1.NAT-Src with PAT Enabled

從trust到untrust轉換

轉換前：（Source IP：10.1.1.1 Source port: 3899)

轉換后：（Source IP: 202.100.100.100 Source port: 4000)

對trust的IP以及port都做轉換

****************************************************

CLI：

set int eth1 zone trust

set int eth1 ip 10.1.1.1/24

set int eth1 nat

set int eth3 zone untrust

set int eth3 ip 1.1.1.1/24

set int eth3 route

set int eth3 dip 5 1.1.1.30 1.1.1.30

set policy from trust to untrust any any any nat src dip-id 5 permit log

*****************************************************

2.NAT-Src with PAT Disabled

從trust到untrust轉換

轉換前：（Source IP：10.1.1.1 Source port: 3899)

轉換后：（Source IP: 202.100.100.100 Source port: 3899)

對trust的IP做轉換，但不對trust的port做轉換

***********************************************************

CLI：

set int eth1 zone trust

set int eth1 ip 10.1.1.1/24

set int eth1 nat

set int eth3 zone untrust

set int eth3 ip 1.1.1.1/24

set int eth3 route

set int eth3 dip 6 1.1.1.50 1.1.1.150 fix-port

set policy from trust to untrust any any any nat src dip-ip 6 permit log

*******************************************************

3.NAT-Src with Address Shifting

*******************************************************

CLI:

set int eth1 zone trust

set int eth1 ip 10.1.1.1/24

set int eth1 nat

set int eth3 zone untrust

set int eth3 ip 1.1.1.1/24

set int eth3 ip route

set int eth3 dip 10 shift-from 10.1.1.11 to 1.1.1.101 1.1.1.105

set address trust host1 10.1.1.11/32

set address trust host2 10.1.1.12/32

set address trust host3 10.1.1.13/32

set address trust host4 10.1.1.14/32

set address trust host5 10.1.1.15/32

set group address trust group1 add host1

set group address trust group1 add host2

set group address trust group1 add host3

set group address trust group1 add host4

set group address trust group1 add host5

set policy from trust to untrust group1 any any nat src dip-id 10 permit log

3.NAT-Src Without DIP

從trust到untrust轉換

轉換前：（Source IP：10.1.1.1 Source port: 3899)

轉換后：（Source IP: 202.100.100.100 Source port: 4000)

對trust的IP以及port都做轉換

******************************************************

CLI :

set int eth1 zone trust

set int eth1 ip 10.1.1.1/24

set int eth1 nat

set int eth3 zone untrust

set int eth3 ip 1.1.1.1/24

set int eth3 route

set policy from trust to untrust any any any nat src ?permit log

或者

set int eth1 zone trust

set int eth1 ip 10.1.1.1/24

set int eth1 nat

set int eth3 zone untrust

set int eth3 ip 1.1.1.1/24

set int eth3 route

set policy from trust to untrust any any any permit log

轉載于:https://blog.51cto.com/3155099/1610629

與50位技術專家面對面20年技術見證，附贈技術全景圖

總結

以上是生活随笔為你收集整理的Juniper NetScreen 基于源NAT转换的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。