[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
NAT Components
NAT can be configured independently or with stateful firewall
filters. For information about configuring NAT independently, see Configuring NAT. For information about configuring
NAT with stateful firewall filters, see Configuring Stateful Firewall Filters and NAT.
To configure NAT, you must define a NAT pool, define a NAT rule
or rule set, and apply this NAT rule or rule set to an interface.
NAT Pools
You define a pool of source or destination addresses that are
used as translated addresses for NAT. In a pool you can specify one
or more addresses, prefixes, or address ranges.
When defining a NAT pool, make sure that it meets the following
requirements:
- No more than 10 address ranges, prefixes, or a combination
of address ranges and prefixes are in the pool.
- The ranges of addresses and prefixes defined in the pool
do not overlap.
- In an address range, the low value is a lower number than
the high value.
If you have configured multiple address ranges and prefixes,
the prefixes are depleted first, followed by the address ranges.
 |
Note:
Multiple addresses, prefixes, and address ranges are not supported
for destination static NAT. Only one address is allowed in the destination
address pool.
|
NAT Rules
You can define a set of rules or a single rule. To define a
rule you must define the following components:
- Term—Named structure in which match conditions and
actions are defined.
- Match condition—Criteria against which a route or
packets are compared. You can configure one or more criteria. If all
criteria match, one or more actions are applied. Table 74 summarizes a list of key
NAT match conditions.
- Action—What happens when all the specified conditions
match. You can configure one or more actions. Table 75 summarizes a list of key NAT actions.
- Match direction—Direction in which the match is
applied—input or output. For more information about match direction,
see the JUNOS Services Interfaces Configuration Guide.
Table 74: NAT Match Conditions
|
Match Condition
|
Description
|
|
application-sets [set-names]
|
Matches a list of application set names. For more information
about application sets, see the JUNOS Services Interfaces Configuration Guide.
|
|
applications [application-names]
|
Matches a list of applications. For more information about applications,
see the JUNOS Services Interfaces Configuration Guide.
|
|
destination-address (address | any-unicast) except
|
Matches the IP destination address field.
|
|
destination-address-range low minimum-value high maximum-value except
|
Matches the IP destination address range field
|
|
destination-prefix-list list-name except
|
Matches the prefix list of the IP destination.
|
|
source-address (address | any-unicast) except
|
Matches the IP source address field.
|
|
source-address-range low minimum-value high maximum-value except
|
Matches the IP source address range field
|
|
source-prefix-list list-name except
|
Matches the prefix list of the IP source.
|
Table 75: NAT Actions
|
Actions
|
Description
|
|
no-translation
|
Enables you to specify addresses that you want to exclude from
NAT.
|
|
syslog
|
Records information in the system logging facility.
|
|
translated source-pool nat-pool-name
|
Translates the source address using the specified pool.
|
|
translated source-prefix source-prefix
|
Translates the source address using the specified source prefix.
|
|
translated translation-type (destination type | source type)
|
Translates the destination and source port using the specified
type:
-
destination static—Translates the destination
address without port mapping. This type requires the size of the source
address space to be the same as the size of the destination address
space. You must specify a destination-pool name. The referenced
pool must contain exactly one address and no port configuration.
-
source dynamic—Translates the source address
with port mapping by means of NAPT. You must specify a source-pool name. The referenced pool must include a port configuration.
-
source static—Translates the source address
without port mapping. This type requires the size of the source address
space to be the same as the size of the destination address space.
You must specify a source-pool name. The referenced pool
must contain exactly one address and no port configuration.
|
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]