qreco Опубликовано 10 марта, 2011 · Жалоба Пытаюсь настроить сабж,сделал проброс ftp, работает, как только прописываю rdp, rdp работает ftp уже нет , уже третий день бьюсь понять не могу в чем дело. конф. root@jgate# show ## Last changed: 2011-03-10 00:00:51 GMT+5 version 10.0R1.8; system { host-name jgate; time-zone GMT+5; root-authentication { encrypted-password "$"; ## SECRET-DATA } name-server { 208.67.222.222; 208.67.220.220; } services { ssh; telnet; web-management { http { interface vlan.0; } https { system-generated-certificate; interface vlan.0; } } dhcp { router { 192.168.1.1; } pool 192.168.1.0/24 { address-range low 192.168.1.2 high 192.168.1.254; } propagate-settings ge-0/0/0.0; } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 49; max-configuration-rollbacks 49; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } ntp { server 195.16.42.125; server 93.91.6.81; server 194.190.16.51; server 130.236.254.102; } } interfaces { interface-range interfaces-trust { member ge-0/0/1; member fe-0/0/4; member fe-0/0/5; member fe-0/0/6; member fe-0/0/7; unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/0 { unit 0 { family inet { address 172.24.130.46/29; } } } fe-0/0/3 { unit 0 { family inet { address 10.0.0.1/24; address 1.1.1.1/30; } } } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } vlan { unit 0 { family inet { address 192.168.0.1/24; } } } } routing-options { static { route 172.23.0.0/16 next-hop [ 172.24.130.41 172.24.130.42 ]; route 0.0.0.0/0 next-hop 1.1.1.2; } } security { nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } destination { pool ftp-pool { address 192.168.0.103/32 port 21; } pool rdp-pool { address 192.168.0.103/32 port 3389; } pool 34567-pool { address 192.168.0.201/32 port 34567; } pool 36963-pool { address 192.168.0.201/32 port 36963; } pool test { address 192.168.0.103/32 port 3690; } rule-set door { from zone untrust; rule ftp { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; destination-port 21; } then { destination-nat pool ftp-pool; } } inactive: rule rdp { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; destination-port 3389; } then { destination-nat pool rdp-pool; } } inactive: rule 34567{ match { destination-address 0.0.0.0/0; destination-port 34567; } then { destination-nat pool 34567-pool; } } inactive: rule 36963{ match { destination-address 0.0.0.0/0; destination-port 36963; } then { destination-nat pool 36963-pool; } } inactive: rule t { match { source-address 0.0.0.0/0; destination-address 1.1.1.1/32; destination-port 3690; } then { destination-nat pool test; } } } } } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } zones { security-zone trust { address-book { address serv103 192.168.0.103/32; address serv201 192.168.0.201/32; } host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.0; } } security-zone untrust { screen untrust-screen; interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { dhcp; tftp; ping; traceroute; } } } fe-0/0/3.0 { host-inbound-traffic { system-services { ftp; ping; } } } } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy untrust-trust { match { source-address any; destination-address [ serv103 serv201 ]; application any; } then { permit; } } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.0; } } Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
