Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Configuring Port Forwarding Without Destination Address Translation

Starting with Junos OS Release 12.1, you can configure port forwarding without translating a destination address.

To configure port forwarding without destination address translation in IPv4 networks:

  1. In configuration mode, go to the [edit services nat] hierarchy level.
    [edit]user@host# edit services nat
  2. Configure the rule, match direction, term, and destination address.
    [edit services nat]user@host# set rule rule-name match-direction match-direction term term-name

    In the following example, the name of the rule is rule-port-forwarding, the match direction is input, and the name of the term is t1.

    [edit services nat]user@host# set rule rule-port-forwarding match-direction input term t1
  3. Go to the [edit services nat rule rule-port-forwarding term t1] hierarchy level.
    [edit services nat]user@host# edit rule rule-port-forwarding term t1
  4. Specify that there is no address translation for this rule.
    [edit services nat rule rule-port-forwarding term t1]user@host# set then no-translation
  5. Configure the mapping for port forwarding and the translation type.
    [edit services nat rule rule-port-forwarding term t1]user@host# set then port-forwarding-mappings map-name

    In the following example, the port forwarding map name is map1.

    [edit services nat rule rule-port-forwarding term t1]user@host# set then port-forwarding-mappings map1
  6. Go to the [edit services nat port-forwarding map1] hierarchy level.
    [edit services nat]user@host# edit port-forwarding map1
  7. Configure the mapping for port forwarding.
    [edit port-forwarding map1]user@host# set destined-port port-iduser@host# set translated-port port-id

    In the following example, the destination port is 45 and the translated port is 23.

    [edit port-forwarding map1]user@host# set destined-port 23user@host# set translated-port 45
    • Multiple port mappings are supported with port forwarding. Up to 32 port maps can be configured for port forwarding.
    • The destination port should not overlap the port range configured for NAPT.
  8. Verify the configuration by using the show command at the [edit services nat] hierarchy level.
    [edit services]
user@host# show 
nat {
	rule rule-port-forwarding {
	    match-direction input;
	    term t1 {
		then {
		    port-forwarding-mappings map1;
			 		no-translation 		    			}
					}
	   	}
	}
	port-forwarding map1 {
	    destined-port 45;
		 translated-port 23;
	    }
}

Note: Port forwarding and stateful firewall can be configured together. Stateful firewall has precedence over port forwarding.

Published: 2012-11-28

Supported Platforms

Published: 2012-11-28

Previous Page Next Page