{"id":909,"date":"2015-07-27T13:02:25","date_gmt":"2015-07-27T16:02:25","guid":{"rendered":"http:\/\/blog.abratel.com.br\/?p=909"},"modified":"2015-07-27T13:14:14","modified_gmt":"2015-07-27T16:14:14","slug":"909","status":"publish","type":"post","link":"https:\/\/blog.abratel.com.br\/?p=909","title":{"rendered":"Juniper SRX Port Forwarding \/ Destination NAT"},"content":{"rendered":"<p><strong>Resumo:<\/strong> Redirecionamento de portas usando CLI no Juniper SRX 240 <\/p>\n<p><strong>SO:<\/strong> JUNOS Software Release [10.0R3.10]<\/p>\n<p><center><a href=\"http:\/\/blog.abratel.com.br\/wp-content\/uploads\/2015\/07\/juniper.png\"><img loading=\"lazy\" src=\"http:\/\/blog.abratel.com.br\/wp-content\/uploads\/2015\/07\/juniper-211x300.png\" alt=\"juniper\" width=\"291\" height=\"380\" class=\"alignnone size-medium wp-image-910\" \/><\/a><\/center><\/p>\n<p><strong>1 &#8211; Configurar as entradas dos endere\u00e7os das entidades: <\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nset security zones security-zone DMZ-trust address-book address WebServer 10.254.254.2\/32\r\nset security zones security-zone DMZ-trust address-book address SftpServer 10.254.254.3\/32\r\n<\/pre>\n<p><strong>2 &#8211; Tradu\u00e7\u00e3o das configura\u00e7\u00f5es de portas (nome para n\u00famero):<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nset applications application HTTP protocol tcp\r\nset applications application HTTP destination-port 80\r\nset applications application SSH protocol tcp\r\nset applications application SSH destination-port 22\r\n<\/pre>\n<p><strong> 3 &#8211; CONFIGURA\u00c7\u00d5ES DE NAT<\/strong><\/p>\n<p><strong>Ambos servidores e portas definidos com seus ips privados:<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nset security nat destination pool dnat_10_254_254_2m32 address 10.254.254.2\/32 port 80\r\nset security nat destination pool dnat_10_254_254_3m32 address 10.254.254.3\/32 port 22\r\n<\/pre>\n<p><strong> 4 &#8211; Politica de Nat que faz a tradu\u00e7\u00e3o:<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nset security nat destination rule-set DEST-NAT from zone untrust\r\n<\/pre>\n<p>Para o Web Server:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nset security nat destination rule-set DEST-NAT rule WEB-SERVER-TCP-80 match destination-address 172.16.254.1\/32\r\nset security nat destination rule-set DEST-NAT rule WEB-SERVER-TCP-80 match destination-port 80\r\nset security nat destination rule-set DEST-NAT rule WEB-SERVER-TCP-80 then destination-nat pool dnat_10_254_254_2m32\r\n<\/pre>\n<p>Para o SFTP<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nset security nat destination rule-set DEST-NAT rule SFTP-SERVER-TCP-22 match destination-address 172.16.254.1\/32\r\nset security nat destination rule-set DEST-NAT rule SFTP-SERVER-TCP-22 match destination-port 22\r\nset security nat destination rule-set DEST-NAT rule SFTP-SERVER-TCP-22 then destination-nat pool dnat_10_254_254_3m32\r\n\r\n<\/pre>\n<p><strong>5 &#8211; Configura\u00e7\u00e3o de Pol\u00edtica de Seguran\u00e7a, IPs privados e portas de servidor Web e SFTP Server s\u00e3o definidos aqui:<\/strong><\/p>\n<p>para o Web Server:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nset security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match source-address any\r\nset security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match destination-address WebServer\r\nset security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match application HTTP\r\nset security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ then permit\r\n<\/pre>\n<p>para o SFTP Server<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nset security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match source-address any\r\nset security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match destination-address SftpServer\r\nset security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match application SSH\r\nset security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ then permit\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Resumo: Redirecionamento de portas usando CLI no Juniper SRX 240 SO: JUNOS Software Release [10.0R3.10] 1 &#8211; Configurar as entradas dos endere\u00e7os das entidades: 2 &#8211; Tradu\u00e7\u00e3o das configura\u00e7\u00f5es de portas (nome para n\u00famero): 3 &#8211; CONFIGURA\u00c7\u00d5ES DE NAT Ambos servidores e portas definidos com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":917,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[7],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/909"}],"collection":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=909"}],"version-history":[{"count":15,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/909\/revisions"}],"predecessor-version":[{"id":913,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/909\/revisions\/913"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/media\/917"}],"wp:attachment":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=909"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=909"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=909"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}