Port Forwarding for specific IP address?



  • I have a server behind a Juniper SG5 firewall.  On that server I have SQL Server running, which uses port 1443.

    What I want to do is open port 1443 ONLY for one IP address.  Let’s say the public IP address of my laptop is 257.123.456.789.

    So if I try to connect to SQL Server from my laptop, it will work.  But if I try from different computer, it will be blocked.

    I’m brand-new to Juniper, so basically I need simple instructions (or CLI commands would be great).

    Thanks!
      –-Selden



  • Hi Selden

    You can accomplish this with a destination NAT rule. Basically, you need a public-facing IP (you can use the untrust interface IP of the firewall, as long as you aren’t using any of the management ports). Lets say your public IP in this case is 1.2.3.4.

    1. Ensure 1.2.3.4 is routed at the untrust interface.
    2. Set up a policy from untrust to untrust, with a source of 257.123.456.789, and a destination of 1.2.3.4, permitting port 1443.
    3. On that policy, set up a destination nat directing traffic to the internal IP address of the SQL server.

    For testing, you can allow ICMP-ANY as well and run a ping to the SQL server. You should be able to see traffic going through firewall with the get session command, or with debug flow basic (dont forget to set filters for source and destination ip addresses).

    Hope this helps.

    Cheers

    Holty


 

30
Online

38.4k
Users

12.7k
Topics

44.5k
Posts