juniper srx 更改默认ssh端口
2016-10-04 18:16
253 查看
juniper srx系列防火墙默认ssh管理的端口是无法更改的,但要想使用其它端口实现ssh管理,可通过将外网的其它端口映射到环回接口的22端口实现
思路:
1.新建环回接口并配置IP地址
2.将环回接口划入到loopback_zone 这个安全域,并在接口层面开放ssh管理
3.配置端口映射,将外网端口22222映射环回接口端口22上
4.放行untrust到loopbaco_zone ssh的流量
实验配置:
思路:
1.新建环回接口并配置IP地址
2.将环回接口划入到loopback_zone 这个安全域,并在接口层面开放ssh管理
3.配置端口映射,将外网端口22222映射环回接口端口22上
4.放行untrust到loopbaco_zone ssh的流量
实验配置:
set version 12.1X47-D20.7 set system root-authentication encrypted-password "$1$Cu1r32.n$ivA34PWVEXK9lNKzaf1" set system services ssh set interfaces ge-0/0/0 unit 0 family inet address 192.168.2.200/24 set interfaces lo0 unit 0 family inet address 1.1.1.1/24 set security nat destination pool ssh_manage address 1.1.1.1/32 set security nat destination pool ssh_manage address port 22 set security nat destination rule-set ssh_manage from zone untrust set security nat destination rule-set ssh_manage rule 1 match source-address 0.0.0.0/0 set security nat destination rule-set ssh_manage rule 1 match destination-address 192.168.2.200/32 set security nat destination rule-set ssh_manage rule 1 match destination-port 22222 set security nat destination rule-set ssh_manage rule 1 then destination-nat pool ssh_manage set security policies from-zone untrust to-zone loopback_zone policy untrust-to-loopback match source-address any set security policies from-zone untrust to-zone loopback_zone policy untrust-to-loopback match destination-address ssh-manage-address set security policies from-zone untrust to-zone loopback_zone policy untrust-to-loopback match application junos-ssh set security policies from-zone untrust to-zone loopback_zone policy untrust-to-loopback then permit set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone loopback_zone address-book address ssh-manage-address 1.1.1.1/32 set security zones security-zone loopback_zone interfaces lo0.0 host-inbound-traffic system-services ssh
version 12.1X47-D20.7; system { root-authentication { encrypted-password "$1$Cu1r32.n$ivACpMVEXK9lNKzaf1"; ## SECRET-DATA } services { ssh; } } interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.2.200/24; } } } lo0 { unit 0 { family inet { address 1.1.1.1/24; } } } } security { nat { destination { pool ssh_manage { address 1.1.1.1/32 port 22; } rule-set ssh_manage { from zone untrust; rule 1 { match { source-address 0.0.0.0/0; destination-address 192.168.2.200/32; destination-port { 22222; } } then { destination-nat { pool { ssh_manage; } } } } } } } policies { from-zone untrust to-zone loopback_zone { policy untrust-to-loopback { match { source-address any; destination-address ssh-manage-address; application junos-ssh; } then { permit; } } } } zones { security-zone untrust { interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { ping; } } } } } security-zone loopback_zone { address-book { address ssh-manage-address 1.1.1.1/32; } interfaces { lo0.0 { host-inbound-traffic { system-services { ssh; } } } } } } }
相关文章推荐
- ssh默认端口更改后,如何正常使用git?
- ssh默认端口的更改
- SSH公钥登录且禁止密码登录及更改默认端口
- SSH默认端口更改后使用Git(转)
- TFS 服务端默认端口更改
- Windows Vista 和 Windows Server 2008 中,TCP/IP 默认动态端口范围已更改
- GitLab遇到ssh修改了默认端口解决方法
- centos下修改ssh服务的默认端口
- 修改ssh服务的默认端口
- 更改Tomcat默认目录,端口
- jboss4.2.3更改端口和默认根应用程序
- SQL Server 2005无法进行远程连接的解决办法和更改默认端口
- 默认端口:ftp,ssh,telnet,dhcp,mail,pop3,smtp,dns,http,sm等
- ORACLE 更改默认端口
- ssh/scp 远程连接ssh非默认端口方法
- 更改Tomcat默认目录,端口 (含设置缺省网页的方法 ) 【备忘】【转】
- Rsync使用非ssh默认端口从远程服务器同步文件到本地
- Linux SSH 安全策略 更改 SSH 端口
- 更改 Sql Server 2005 默认端口方法
- 解决ssh免密码登录 非默认端口22免密钥登录