At home, I only have one dynamic public IP to work with so I am figuring out destination NAT.
The juniper wizard produces config like this to forward a single port to a host inside...
``` pool 172_16_22_101_443 { address 172.16.22.101/32 port 443; } ... rule 0_Web_Server--DMZ_443 { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; destination-port { 443; } } then { destination-nat { pool { 172_16_22_101_443; } } } }
``` Why does the pool include the port? Isn't it sufficient that rule matches the port?
The reason I ask is that I am writing config to dnat a two port service and the pool statement does not allow multiple ports but I can leave out the port. The rule match clause does allow multiple ports. Is there a problem if I do that?
Thanks, --BobG
No comments:
Post a Comment