共计 1092 个字符,预计需要花费 3 分钟才能阅读完成。
需要阐明:外网 IP:123.123.123.123:22222 映射 内网 10.100.200.22:22
定义内网地址池 (ssh-22) 和端口号
set security nat destination pool ssh-22 address 10.100.200.22/32
set security nat destination pool ssh-22 address port 22
定义外网地址端口
edit security nat destination #进入 nat destination 编辑界面
set rule-set u-t0-t from zone untrust #设置 u-to-t 流量从那个区域进入
set rule-set u-t0-t rule ssh22 match source-address 0.0.0.0/0 #原地址
set rule-set u-to-t rule ssh22 match destination-address 123.123.123.123/32 #指标地址
set rule-set u-to-t rule ssh22 match destination-port 22222 #对外开放端口
set rule-set u-to-t rule ssh22 match protocol tcp #应用协义
set rule-set u-to-t rule ssh22 then destination-nat pool ssh-22 #转换到那个地址池
exit(退出 nat destination 编辑界面)
定义内网协定端口
set applications application tcp-22 protocol tcp
set applications application tcp-22 destination-port 22
定义内网地址
set security zones security-zone trust address-book address ssh22 10.100.200.22
定义策略
edit security policies from-zone untrust to-zone trust
set policy linux-ssh22 match source-address any
set policy linux-ssh22 match destination-address ssh22 #address-book 地址
set policy linux-ssh22 match application tcp-22 #设置为内网实在端口
set policy linux-ssh22 match application junios-ssh
set policy linux-ssh22 then permit
更多建站及源码交易信息请见 GoodMai
