nat
语法
nat { destination { pool pool-name { address ip-address { (port port-number | to ip-address); } description text; routing-instance routing-instance-name; } rule-set rule-set-name { description text; from { interface [interface-name]; routing-instance [routing-instance-name]; zone [zone-name]; } rule rule-name { description text; match { (destination-address <ip-address> | destination-address-name <address-name>); destination-port port-number; protocol [protocol-name-or-number]; source-address [ip-address]; source-address-name [address-name]; } then { destination-nat (off | pool pool-name); } } } } proxy-arp { interface interface-name { address ip-address { to ip-address; } } } proxy-ndp { interface interface-name { address ip-address { to ip-address; } } } natv6v4 { no-v6-frag-header; } source { address-persistent; interface { port-overloading { off; } } pool pool-name { address ip-address { to ip-address; } description text; host-address-base ip-address; overflow-pool (interface | pool-name); port { (no-translation | port-overloading-factor number | range port-low <to port-high>); } routing-instance routing-instance-name; } pool-default-port-range lower-port-range to upper-port-range; pool-utilization-alarm { clear-threshold value; raise-threshold value; } port-randomization { disable; } port-round-robin { disable; } rule-set rule-set-name { description text; from { interface [interface-name]; routing-instance [routing-instance-name]; zone [zone-name]; } rule rule-name { description text; match { (destination-address <ip-address> | destination-address-name <address-name>); destination-port port-number; protocol [protocol-name-or-number]; source-address [ip-address]; source-address-name [address-name]; } then { source-nat { interface { persistent-nat { address-mapping; inactivity-timeout seconds; max-session-number value; permit (any-remote-host | target-host | target-host-port); } } off; pool { persistent-nat { address-mapping; inactivity-timeout seconds; max-session-number number; permit (any-remote-host | target-host | target-host-port); } pool-name; } } } } to { interface [interface-name]; routing-instance [routing-instance-name]; zone [zone-name]; } } } static { rule-set rule-set-name { description text; from { interface [interface-name]; routing-instance [routing-instance-name]; zone [zone-name]; } rule rule-name { description text; match { (destination-address ip-address | destination-address-name address-name); } then { static-nat { inet { routing-instance (default | routing-instance-name); } prefix { address-prefix; routing-instance (default | routing-instance-name); } prefix-name { address-prefix-name; routing-instance (default | routing-instance-name); } } } } } } traceoptions { file { filename; files number; match regular-expression; size maximum-file-size; (world-readable | no-world-readable); } flag flag; no-remote-trace; } }
层次结构级别
[edit security] [edit tenants tenant-name security]
描述
为 NFX 系列和 SRX 系列防火墙配置网络地址转换 (NAT)。
选项
destination | 配置目标 NAT。 |
natv6v4 | 在 IPv6 和 IPv4 选项之间配置 NAT。 |
no-v6-frag-header | 配置为在执行 IPv4 到 IPv6 转换时禁用在非分段 IPv6 数据包中添加片段标头。 |
proxy-arp | 配置代理 ARP。 |
proxy-ndp | 配置代理 NDP。 |
source | 配置源 NAT。 |
static | 配置静态 NAT。 |
traceoptions | 配置 NAT 跟踪选项。 |
所需权限级别
安全性 - 在配置中查看此语句。
安全控制 — 将此语句添加到配置中。
发布信息
在 Junos OS 9.6 版中修改的语句。
Junos OS 12.1 版中添加的选项 description
。
租户选项在 Junos OS 18.3R1 版中引入。