Yes. the issue appears that I was not putting junos-self or junos-host at the source security zone for the nat rule. I have yet to try it, will test today.
Thanks! Morgan On Thu, Jun 13, 2013 at 9:25 AM, Pavel Lunin <[email protected]> wrote: > > > 12.06.2013 08:59, Morgan McLean wrote: > > I rolled back and ran a ping to a host out on the net. Heres the > trace...is > > the fact that its coming from junos-self screwing things up? > The trace shows no src nat happened: > > Jun 11 21:51:22 21:51:21.1472397:CID-1:RT:flow_first_routing: call > > flow_route_lookup(): src_ip 192.168.29.11, x_dst_ip 192.81.130.21, in ifp > > .local..0, out ifp N/A sp 8, dp 207, ip_proto 1, tos 0 > [...] > > Jun 11 21:51:22 21:51:21.1472397:CID-1:RT:flow_first_src_xlate: > > nat_src_xlated: False, nat_src_xlate_failed: False > > > > Jun 11 21:51:22 21:51:21.1472397:CID-1:RT:flow_first_src_xlate: src nat > > returns status: 0, rule/pool id: 0/0, pst_nat: False. > > > > Jun 11 21:51:22 21:51:21.1472397:CID-1:RT: dip id = 0/0, > 192.168.29.11/8-> > > 192.168.29.11/8 > This means you were sending packets to the Internet from the source IP > 192.168.29.11. > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Thanks, Morgan _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
