EN ESTA PÁGINA
Ejemplo: configuración de la aplicación DNS ALG en la tarjeta de servicio MX-SPC3
RESUMEN
En este ejemplo se muestra cómo configurar el tipo de traducción como basic-nat-pt. Debe configurar la aplicación ALG DNS, los grupos NAT y las reglas, un conjunto de servicios con una interfaz de servicio.
Requisitos
En este ejemplo se utilizan los siguientes componentes de hardware y software:
- MX240, MX480 y MX960 con MX-SPC3
- Junos OS versión 21.1R1
Configuración
Para configurar la aplicación DNS ALG en la tarjeta de servicio MX-SPC3, realice estas tareas:
-
Establezca la aplicación.
[edit] user@host# set application application-name application-protocol protocol-name
-
Configuración del conjunto de servicios.
[edit] user@host# set services service-set ss1 syslog mode event
user@host# set services service-set ss1 syslog mode event
-
3. Configure un conjunto de servicios mediante la regla NAT.
[edit] user@host# set services service-set ss1 nat-rule-sets src_nat_rule_set1
user@host# set services service-set ss1 nat-rule-sets dst_nat_rule_set1
user@host# set services service-set ss1 interface-service service-interface vms-2/0/0.0
-
Especifique la información del grupo NAT y de la regla.
[edit] user@host# set services nat source pool source_pool1 address 100.0.0.0/24
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 match source-address 2000::/64
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 match destination-address 0.0.0.0/0
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 match application dns_alg
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 then source-nat pool source_pool1
user@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 then syslog
user@host# set services nat source rule-set src_nat_rule_set1 match-direction input
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 match source-address 2000::/64
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 match destination-address 6000::/96
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 match application dns_alg
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 then destination-nat destination-prefix 6000::/96
user@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 then syslog
user@host# set services nat destination rule-set dst_nat_rule_set1 match-direction input
-
Configure las interfaces.
[edit] user@host# set interfaces vms-2/0/0 unit 0 family inet
user@host# set interfaces vms-2/0/0 unit 0 family inet6
Resultado
[edit]
user@host# show services service-set ss1 {
syslog {
mode event;
local-category all;
}
nat-rule-sets src_nat_rule_set1;
nat-rule-sets dst_nat_rule_set1;
interface-service {
service-interface vms-2/0/0.0;
}
}
nat {
source {
pool source_pool1 {
address {
100.0.0.0/24;
}
}
rule-set src_nat_rule_set1 {
rule source_nat_rule1 {
match {
source-address 2000::/64;
destination-address 0.0.0.0/0;
application dns_alg;
}
then {
source-nat {
pool {
source_pool1;
}
}
syslog;
}
}
match-direction input;
}
}
destination {
rule-set dst_nat_rule_set1 {
rule dst_nat_rule1 {
match {
source-address 2000::/64;
destination-address 6000::/96;
application dns_alg
}
then {
destination-nat {
destination-prefix 6000::/96;
}
syslog;
}
}
match-direction input;
}
}
}