Juniper netscreen-25

Hello,

I am trying to pass a port through from 1025 from the outside to 25 on the inside.  I'm trying this either from the CLI or GUI.

Thanks
LVL 6
mahrens007Asked:
Who is Participating?
 
QlemoConnect With a Mentor DeveloperCommented:
Sorry, I was wrong with my previous post, regarding having to use a custom service.

Here is a simplified example for CLI. eth0/2 is the Untrust interface, 192.168.1.1 your internal server:
set interface ethernet0/2 vip interface-ip 1025 "SMTP" 192.168.1.1 manual
set policy top name "SMTP in"  from Untrust to Trust "Any-IPv4" "VIP(ethernet0/2)" any permit log count

Open in new window

That will allow any VIP service you create to connect (because of the "any" in the policy). That is more flexible, since you would only have to add another VIP service to your interface to get access.
If you want a more restricted setup, which is not necessary here, you would have to define a custom service for 1025, and provide that one instead of "any" service in the policy.

Doing above in the WebGUI is straightforward, since you can almost exactly follow the command from left to right when going thru the WebGUI menus and dialogs.
0
 
QlemoDeveloperCommented:
You need to create a custom service for port 1025, then go into your Untrust interface and add a VIP service with that custom port, the private IP and the mapped port (25).
Then create a "permit" policy Untrust->Trust having "VIP" as destination and "any" as service (or choose the custom service for 1025 if you like).
0
 
mahrens007Author Commented:
Do you have a screen shot or an example I can follow?
0
 
mahrens007Author Commented:
Thanks for you help
0
All Courses

From novice to tech pro — start learning today.