set security zones security-zone trust address-book address juniper2541 192.168.254.1/32 #建立元素 set applications application juniper1021 protocol tcp set applications application juniper1021 source-port 0-65535 set applications application juniper1021 destination-port 1021-1021 set applications application juniper1021 inactivity-timeout 1800

#服务1021端口系统自带。所以不需要新建 set security nat destination pool 2541 address 192.168.254.1/32 set security nat destination pool 2541 address port 22 set security nat destination rule-set 1 from zone untrust    set security nat destination rule-set 1 rule 2541 match source-address 0.0.0.0/0 set security nat destination rule-set 1 rule 2541 match destination-address 113.106.95.x/32 set security nat destination rule-set 1 rule 2541 match destination-port 1021 set security nat destination rule-set 1 rule 2541 then destination-nat pool 2541

#NAT set security nat proxy-arp interface ge-0/0/0.0 address 113.106.95.x/32 #代理

set security policies from-zone untrust to-zone trust policy yc2541 match source-address any set security policies from-zone untrust to-zone trust policy yc2541 match destination-address juniper2541 set security policies from-zone untrust to-zone trust policy yc2541 match application juniper1021 set security policies from-zone untrust to-zone trust policy yc2541 then permit #策略