-----> pictured guide from the manufacturer - much better than on this site!

Juniper Netscreen 5GT Howto guide on port forwarding

After struggling with this and finding no info on the net I called juniper to get port forwarding straight and now I am sharing with you.

My setup is very straight forward and simple, I have a "Juniper Netscreen 5GT" and my eMule and Torrent apps are running on 192.168.0.8 and the 5GT is 192.168.0.1 and it is running in trust-untrust mode.


login to your netscreen

go to:  Objects > Services > Custom

Click new

And create custom service and list all ports you will have to use for bit torrent

Name this: bit torrent OR take a other descriptive name

TCP src port: 1-65535, dst port: 56969-56969
TCP src port: 1-65535, dst port: 56881-56881
UDP src port: 1-65535, dst port: 56881-56881
TCP src port: 1-65535, dst port: 6885-6892
UDP src port: 1-65535, dst port: 6885-6892

Hit OK

then go to network > interfaces > and then edit adsl1

then VIP > press "new VIP service"

virtual ip; (your outside ip that is assigned automatically by your ISP, this should be filled in automatically)

map to service; ( pick the custom service that you just made, bit torrent)


map to IP; (the box that you are running your service on, mine is 192.168.0.8)

hit OK


then go to

wizards > policy

pick
untrust to trust then next

Destination Address:

pick VIP(untrust) under address book

next

service

pick the service that you defined in the custom section

action permit

next

enable nat- don’t do anything here just click next

enable logging check that off and Enable count of traffic passed via the policy (this is so you can check to see the traffic- turn this off after you are happy with everything and it is all working)

next

Authentication Options

click none

next

Schedule:

none

next

finish


** The next step must be done. Whitout this forwarding will not work! **

You have to telnet into the netscreen:


in windows go to start > run > then type in:
telnet 192.168.0.1 (Where 192.168.0.1 is the address of YOUR 5gt)

then enter in the user name and password

and then type this command:

set vip multi-port

then it will return you to:

ns5gt->

then type:


reset

then type:

y

and again:


y

In reset ...

close the black box.


and you are good to go, in a couple of minutes! It will take 3-5 minutes for everything to start working. Fire up the apps and then log in to the 5gt and go reports > policies > and click on the grid thing to see the traffic. If this is not working after 10-15 mins try the telnet commands again and if still not working update firmware and clear all policies, VIP’s, and custom services.