Forum

JUNIPER SRX240'TA P...
 
Bildirimler
Hepsini Temizle

JUNIPER SRX240'TA PORT AÇMA PROBLEMİ

5 Yazılar
2 Üyeler
0 Reactions
411 Görüntüleme
(@Anonim)
Gönderiler: 0
Konu başlatıcı
 

Merhaba Arkadaşlar;

 

Juniper SRX240 üzerinde bazı portların açılması için aşağıdaki konfigürasyonu yapmamıza rağmen Port sorgulama sayfalarında ilgili portlar kapalı görünmektedir. Konuyla ilgili çözüm önerilerinizi rica ederim.

 
set security nat destination pool DVR_1 address 192.168.X.XX/32
set security nat destination pool DVR_1 address port 60000
set security nat destination pool DVR_2 address 192.168.X.XX/32
set security nat destination pool DVR_2 address port 62000
set security nat destination pool DVR_4 address 192.168.X.XX/32
set security nat destination pool DVR_4 address port 60601
set security nat destination pool DVR_5 address 192.168.X.XX/32
set security nat destination pool DVR_5 address port 60602
set security nat destination pool DVR_6 address 192.168.X.XX/32
set security nat destination pool DVR_6 address port 554
set security nat destination pool DVR_3 address 192.168.X.XX/32
set security nat destination pool DVR_3 address port 9100
set security nat destination pool DVR_66 address 192.168.X.XX/32
set security nat destination pool DVR_66 address port 61000

set security nat destination rule-set webmail rule DVR_rule_1 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_1 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_1 match destination-port 60000
set security nat destination rule-set webmail rule DVR_rule_1 then destination-nat pool DVR_1
set security nat destination rule-set webmail rule DVR_rule_2 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_2 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_2 match destination-port 62000
set security nat destination rule-set webmail rule DVR_rule_2 then destination-nat pool DVR_2
set security nat destination rule-set webmail rule DVR_rule_4 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_4 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_4 match destination-port 60601
set security nat destination rule-set webmail rule DVR_rule_4 then destination-nat pool DVR_4
set security nat destination rule-set webmail rule DVR_rule_5 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_5 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_5 match destination-port 60602
set security nat destination rule-set webmail rule DVR_rule_5 then destination-nat pool DVR_5
set security nat destination rule-set webmail rule DVR_rule_6 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_6 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_6 match destination-port 554
set security nat destination rule-set webmail rule DVR_rule_6 then destination-nat pool DVR_6
set security nat destination rule-set webmail rule DVR_rule_3 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_3 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_3 match destination-port 9100
set security nat destination rule-set webmail rule DVR_rule_3 then destination-nat pool DVR_3
set security nat destination rule-set webmail rule DVR_rule_66 match source-address 0.0.0.0/0
set security nat destination rule-set webmail rule DVR_rule_66 match destination-address 2XX.XX.X.XXX/32
set security nat destination rule-set webmail rule DVR_rule_66 match destination-port 61000
set security nat destination rule-set webmail rule DVR_rule_66 then destination-nat pool DVR_66

Saygılarımla.

 
Gönderildi : 05/07/2012 16:08

(@vasviuysal)
Gönderiler: 7889
Üye
 

policy tarafında dvr makinalarınızın ip adreslerine internete çıkış izni verdinizmi bu portlardan ?

 
Gönderildi : 05/07/2012 16:12

(@Anonim)
Gönderiler: 0
Konu başlatıcı
 

Untrust'tan Trust'a ve any any olarak çıkış yetkisi bulunmaktadır.

Saygılarımla.

 
Gönderildi : 05/07/2012 16:30

(@vasviuysal)
Gönderiler: 7889
Üye
 

trust to untrust kastettiğim

 
Gönderildi : 05/07/2012 16:47

(@Anonim)
Gönderiler: 0
Konu başlatıcı
 

Yazılan rule satırları aşağıdaki gibi olup Portlar hala kapalı görünmektedir 🙁

root# show | display set | match DVR                                                                               
set security nat destination pool DVR address 192.168.xx.x/32
set security nat destination pool DVR address port 80
set security nat destination pool DVR2 address 192.168.xx.x/32
set security nat destination pool DVR2 address port 9001
set security nat destination pool DVR_1 address 192.168.xx.x/32
set security nat destination pool DVR_1 address port 60000
set security nat destination pool DVR_2 address 192.168.xx.x/32
set security nat destination pool DVR_2 address port 62000
set security nat destination pool DVR_4 address 192.168.xx.x/32
set security nat destination pool DVR_4 address port 60601
set security nat destination pool DVR_5 address 192.168.xx.x/32
set security nat destination pool DVR_5 address port 60602
set security nat destination pool DVR_6 address 192.168.xx.x/32
set security nat destination pool DVR_6 address port 554
set security nat destination pool DVR_3 address 192.168.xx.x/32
set security nat destination pool DVR_3 address port 9100
set security nat destination pool DVR_66 address 192.168.xx.x/32
set security nat destination pool DVR_66 address port 61000
set security nat destination rule-set DNAT rule DVR match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR match destination-port 80
set security nat destination rule-set DNAT rule DVR then destination-nat pool DVR
set security nat destination rule-set DNAT rule DVR1 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR1 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR1 match destination-port 9001
set security nat destination rule-set DNAT rule DVR1 then destination-nat pool DVR2
set security nat destination rule-set DNAT rule DVR_rule_1 match source-address 192.168.xx.x/32
set security nat destination rule-set DNAT rule DVR_rule_1 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_1 match destination-port 60000
set security nat destination rule-set DNAT rule DVR_rule_1 then destination-nat pool DVR_1
set security nat destination rule-set DNAT rule DVR_rule_2 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_2 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_2 match destination-port 62000
set security nat destination rule-set DNAT rule DVR_rule_2 then destination-nat pool DVR_2
set security nat destination rule-set DNAT rule DVR_rule_4 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_4 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_4 match destination-port 60601
set security nat destination rule-set DNAT rule DVR_rule_4 then destination-nat pool DVR_4
set security nat destination rule-set DNAT rule DVR_rule_5 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_5 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_5 match destination-port 60602
set security nat destination rule-set DNAT rule DVR_rule_5 then destination-nat pool DVR_5
set security nat destination rule-set DNAT rule DVR_rule_6 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_6 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_6 match destination-port 554
set security nat destination rule-set DNAT rule DVR_rule_6 then destination-nat pool DVR_6
set security nat destination rule-set DNAT rule DVR_rule_3 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_3 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_3 match destination-port 9100
set security nat destination rule-set DNAT rule DVR_rule_3 then destination-nat pool DVR_3
set security nat destination rule-set DNAT rule DVR_rule_66 match source-address 0.0.0.0/0
set security nat destination rule-set DNAT rule DVR_rule_66 match destination-address 2xx.xx.xx.xxx/32
set security nat destination rule-set DNAT rule DVR_rule_66 match destination-port 61000
set security nat destination rule-set DNAT rule DVR_rule_66 then destination-nat pool DVR_66
set security policies from-zone untrust to-zone trust policy Permit-DVR match source-address any
set security policies from-zone untrust to-zone trust policy Permit-DVR match destination-address DVR-TEST
set security policies from-zone untrust to-zone trust policy Permit-DVR match application any
set security policies from-zone untrust to-zone trust policy Permit-DVR then permit
set security policies from-zone untrust to-zone trust policy Permit-DVR then log session-close
set security zones security-zone trust address-book address DVR-TEST 192.168.xx.x/32
                                       
[edit]
root#

Saygılarımla. 

 
Gönderildi : 05/07/2012 17:26

Paylaş: