JUNIPER SRX on SKY Fibre Broadband

posted 6 Feb 2016, 13:13 by DR Labs [ updated 9 Apr 2016, 23:45 ]

After a lot of goggling and testing I evetunaly got my SRX 100 working as a firewall for Sky fibre broadband utilising the SKY hub as an access point. ...

Setup DHCP for the local LAN
set system services dhcp pool 192.168.50.0/24 address-range low 192.168.50.10
set system services dhcp pool 192.168.50.0/24 address-range high 192.168.50.49
set system services dhcp pool 192.168.50.0/24 default-lease-time 86000
set system services dhcp pool 192.168.50.0/24 name-server 8.8.8.8
set system services dhcp pool 192.168.50.0/24 name-server 212.159.6.10
set system services dhcp pool 192.168.50.0/24 router 192.168.50.1

SKY access point
set interfaces fe-0/0/0 unit 0 description ***ACCESS_POINT_SKY***
set interfaces fe-0/0/0 unit 0 family ethernet-switching port-mode access
set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members VLAN50

Vlan (SVI) for wireless devices
set interfaces vlan description ***WIRELESS***
set interfaces vlan unit 50 family inet address 192.168.50.1/24

Port facing BT modem
set interfaces fe-0/0/2 unit 0 description ***WAN_SKY***
set interfaces fe-0/0/2 unit 0 family inet mtu 1492
set interfaces fe-0/0/2 unit 0 family inet dhcp client-identifier ascii "username@skydsl|password" (change with your details)

#You can either run a wireshark trace on off your SKY hub to capture your username and password or use this site - http://www.ph-mb.com/products/sky-calc #

Route for internet traffic
set routing-options static route 0.0.0.0/0 next-hop 0.0.0.0
set routing-options static route 0.0.0.0/0 resolve

Local to internet based traffic
set security policies from-zone LocalLan to-zone WAN policy internet-access match source-address any
set security policies from-zone LocalLan to-zone WAN policy internet-access match destination-address any
set security policies from-zone LocalLan to-zone WAN policy internet-access match application any
set security policies from-zone LocalLan to-zone WAN policy internet-access then permit
#
set security nat source rule-set rs1 from zone LocalLan
set security nat source rule-set rs1 to zone WAN
set security nat source rule-set rs1 rule r1 match source-address 0.0.0.0/0
set security nat source rule-set rs1 rule r1 match destination-address 0.0.0.0/0
set security nat source rule-set rs1 rule r1 then source-nat interface

Port forwarding if required
set security nat destination rule-set InBoundAccess from zone WAN
set security nat destination rule-set InBoundAccess rule r1 match destination-address 0.0.0.0/0
set security nat destination rule-set InBoundAccess rule r1 match destination-port 8443
set security nat destination rule-set InBoundAccess rule r1 then destination-nat pool dst-nat-pool-1
#
set security policies from-zone WAN to-zone LocalLan policy server-access match source-address any
set security policies from-zone WAN to-zone LocalLan policy server-access match destination-address xxx
set security policies from-zone WAN to-zone LocalLan policy server-access match destination-address xxx
set security policies from-zone WAN to-zone LocalLan policy server-access match application TCP_8443
set security policies from-zone WAN to-zone LocalLan policy server-access then permit

Comments

DDRcomputing	Search this site