首页 > 代码库 > juniper srx 更改默认ssh端口
juniper srx 更改默认ssh端口
juniper srx系列防火墙默认ssh管理的端口是无法更改的,但要想使用其它端口实现ssh管理,可通过将外网的其它端口映射到环回接口的22端口实现
思路:
1.新建环回接口并配置IP地址
2.将环回接口划入到loopback_zone 这个安全域,并在接口层面开放ssh管理
3.配置端口映射,将外网端口22222映射环回接口端口22上
4.放行untrust到loopbaco_zone ssh的流量
实验配置:
set version 12.1X47-D20.7set system root-authentication encrypted-password "$1$Cu1r32.n$ivA34PWVEXK9lNKzaf1"set system services sshset interfaces ge-0/0/0 unit 0 family inet address 192.168.2.200/24set interfaces lo0 unit 0 family inet address 1.1.1.1/24set security nat destination pool ssh_manage address 1.1.1.1/32set security nat destination pool ssh_manage address port 22set security nat destination rule-set ssh_manage from zone untrustset security nat destination rule-set ssh_manage rule 1 match source-address 0.0.0.0/0set security nat destination rule-set ssh_manage rule 1 match destination-address 192.168.2.200/32set security nat destination rule-set ssh_manage rule 1 match destination-port 22222set security nat destination rule-set ssh_manage rule 1 then destination-nat pool ssh_manageset security policies from-zone untrust to-zone loopback_zone policy untrust-to-loopback match source-address anyset security policies from-zone untrust to-zone loopback_zone policy untrust-to-loopback match destination-address ssh-manage-addressset security policies from-zone untrust to-zone loopback_zone policy untrust-to-loopback match application junos-sshset security policies from-zone untrust to-zone loopback_zone policy untrust-to-loopback then permitset security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services pingset security zones security-zone loopback_zone address-book address ssh-manage-address 1.1.1.1/32set security zones security-zone loopback_zone interfaces lo0.0 host-inbound-traffic system-services ssh
version 12.1X47-D20.7;system { root-authentication { encrypted-password "$1$Cu1r32.n$ivACpMVEXK9lNKzaf1"; ## SECRET-DATA } services { ssh; }}interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.2.200/24; } } } lo0 { unit 0 { family inet { address 1.1.1.1/24; } } }}security { nat { destination { pool ssh_manage { address 1.1.1.1/32 port 22; } rule-set ssh_manage { from zone untrust; rule 1 { match { source-address 0.0.0.0/0; destination-address 192.168.2.200/32; destination-port { 22222; } } then { destination-nat { pool { ssh_manage; } } } } } } } policies { from-zone untrust to-zone loopback_zone { policy untrust-to-loopback { match { source-address any; destination-address ssh-manage-address; application junos-ssh; } then { permit; } } } } zones { security-zone untrust { interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { ping; } } } } } security-zone loopback_zone { address-book { address ssh-manage-address 1.1.1.1/32; } interfaces { lo0.0 { host-inbound-traffic { system-services { ssh; } } } } } }}
juniper srx 更改默认ssh端口
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。