How to configure my Juniper SRX210 quickly to do basic?
This following will put a hostname, allow outside to inside ping, and ssh, finger and basic NAT/Port forwarding:
## Wan interface requires DHCP client to get from DSL/ISP ip set interfaces ge-0/0/0 unit 0 family inet dhcp ## we allow outside ping and permit all set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping set security policies default-policy permit-all ##Port forwarding 1720 2253 5060 49152 49500 49501 51234 set security nat destination pool server1 address 192.168.1.127/32 set security nat destination rule-set ruleset1 from zone untrust ## 1 set security nat destination rule-set ruleset1 rule rule1 match destination-address 0.0.0.0/0 set security nat destination rule-set ruleset1 rule rule1 match destination-port 1720 set security nat destination rule-set ruleset1 rule rule1 then destination-nat pool server1 ## 2 set security nat destination rule-set ruleset1 rule rule2 match destination-address 0.0.0.0/0 set security nat destination rule-set ruleset1 rule rule2 match destination-port 2253 set security nat destination rule-set ruleset1 rule rule2 then destination-nat pool server1 ## 3 set security nat destination rule-set ruleset1 rule rule3 match destination-address 0.0.0.0/0 set security nat destination rule-set ruleset1 rule rule3 match destination-port 5060 set security nat destination rule-set ruleset1 rule rule3 then destination-nat pool server1 ## 4 set security nat destination rule-set ruleset1 rule rule4 match destination-address 0.0.0.0/0 set security nat destination rule-set ruleset1 rule rule4 match destination-port 49152 set security nat destination rule-set ruleset1 rule rule4 then destination-nat pool server1 ## 5 set security nat destination rule-set ruleset1 rule rule5 match destination-address 0.0.0.0/0 set security nat destination rule-set ruleset1 rule rule5 match destination-port 49500 set security nat destination rule-set ruleset1 rule rule5 then destination-nat pool server1 ## 6 set security nat destination rule-set ruleset1 rule rule6 match destination-address 0.0.0.0/0 set security nat destination rule-set ruleset1 rule rule6 match destination-port 49501 set security nat destination rule-set ruleset1 rule rule6 then destination-nat pool server1 ## 7 set security nat destination rule-set ruleset1 rule rule7 match destination-address 0.0.0.0/0 set security nat destination rule-set ruleset1 rule rule7 match destination-port 51234 set security nat destination rule-set ruleset1 rule rule7 then destination-nat pool server1
The whole configuration is also attached here:
## Last changed: 2011-06-26 14:29:21 UTC
version 10.0R3.10;
system {
host-name srx210;
root-authentication {
encrypted-password “$1$yI”;
}
name-server {
208.67.222.222;
208.67.220.220;
195.130.130.1;
}
services {
ssh;
telnet;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface vlan.0;
}
}
dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
interface-range interfaces-trust {
member ge-0/0/1;
member fe-0/0/2;
member fe-0/0/3;
member fe-0/0/4;
member fe-0/0/5;
member fe-0/0/6;
member fe-0/0/7;
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/0 {
unit 0 {
family inet {
dhcp;
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}
security {
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool server1 {
address 192.168.1.127/32;
}
rule-set ruleset1 {
from zone untrust;
rule rule1 {
match {
destination-address 0.0.0.0/0;
destination-port 1720;
}
then {
destination-nat pool server1;
}
}
rule rule2 {
match {
destination-address 0.0.0.0/0;
destination-port 2253;
}
then {
destination-nat pool server1;
}
}
rule rule3 {
match {
destination-address 0.0.0.0/0;
destination-port 5060;
}
then {
destination-nat pool server1;
}
}
rule rule4 {
match {
destination-address 0.0.0.0/0;
destination-port 49152;
}
then {
destination-nat pool server1;
}
}
rule rule5 {
match {
destination-address 0.0.0.0/0;
destination-port 49500;
}
then {
destination-nat pool server1;
}
}
rule rule6 {
match {
destination-address 0.0.0.0/0;
destination-port 49501;
}
then {
destination-nat pool server1;
}
}
rule rule7 {
match {
destination-address 0.0.0.0/0;
destination-port 51234;
}
then {
destination-nat pool server1;
}
}
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
ping;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}