NESTA PÁGINA
Exemplo: configuração do aplicativo DNS ALG na placa de serviço MX-SPC3
Este exemplo mostra como configurar o tipo de tradução como basic-nat-pt. Você deve configurar o aplicativo DNS ALG, os pools e regras NAT, um conjunto de serviços com uma interface de serviço.
Requerimentos
Este exemplo usa os seguintes componentes de hardware e software:
- MX240, MX480 e MX960 com MX-SPC3
- Junos OS versão 21.1R1
Configuração
Para configurar o aplicativo DNS ALG na placa de serviço MX-SPC3, execute estas tarefas:
-
Defina o aplicativo.
[edit] user@host# set application application-name application-protocol protocol-name
-
Configurando o conjunto de serviços.
[edit] user@host# set services service-set ss1 syslog mode event
user@host# set services service-set ss1 syslog mode event
-
3. Configure um conjunto de serviços usando a regra NAT.
[edit] user@host# set services service-set ss1 nat-rule-sets src_nat_rule_set1
user@host# set services service-set ss1 nat-rule-sets dst_nat_rule_set1
user@host# set services service-set ss1 interface-service service-interface vms-2/0/0.0
-
Especifique as informações do pool de NAT e da regra.
[edit] user@host# set services nat source pool source_pool1 address 100.0.0.0/24
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 match source-address 2000::/64
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 match destination-address 0.0.0.0/0
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 match application dns_alg
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 then source-nat pool source_pool1
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 then syslog
user@host# set services nat source rule-set src_nat_rule_set1 match-direction input
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 match source-address 2000::/64
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 match destination-address 6000::/96
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 match application dns_alg
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 then destination-nat destination-prefix 6000::/96
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 then syslog
user@host# set services nat destination rule-set dst_nat_rule_set1 match-direction input
-
Configure as interfaces.
[edit] user@host# set interfaces vms-2/0/0 unit 0 family inet
user@host# set interfaces vms-2/0/0 unit 0 family inet6
Resultado
[edit]
user@host# show services service-set ss1 {
syslog {
mode event;
local-category all;
}
nat-rule-sets src_nat_rule_set1;
nat-rule-sets dst_nat_rule_set1;
interface-service {
service-interface vms-2/0/0.0;
}
}
nat {
source {
pool source_pool1 {
address {
100.0.0.0/24;
}
}
rule-set src_nat_rule_set1 {
rule source_nat_rule1 {
match {
source-address 2000::/64;
destination-address 0.0.0.0/0;
application dns_alg;
}
then {
source-nat {
pool {
source_pool1;
}
}
syslog;
}
}
match-direction input;
}
}
destination {
rule-set dst_nat_rule_set1 {
rule dst_nat_rule1 {
match {
source-address 2000::/64;
destination-address 6000::/96;
application dns_alg
}
then {
destination-nat {
destination-prefix 6000::/96;
}
syslog;
}
}
match-direction input;
}
}
}