[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
NAT Components
NAT can be configured independently or with stateful firewall filters.
For information about configuring NAT independently, see Configuring NAT.
For information about configuring NAT with stateful firewall filters, see Configuring Stateful
Firewall Filters and NAT.
To configure NAT, you must define a NAT pool, define a NAT rule or rule
set, and apply this NAT rule or rule set to an interface.
NAT Pools
You define a pool of source or destination addresses that are used as
translated addresses for NAT. In a pool you can specify one or more addresses,
prefixes, or address ranges.
When defining a NAT pool, make sure that it meets the following requirements:
- No more than 10 address ranges, prefixes, or a combination of
address ranges and prefixes are in the pool.
- The ranges of addresses and prefixes defined in the pool do not
overlap.
- In an address range, the low value is a lower number than the
high value.
If you have configured multiple address ranges and prefixes, the prefixes
are depleted first, followed by the address ranges.
 |
Multiple addresses, prefixes, and address ranges are not supported for
destination static NAT. Only one address is allowed in the destination address
pool.
|
NAT Rules
You can define a set of rules or a single rule. To define a rule you
must define the following components:
- Term—Named structure in which match conditions and actions
are defined.
- Match condition—Criteria against which a route or packets
are compared. You can configure one or more criteria. If all criteria match,
one or more actions are applied. Table 71 summarizes
a list of key NAT match conditions.
- Action—What happens when all the specified conditions match.
You can configure one or more actions. Table 72 summarizes
a list of key NAT actions.
- Match direction—Direction in which the match is applied—input
or output. For more information about match direction, see the JUNOS Services Interfaces Configuration Guide.
Table 71: NAT
Match Conditions
|
Match Condition
|
Description
|
|
application-sets [set-names]
|
Matches a list of application set names. For more information about
application sets, see the JUNOS Services Interfaces Configuration Guide.
|
|
applications [application-names]
|
Matches a list of applications. For more information about applications,
see the JUNOS Services Interfaces Configuration Guide.
|
|
destination-address address
|
Matches the IP destination address field.
|
|
source-address address
|
Matches the IP source address field.
|
Table 72: NAT Actions
|
Actions
|
Description
|
|
syslog
|
Records information in the system logging facility.
|
|
translated destination-pool nat-pool-name
|
Translates the destination address using the specified pool.
|
|
translated source-pool nat-pool-name
|
Translates the source address using the specified pool.
|
|
translation-type (destination type | source type)
|
Translates the destination and source port using the specified type:
-
destination static—Translates the destination address
without port mapping. This type requires the size of the source address space
to be the same as the size of the destination address space. You must specify
a destination-pool name. The referenced pool must contain exactly
one address and no port configuration.
-
source dynamic—Translates the source address with
port mapping by means of NAPT. You must specify a source-pool name.
The referenced pool must include a port configuration.
-
source static—Translates the source address without
port mapping. This type requires the size of the source address space to be
the same as the size of the destination address space. You must specify a source-pool name.
The referenced pool must contain exactly one address and no port configuration.
|
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]