Configuring Port Forwarding

I recently acquired a Juniper NetScreen SSG5 and have been play­ing around with it. One task that took some time due to the fact that the mul­ti­ple online resources I found had out dated syn­tax was that of port forwarding.

The Goal

Take port 443 on my pub­lic IP via cable modem and for­ward traf­fic to a SUSE 10.2 vir­tual machine con­nected in bridged mode on my inter­nal net­work on port 22. (i.e. SSH on 443 –> Pub­lic IP –> SSH on 22 –> Pri­vate IP)

The Solu­tion

set inter­face ethernet0/0 vip untrust 21 “SSH” man­ual
set pol­icy id 10 from untrust to trust any vip(ethernet0/0) “HTTPS” per­mit log count


Syn­tax is everything!

Leave a Reply