Linux iptables to SRX NAT

Below you will find a simple example for those who use Linux iptables and now need to use SRX NAT. I am giving destination and source nat examples in both systems to easily compare the way NAT is configured in both firewalls. In both scenarios I will use the following topology in which ubuntu3 is the client device behind two firewalls Linux(debian1) and j26 (srx firewall)


Prerequisites for this setup to work

  • IP addresses must be assigned to external interfaces on Linux and SRX
  • As both gateways are tested on the same topology, ubuntu3’s default gateway should changed to SRX and Linux when necessary during the test for reverse traffic.
  • Necessary security policies must be already set on SRX for this NAT to work.

Scenario 1
By using destination NAT, forward requests destined to or addresses on port 22 towards ubuntu3.

Linux Way

SRX way
SRX has hierarchy compared to Linux and there are two methods which you can achieve the same result. One is destination nat and the other is static nat.

Destination NAT

You can achieve the same destination nat via the following static nat configuration too.

Static NAT

Scenario 2)
By using source nat, we will give NET access to ubuntu3 either via Linux device or SRX firewall.

Linux way

The same source nat can be done on SRX in the following way.
SRX way

I have tested these configurations, I have written above. If you have SRX policies configured, you shouldn’t have any problem.

You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.