I am trying to punch a hole through the Juniper to allow access to a rasperry pi web camera running on a DHCP IP address and on port 8081. This is what I tried:
set security zones security-zone trust address-book address rCam 10.203.0.42/32
set applications application CAM-DNAT protocol tcp
set applications application CAM-DNAT destination-port 8081
set security nat destination pool dnat-10_230_0_42m32 address 10.203.0.42/32
set security nat destination pool dnat-10_230_0_42m32 address port 8081
set security nat destination rule-set dst-nat from zone untrust
set security nat destination rule-set dst-nat rule rule1 match destination-address x.x.x.x
set security nat destination rule-set dst-nat rule rule1 match destination-port 8081
set security nat destination rule-set dst-nat rule rule1 then destination-nat pool dnat-10_230_0_42m32
set security policies from-zone untrust to-zone trust policy untrust-to-trust1 match source-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust1 match destination-address rCam
set security policies from-zone untrust to-zone trust policy untrust-to-trust1 match application CAM-DNAT
set security policies from-zone untrust to-zone trust policy untrust-to-trust1 then permit```
x.x.x.x is the external address of the Juniper and 10.203.0.42 is the DHCP address of the raspberry pi. If I am on the LAN, I can access the camera's display at 10.203.0.42:8081 but outside the LAN I cannot connect to x.x.x.x:8081. If it matters, this is a CenturyLink gigabit with their Juniper hardware, but I have admin access to it.
