SERWER_IP_LOKALNE -> switch -> SRX240 -> Internet
Internet IP_GLOBALNE_SERWERA -> SRX240 -> switch -> SERWER_IP_LOKALNE
Czyli zwykły NAT.
Robię to w ten sposób:
Kod: Zaznacz cały
{primary:node0}
chris@SRX240H-01> configure
warning: Clustering enabled; using private edit
warning: uncommitted changes will be discarded on exit
Entering configuration mode
{primary:node0}[edit]
chris@SRX240H-01# edit security nat static
{primary:node0}[edit security nat static]
chris@SRX240H-01#
{primary:node0}[edit security nat static]
chris@SRX240H-01# set rule-set STATIC_1 from zone untrust
{primary:node0}[edit security nat static]
chris@SRX240H-01# set rule-set STATIC_1 rule STATIC_4 match destination-address 1.2.3.4/32 - ip_globlane
{primary:node0}[edit security nat static]
chris@SRX240H-01# set rule-set STATIC_1 rule STATIC_4 then static-nat prefix 192.168.1.100/32 - ip_lokalne
{primary:node0}[edit security nat static]
chris@SRX240H-01# up
{primary:node0}[edit security nat]
chris@SRX240H-01#
{primary:node0}[edit security nat]
chris@SRX240H-01# set proxy-arp interface reth0.0 address 1.2.3.4
Ze strefy untrust SRC ANY, do strefy trust IP_LOKALNE
Czy czegoś tu brakuje?