This article provides information about configuring the source NAT for self-generated traffic.
How to configure source NAT for self-generated traffic
To configure source NAT for self-generated traffic, use the following methods:
-
Use a Junos host zone in the NAT setting. For example:
root@SRX220-a-HQ1# show interfaces lo0
unit 0 {
family inet {
address 1.1.1.1/24;
}
}
root@SRX220-a-HQ1# show security nat
source {
pool test {
address {
200.200.200.210/32;
}
}
rule-set test {
from zone junos-host; <-- HERE
to zone untrust;
rule test1 {
match {
source-address 1.1.1.1/32;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
test;
}
}
}
}
}
}
proxy-arp {
interface reth1.0 {
address {
200.200.200.210/32;
}
}
}
root@SRX220-a-HQ1# show security zones security-zone test
interfaces {
lo0.0;
}
-
Use the routing instance default, instead of zone, in NAT. For example:
root@SRX220-a-HQ1# show security nat source rule-set test
from routing-instance default; <-- HERE
to zone untrust;
rule test1 {
match {
source-address 1.1.1.1/32;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
test;
}
}
}
}
root@SRX220-a-HQ1# run ping 200.200.200.1 source 1.1.1.1 PING 200.200.200.1 (200.200.200.1): 56
data bytes 64 bytes from 200.200.200.1: icmp_seq=0 ttl=64 time=8.013 ms 64 bytes from 200.200.200.1:
icmp_seq=1 ttl=64 time=2.612 ms 64 bytes from 200.200.200.1: icmp_seq=2 ttl=64 time=8.491 ms 64 bytes
from 200.200.200.1:icmp_seq=3 ttl=64 time=2.590 ms ^C
2020/07/27: Article reviewed for accuracy; removed version-related statements as both are supported in latest versions