I'm trying to set up an SRX240 to sit in between some servers and the internet where I can set the external IP on the servers themselves.
I'm thinking NAT to internal addresses would be better but we have a similar set up on another already and wanted to match it (which is why it's annoying me more that I can't make it work as there's not much difference in config!)
I've been given a /28 and connect to the srx fine from external. Just not get to/from the servers.
Perhaps my theory is wrong and this isn't possible?
Anyways, here's the relevant bit of the config - Any advice apprieciated!
interfaces {
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members VLAN20;
}
}
}
}
ge-1/0/0 {
unit 0 {
family inet {
address x.x.x.147/28;
}
}
}
vlan {
unit 20 {
family inet {
address x.x.x.148/28;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop x.x.x.146;
}
}
policies {
from-zone LAN to-zone Internet {
policy ALLOW-ALL {
match {
source-address any-ipv4;
destination-address any-ipv4;
application any;
}
then {
permit;
}
}
}
zones {
security-zone Internet {
interfaces {
ge-1/0/0.0 {
host-inbound-traffic {
system-services {
ping;
ssh;
snmp;
ike;
https;
http;
}
protocols {
vrrp;
}
}
}
}
}
security-zone LAN {
host-inbound-traffic {
system-services {
ping;
ike;
}
protocols {
vrrp;
}
}
interfaces {
vlan.20;
}
}
}
}
vlans {
VLAN20 {
vlan-id 20;
l3-interface vlan.20;
}
}