Netscreen 204 - NAT Issues



  • I’m trying to learn ScreenOS so i bought a cheap firewall on ebay a netscreen 204 for some practice.

    i’m having some difficulty with nat. Its setup on my home network and what i’m trying to achieve is a using my public ip to get to internal devices.

    Example: 200.1.106.2 on port 2222 be forwarded to 192.168.1.3 on port 22

    the searches i’ve done says i need to use VIP which i’m not seeing available on my firewall. any ideas on this?? i’ve gotten mapped ip’s to work etc but just cant seem to get the “port forwarding” to work.

    the sfotware version i’m using is 5.4.0r22.0 (Firewall+VPN)

    Thanks,
    Shastri



  • I tried your suggestion but with no luck.

    i first tried set vip multi-port to enable the vip service but nothing else worked.

    NetScreen204-1-> set interface ethernet3 vip ?
                                            ^–----unknown keyword vip

    any other ideas?

    Thanks,
    Shastri



  • hello Shastri,
    You have to define a custom service before you set up your NAT and then use that service in your VIP defination.

    To define custom service:

    set service test protocol tcp src-port 0-65535 dst-port 22-22 timeout never

    You can use following command to set up your nat,

    set interface <int name="">vip 202.1.106.2 2222 test 192.168.1.3

    After this you have to allow traffic from outside (untrust) to internal (trust):
    set policy from untrust to trust any vip(202.1.106.2) test permit
    save

    If you have defined your zones differently, use accordingly.

    Regrads
    psmaan</int>


 

48
Online

38.4k
Users

12.7k
Topics

44.5k
Posts