nat
Sintaxis
nat {
destination {
pool pool-name {
address ip-address {
(port port-number | to ip-address);
}
description text;
routing-instance routing-instance-name;
}
rule-set rule-set-name {
description text;
from {
interface [interface-name];
routing-instance [routing-instance-name];
zone [zone-name];
}
rule rule-name {
description text;
match {
(destination-address <ip-address> | destination-address-name <address-name>);
destination-port port-number;
protocol [protocol-name-or-number];
source-address [ip-address];
source-address-name [address-name];
}
then {
destination-nat (off | pool pool-name);
}
}
}
}
proxy-arp {
interface interface-name {
address ip-address {
to ip-address;
}
}
}
proxy-ndp {
interface interface-name {
address ip-address {
to ip-address;
}
}
}
natv6v4 {
no-v6-frag-header;
}
source {
address-persistent;
interface {
port-overloading {
off;
}
}
pool pool-name {
address ip-address {
to ip-address;
}
description text;
host-address-base ip-address;
overflow-pool (interface | pool-name);
port {
(no-translation | port-overloading-factor number | range port-low <to port-high>);
}
routing-instance routing-instance-name;
}
pool-default-port-range lower-port-range to upper-port-range;
pool-utilization-alarm {
clear-threshold value;
raise-threshold value;
}
port-randomization {
disable;
}
port-round-robin {
disable;
}
rule-set rule-set-name {
description text;
from {
interface [interface-name];
routing-instance [routing-instance-name];
zone [zone-name];
}
rule rule-name {
description text;
match {
(destination-address <ip-address> | destination-address-name <address-name>);
destination-port port-number;
protocol [protocol-name-or-number];
source-address [ip-address];
source-address-name [address-name];
}
then {
source-nat {
interface {
persistent-nat {
address-mapping;
inactivity-timeout seconds;
max-session-number value;
permit (any-remote-host | target-host | target-host-port);
}
}
off;
pool {
persistent-nat {
address-mapping;
inactivity-timeout seconds;
max-session-number number;
permit (any-remote-host | target-host | target-host-port);
}
pool-name;
}
}
}
}
to {
interface [interface-name];
routing-instance [routing-instance-name];
zone [zone-name];
}
}
}
static {
rule-set rule-set-name {
description text;
from {
interface [interface-name];
routing-instance [routing-instance-name];
zone [zone-name];
}
rule rule-name {
description text;
match {
(destination-address ip-address | destination-address-name address-name);
}
then {
static-nat {
inet {
routing-instance (default | routing-instance-name);
}
prefix {
address-prefix;
routing-instance (default | routing-instance-name);
}
prefix-name {
address-prefix-name;
routing-instance (default | routing-instance-name);
}
}
}
}
}
}
traceoptions {
file {
filename;
files number;
match regular-expression;
size maximum-file-size;
(world-readable | no-world-readable);
}
flag flag;
no-remote-trace;
}
}
Nivel jerárquico
[edit security] [edit tenants tenant-name security]
Descripción
Configure la traducción de direcciones de red (NAT) para los firewalls serie NFX y SRX.
Opciones
| destination | Configure NAT de destino. |
| natv6v4 | Configure NAT entre las opciones IPv6 e IPv4. |
| no-v6-frag-header | Configure para deshabilitar la adición de encabezado de fragmento en paquetes IPv6 no fragmentados al realizar la traducción de IPv4 a IPv6. |
| proxy-arp | Configure ARP de proxy. |
| proxy-ndp | Configure el NDP de proxy. |
| source | Configure NAT de origen. |
| static | Configure NAT estática. |
| traceoptions | Configure las opciones de seguimiento de NAT. |
Nivel de privilegio requerido
security: para ver esta instrucción en la configuración.
security-control: para agregar esta instrucción a la configuración.
Información de la versión
Instrucción modificada en Junos OS versión 9.6.
La description opción agregada en Junos OS versión 12.1.
La opción de inquilino se introdujo en Junos OS versión 18.3R1.