Related Documentation
- J, M, MX, T Series
- Network Address Translation Overview
- Example: Configuring NAT-PT
- M, MX, T Series
- dns-alg-prefix
- dns-alg-pool
Configuring NAT-PT
To configure Network Address Translation–Protocol Translation (NAT-PT), you must configure a Domain Name System application-level gateway (DNS ALG) application to map addresses returned in the DNS response to an IPv6 address. DNS ALG is used with NAT-PT to facilitate name-to-address mapping. When configuring NAT-PT, network address translation can either be an address-only translation or an address and port translation. The Junos OS implementation is described in RFC 2766 and RFC 2694.
Before you begin configuring NAT-PT with DNS ALG, you must have the following configured:
- NAT with two rules or one rule and two terms. The first NAT rule or term ensures that the DNS query and response packets are translated correctly. For this rule to work, you must configure a DNS ALG application and reference it in the first rule. The second rule or term is required to ensure that NAT sessions are destined to the address mapped by the DNS ALG application.
- A service set that references the first NAT rule or term and a multiservices interface.
To configure NAT-PT with DNS ALG:
Configure the DNS session that processes packets to the DNS server:
- Configure the ALG to which the DNS traffic is destined
at the [edit applications] hierarchy level. Define the application
name and specify the application protocol to use in match conditions
in the first NAT rule or term.[edit applications]user@host# set application application-name application-protocol application-protocol
For example:
[edit applications]user@host# set application dns_alg application-protocol dns - Reference the ALG in the first NAT rule or term.[edit services nat rule rule-name term term-name] user@host# set from applications application-name
In the following example, the application name is dns_alg.
[edit services nat rule rule1 term term1] user@host# set from applications dns_alg - Define the DNS ALG pool or prefix for mapping IPv4 addresses
to IPv6 addresses.[edit services nat rule rule-name term term-name]user@host# set then translated dns-alg-prefix dns-alg-prefixuser@host# set then translated dns-alg-pool dns-alg-pool
The following example shows the configuration of the 96-bit prefix for mapping IPv4 address to IPv6 addresses.
[edit services nat rule rule1 term term1] user@host# set then translated dns-alg-prefix 10:10:10::0/96
- Configure the ALG to which the DNS traffic is destined
at the [edit applications] hierarchy level. Define the application
name and specify the application protocol to use in match conditions
in the first NAT rule or term.
The following sample output shows the minimum configuration of the application.
[edit applications]
user@host# show
application dns_alg {
application-protocol dns;
}
The following sample output shows the minimum configuration of the first NAT rule.
[edit services nat]
user@host# show
rule rule1 {
applications dns_alg;
}
then {
translated {
dns-alg-prefix 10:10:10::0/96;
}
}
}
}
}
The following sample output shows the minimum configuration of the second NAT rule.
[edit services nat]
user@host# show
rule rule2 {
term term1 {
from {
destination-address {
10:10:10::c0a8:108/128;
}
}
then {
translated {
source-prefix 19.19.19.1/32;
}
}
}
}
}
Related Documentation
- J, M, MX, T Series
- Network Address Translation Overview
- Example: Configuring NAT-PT
- M, MX, T Series
- dns-alg-prefix
- dns-alg-pool
Published: 2012-11-28
Related Documentation
- J, M, MX, T Series
- Network Address Translation Overview
- Example: Configuring NAT-PT
- M, MX, T Series
- dns-alg-prefix
- dns-alg-pool
