT Overview
  - Configuring Static Source NAT44 or NAT66 for Next Gen Services
- play_arrow Static Destination NAT Overview and Configuration
  - Static Destination NAT Overview
  - Configuring Static Destination NAT for Next Gen Services
- play_arrow Twice NAPT Overview and Configuration
  - Twice NAPT Overview
  - Configuring Twice NAPT for Next Gen Services
- play_arrow Twice NAT Overview and Configuration
  - Twice Static NAT Overview
  - Configuring Twice Static NAT44 for Next Gen Services
  - Twice Dynamic NAT Overview
  - Configuring Twice Dynamic NAT for Next Gen Services
- play_arrow Class of Service Overview and Configuration
  - Class of Service for Services PICs (Next Gen Services)
play_arrow Stateful Firewall Services
- play_arrow Stateful Firewall Services Overview and Configuration
  - Stateful Firewall Overview for Next Gen Services
  - Configuring Stateful Firewalls for Next Gen Services
play_arrow Intrusion Detection Services
- play_arrow IDS Screens for Network Attack Protection Overview and Configuration
play_arrow Traffic Load Balancing
- play_arrow Traffic Load Balancing Overview and Configuration
  - Traffic Load Balancer Overview
  - Configuring TLB
play_arrow DNS Request Filtering
- play_arrow DNS Request Filtering Overview and Configuration
  - DNS Request Filtering for Disallowed Website Domains
  - DNS Request Filtering System Logging Error Messages
play_arrow URL Filtering
- play_arrow URL Filtering
  - URL Filtering Overview
  - Configuring URL Filtering
play_arrow Integration of Juniper ATP Cloud and Web filtering on MX Routers
- play_arrow Integration of Juniper ATP Cloud and Web filtering on MX Routers
  - Integration of Juniper ATP Cloud and Web Filtering on MX Series Routers
play_arrow Aggregated Multiservices Interfaces
- play_arrow Enabling Load Balancing and High Availability Using Multiservices Interfaces
play_arrow Inter-Chassis Services PIC High Availability
- play_arrow Inter-Chassis Services PIC High Availability Overview and Configuration
play_arrow Application Layer Gateways
- play_arrow Enabling Traffic to Pass Securely Using Application Layer Gateways
play_arrow NAT, Stateful Firewall, and IDS Flows
- play_arrow Inline NAT Services Overview and Configuration
play_arrow Configuration Statements
- Junos CLI Reference Overview

list Table of Contents

English

Port Forwarding for Next Gen Services

date_range 06-Dec-23

arrow_backward

arrow_forward

Port Forwarding Overview

Port forwarding allows the public destination address and port of a packet to be translated to an IP address and port in a private network. This translation is a static, one-to-one mapping.

Port forwarding allows a packet to reach a host within a masqueraded, typically private, network, based on the port number on which the packet was received from the originating host. An example of this type of destination is the host of a public HTTP server within a private network.

If you only need to change the destination port, you can also configure port forwarding without translating the destination address.

Port forwarding is supported for destination NAT and twice NAPT 44. Port forwarding works only with the FTP application-level gateway (ALG), and has no support for technologies that offer IPv6 services over IPv4 infrastructure, such as IPv6 rapid deployment (6rd) and dual-stack lite (DS-Lite).

Benefits

Allows remote computers, such as public machines on the Internet, to connect to a non-standard port of a specific computer that is hidden within a private network.

Configuring Port Forwarding with Static Destination Address Translation for Next Gen Services

You can configure port forwarding with static destination address translation, which changes the destination address and port of a packet so it can reach the correct host and port within a masqueraded, typically private, network.

Configuring the Destination Pool for Destination Address Translation
Configuring the Mappings for Port Forwarding
Configuring the NAT Rule for Port Forwarding with Destination Address Translation
Configuring the Service Set for Port Forwarding with Destination Address Translation

Configuring the Destination Pool for Destination Address Translation

To configure the destination pool for the static destination address translation:

Create a destination pool.

content_copy zoom_out_map
user@host# edit services nat destination pool nat-pool-name

Define the addresses or subnets to which destination addresses are translated.
```
[edit services nat destination pool nat-pool-name]
user@host# set address address-prefix
```
To allow the IP addresses of a NAT destination pool to overlap with IP addresses in pools used in other service sets, configure allow-overlapping-pools.
```
[edit services nat]
user@host# set allow-overlapping-pools
```

Configuring the Mappings for Port Forwarding

Configure the port forwarding map name.

content_copy zoom_out_map
 [edit services nat destination]
user@host# set port-forwarding map-name

Specify the original destination port number that needs to be translated and the port number to which the original port is mapped. You can configure a maximum of 32 destination port mappings in a port forwarding map.
```
 [edit services nat destination port-forwarding map-name]
user@host# set destined-port port-id translated-port port-id
```
In the following example, the destination port number that needs to be translated is 23 and the port to which traffic is mapped is 45.
```
 [edit services nat destination port-forwarding map1]
user@host# set destined-port 32 translated-port 45
```

Configuring the NAT Rule for Port Forwarding with Destination Address Translation

To configure the NAT rule for port forwarding with destination address translation:

Configure the NAT rule name.

content_copy zoom_out_map
 [edit services destination source]
user@host# set rule-set rule-set-name rule rule-name

Specify the traffic direction to which the NAT rule set applies.

content_copy zoom_out_map
 [edit services nat destination rule-set rule-set-name]
user@host# set match-direction (in | out | in-out)

Specify the destination addresses that the NAT rule applies to.

content_copy zoom_out_map
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set match destination-address address

To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:

content_copy zoom_out_map
 [edit services address-book global]
user@host# set address address-name range-address lower-limit to upper-limit
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set match destination-address-name address-name

To specify any unicast address:

content_copy zoom_out_map
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set match destination-address any-unicast

Specify the destination port range that the NAT rule applies to.

content_copy zoom_out_map
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set match destination-port low-port to high-port

Specify the NAT pool that contains the destination addresses for translated traffic.

content_copy zoom_out_map
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set then destination-nat pool nat-pool-name

Specify the name of the mapping for port forwarding. You can only configure one mapping within a NAT rule term.
```
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set then port-forwarding-mappings map-name
```
Configure the generation of a syslog when traffic matches the destination NAT rule match conditions.
```
 [edit services nat destination rule-set rule-set-name rule rule-name then]
user@host# set syslog
```

Configuring the Service Set for Port Forwarding with Destination Address Translation

To configure the service set for static destination NAT:

Define the service set.

content_copy zoom_out_map
 [edit services]
user@host# edit service-set service-set-name

Configure either an interface service, which requires a single service interface, or a next-hop service, which requires an inside and outside service interface.

content_copy zoom_out_map
 [edit services service-set service-set-name]
user@host# set interface-service service-interface interface-name

content_copy zoom_out_map
 [edit services service-set service-set-name]
user@host# set next-hop-service inside-service-interface interface-name outside-service-interface interface-name

Note:

You cannot use an AMS interface in a port forwarding service set.

Specify the NAT rule sets to be used with the service set.

content_copy zoom_out_map
 [edit services service-set service-set-name]
user@host# set nat-rule-sets rule-set-name

Configuring Port Forwarding without Static Destination Address Translation for Next Gen Services

You can configure port forwarding without static destination address translation, which changes the destination port of a packet so it can reach the correct port on the destination host.

Configuring the Mappings for Port Forwarding
Configuring the NAT Rule for Port Forwarding without Destination Address Translation
Configuring the Service Set for Port Forwarding without Destination Address Translation

Configuring the Mappings for Port Forwarding

Configure the port forwarding map name.

content_copy zoom_out_map
 [edit services destination source]
user@host# set port-forwarding map-name

Specify the original destination port number that needs to be translated and the port number to which the original port is mapped. You can configure a maximum of 32 destination port mappings in a port forwarding map.
```
 [edit services nat destination port-forwarding map-name]
user@host# set destined-port port-id translated-port port-id
```
In the following example, the destination port number that needs to be translated is 23 and the port to which traffic is mapped is 45.
```
 [edit services nat destination port-forwarding map1]
user@host# set destined-port 32 translated-port 45
```

Configuring the NAT Rule for Port Forwarding without Destination Address Translation

To configure the NAT rule for port forwarding without destination address translation:

Configure the NAT rule name.

content_copy zoom_out_map
 [edit services destination source]
user@host# set rule-set rule-set-name rule rule-name

Specify the traffic direction to which the NAT rule set applies.

content_copy zoom_out_map
 [edit services nat destination rule-set rule-set-name]
user@host# set match-direction (in | out | in-out)

Specify the destination addresses that the NAT rule applies to.

content_copy zoom_out_map
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set match destination-address address

To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:

content_copy zoom_out_map
 [edit services address-book global]
user@host# set address address-name range-address lower-limit to upper-limit
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set match destination-address-name address-name

To specify any unicast address:

content_copy zoom_out_map
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set match destination-address any-unicast

Specify that there is no address translation for the rule.

content_copy zoom_out_map
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set then destination-nat off

Specify the name of the mapping for port forwarding. You can only configure one mapping within a NAT rule term.
```
 [edit services nat destination rule-set rule-set-name rule rule-name]
user@host# set then port-forwarding-mappings map-name
```
Configure the generation of a syslog when traffic matches the destination NAT rule match conditions.
```
 [edit services nat destination rule-set rule-set-name rule rule-name then]
user@host# set syslog
```

Configuring the Service Set for Port Forwarding without Destination Address Translation

To configure the service set for static destination NAT:

Define the service set.

content_copy zoom_out_map
 [edit services]
user@host# edit service-set service-set-name

Configure either an interface service, which requires a single service interface, or a next-hop service, which requires an inside and outside service interface.

content_copy zoom_out_map
 [edit services service-set service-set-name]
user@host# set interface-service service-interface interface-name

content_copy zoom_out_map
 [edit services service-set service-set-name]
user@host# set next-hop-service inside-service-interface interface-name outside-service-interface interface-name

Note:

You cannot use an AMS interface in a port forwarding service set.

Specify the NAT rule sets to be used with the service set.

content_copy zoom_out_map
 [edit services service-set service-set-name]
user@host# set nat-rule-sets rule-set-name

arrow_backward PREVIOUS Monitoring CGN, Stateful Firewall, and Softwire Flows

NEXT arrow_forward Address Pooling and Endpoint Independent Mapping for Port Translation

Next Gen Services Interfaces User Guide for Routing Devices

ON THIS PAGE

Port Forwarding for Next Gen Services

Port Forwarding Overview

Benefits

Configuring Port Forwarding with Static Destination Address Translation for Next Gen Services

Configuring the Destination Pool for Destination Address Translation

Configuring the Mappings for Port Forwarding

Configuring the NAT Rule for Port Forwarding with Destination Address Translation

Configuring the Service Set for Port Forwarding with Destination Address Translation

Configuring Port Forwarding without Static Destination Address Translation for Next Gen Services

Configuring the Mappings for Port Forwarding

Configuring the NAT Rule for Port Forwarding without Destination Address Translation

Configuring the Service Set for Port Forwarding without Destination Address Translation

Stay in touch

Helped me install or use the product
Accelerated my deployment

Discuss the product with a co-worker
Make a purchase inquiry