Forum
Merhaba Arkadaşlar;
Juniper SRX240 üzerinde bazı portların açılması için aşağıdaki konfigürasyonu yapmamıza rağmen Port sorgulama sayfalarında ilgili portlar kapalı görünmektedir. Konuyla ilgili çözüm önerilerinizi rica ederim.
set security nat destination pool DVR_1 address 192.168.X.XX/32
set security nat destination pool DVR_1 address port 60000
set security nat destination pool DVR_2 address 192.168.X.XX/32
set security nat destination pool DVR_2 address port 62000
set security nat destination pool DVR_4 address 192.168.X.XX/32
set security nat destination pool DVR_4 address port 60601
set security nat destination pool DVR_5 address 192.168.X.XX/32
set security nat destination pool DVR_5 address port 60602
set security nat destination pool DVR_6 address 192.168.X.XX/32
set security nat destination pool DVR_6 address port 554
set security nat destination pool DVR_3 address 192.168.X.XX/32
set security nat destination pool DVR_3 address port 9100
set security nat destination pool DVR_66 address 192.168.X.XX/32
set security nat destination pool DVR_66 address port 61000
set security nat destination rule-set webmail rule DVR_rule_1 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_1 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_1 match destination-port 60000
set security nat destination rule-set webmail rule DVR_rule_1 then destination-nat pool DVR_1
set security nat destination rule-set webmail rule DVR_rule_2 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_2 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_2 match destination-port 62000
set security nat destination rule-set webmail rule DVR_rule_2 then destination-nat pool DVR_2
set security nat destination rule-set webmail rule DVR_rule_4 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_4 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_4 match destination-port 60601
set security nat destination rule-set webmail rule DVR_rule_4 then destination-nat pool DVR_4
set security nat destination rule-set webmail rule DVR_rule_5 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_5 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_5 match destination-port 60602
set security nat destination rule-set webmail rule DVR_rule_5 then destination-nat pool DVR_5
set security nat destination rule-set webmail rule DVR_rule_6 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_6 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_6 match destination-port 554
set security nat destination rule-set webmail rule DVR_rule_6 then destination-nat pool DVR_6
set security nat destination rule-set webmail rule DVR_rule_3 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_3 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_3 match destination-port 9100
set security nat destination rule-set webmail rule DVR_rule_3 then destination-nat pool DVR_3
set security nat destination rule-set webmail rule DVR_rule_66 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_66 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_66 match destination-port 61000
set security nat destination rule-set webmail rule DVR_rule_66 then destination-nat pool DVR_66
Saygılarımla.
policy tarafında dvr makinalarınızın ip adreslerine internete çıkış izni verdinizmi bu portlardan ?
Untrust'tan Trust'a ve any any olarak çıkış yetkisi bulunmaktadır.
Saygılarımla.
trust to untrust kastettiğim
Yazılan rule satırları aşağıdaki gibi olup Portlar hala kapalı görünmektedir 🙁
root# show | display set | match DVR
set security nat destination pool DVR address 192.168.xx.x/32
set security nat destination pool DVR address port 80
set security nat destination pool DVR2 address 192.168.xx.x/32
set security nat destination pool DVR2 address port 9001
set security nat destination pool DVR_1 address 192.168.xx.x/32
set security nat destination pool DVR_1 address port 60000
set security nat destination pool DVR_2 address 192.168.xx.x/32
set security nat destination pool DVR_2 address port 62000
set security nat destination pool DVR_4 address 192.168.xx.x/32
set security nat destination pool DVR_4 address port 60601
set security nat destination pool DVR_5 address 192.168.xx.x/32
set security nat destination pool DVR_5 address port 60602
set security nat destination pool DVR_6 address 192.168.xx.x/32
set security nat destination pool DVR_6 address port 554
set security nat destination pool DVR_3 address 192.168.xx.x/32
set security nat destination pool DVR_3 address port 9100
set security nat destination pool DVR_66 address 192.168.xx.x/32
set security nat destination pool DVR_66 address port 61000
set security nat destination rule-set DNAT rule DVR match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR match destination-port 80
set security nat destination rule-set DNAT rule DVR then destination-nat pool DVR
set security nat destination rule-set DNAT rule DVR1 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR1 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR1 match destination-port 9001
set security nat destination rule-set DNAT rule DVR1 then destination-nat pool DVR2
set security nat destination rule-set DNAT rule DVR_rule_1 match source-address 192.168.xx.x/32
set security nat destination rule-set DNAT rule DVR_rule_1 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_1 match destination-port 60000
set security nat destination rule-set DNAT rule DVR_rule_1 then destination-nat pool DVR_1
set security nat destination rule-set DNAT rule DVR_rule_2 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_2 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_2 match destination-port 62000
set security nat destination rule-set DNAT rule DVR_rule_2 then destination-nat pool DVR_2
set security nat destination rule-set DNAT rule DVR_rule_4 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_4 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_4 match destination-port 60601
set security nat destination rule-set DNAT rule DVR_rule_4 then destination-nat pool DVR_4
set security nat destination rule-set DNAT rule DVR_rule_5 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_5 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_5 match destination-port 60602
set security nat destination rule-set DNAT rule DVR_rule_5 then destination-nat pool DVR_5
set security nat destination rule-set DNAT rule DVR_rule_6 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_6 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_6 match destination-port 554
set security nat destination rule-set DNAT rule DVR_rule_6 then destination-nat pool DVR_6
set security nat destination rule-set DNAT rule DVR_rule_3 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_3 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_3 match destination-port 9100
set security nat destination rule-set DNAT rule DVR_rule_3 then destination-nat pool DVR_3
set security nat destination rule-set DNAT rule DVR_rule_66 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_66 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_66 match destination-port 61000
set security nat destination rule-set DNAT rule DVR_rule_66 then destination-nat pool DVR_66
set security policies from-zone untrust to-zone trust policy Permit-DVR match source-address any
set security policies from-zone untrust to-zone trust policy Permit-DVR match destination-address DVR-TEST
set security policies from-zone untrust to-zone trust policy Permit-DVR match application any
set security policies from-zone untrust to-zone trust policy Permit-DVR then permit
set security policies from-zone untrust to-zone trust policy Permit-DVR then log session-close
set security zones security-zone trust address-book address DVR-TEST 192.168.xx.x/32
[edit]
root#
Saygılarımla.