兄弟们帮忙看看我的Juniper25配置文件，无法做端口映射！

thatday

防火墙下面用代理服务器给内网提供上网服务．现在要在防火墙上将ＷＥＢ和ＭＡＩＬ服务影射到内网．
以下是我的配置文件，第一次接触，请大家多指教！
set clock timezone 8
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set service "HTTP" timeout 5
set service "ras1" protocol tcp src-port 3389-3389 dst-port 3389-3389
set service "ras1" + udp src-port 3389-3389 dst-port 3389-3389
set service "ras1" timeout never
set service "ras2" protocol tcp src-port 4660-4660 dst-port 4660-4660
set service "ras2" + udp src-port 4660-4660 dst-port 4660-4660
set service "ras2" timeout never
set service "jk01" protocol tcp src-port 8080-8080 dst-port 8080-8080
set service "jk01" + udp src-port 8080-8080 dst-port 8080-8080
set service "jk01" timeout never
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nEqYOZruLciGcuHNUs1GCHKtNqIl4n"
set admin port 7980
set admin scs password disable username netscreen
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "DMZ"
set interface "ethernet3" zone "Untrust"
unset interface vlan1 ip
set interface ethernet1 ip 192.168.0.7/24
set interface ethernet1 nat
set interface ethernet2 ip 192.168.10.1/24
set interface ethernet2 route
set interface ethernet3 ip 59.139.44.44/29
set interface ethernet3 route
set interface ethernet1 mtu 1500
set interface ethernet2 mtu 1500
set interface ethernet3 mtu 1500
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet2 manage-ip 192.168.10.2
set interface ethernet3 manage-ip 59.139.44.42
set interface ethernet1 ip manageable
set interface ethernet2 ip manageable
set interface ethernet3 ip manageable
set interface ethernet3 manage ssh
set interface ethernet3 manage telnet
set interface ethernet3 manage web
set interface ethernet3 vip untrust 25 "MAIL" 192.168.0.1 manual
set interface ethernet3 vip untrust 80 "HTTP" 192.168.0.230
set interface ethernet3 vip untrust 110 "POP3" 192.168.0.1 manual
unset flow no-tcp-seq-check
set flow tcp-syn-check
set hostname ns25
set dns host dns1 202.96.134.133
set dns host dns2 202.96.128.143
set address "Trust" "1" 192.168.0.1 255.255.255.255
set address "Trust" "118" 192.168.0.118 255.255.255.255
set address "Trust" "16" 192.168.0.16 255.255.255.255
set address "Trust" "219" 192.168.0.219 255.255.255.255
set address "Trust" "230" 192.168.0.230 255.255.255.255
set address "Trust" "25" 192.168.0.25 255.255.255.255
set address "Untrust" "MailServer" 192.168.0.1 255.255.255.255
set address "Untrust" "WebServer" 192.168.0.230 255.255.255.255
set address "DMZ" "192.168.10.6/32" 192.168.10.6 255.255.255.255
set ike respond-bad-spi 1
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set group address "Trust" "10shangwang"
set group address "Trust" "10shangwang" add "1"
set group address "Trust" "10shangwang" add "118"
set group address "Trust" "10shangwang" add "16"
set group address "Trust" "10shangwang" add "219"
set group address "Trust" "10shangwang" add "230"
set group address "Trust" "10shangwang" add "25"
set group address "Untrust" "kevinservice"
set group address "Untrust" "kevinservice" add "MailServer"
set group address "Untrust" "kevinservice" add "WebServer"
set group service "pop3smtp"
set group service "pop3smtp" add "HTTP"
set group service "pop3smtp" add "POP3"
set group service "pop3smtp" add "SMTP"
set url protocol sc-cpa
exit
set policy id 1 name "1" from "Trust" to "Untrust"  "Any" "Any" "ANY" permit log
set policy id 1
exit
set policy id 2 from "Untrust" to "Global"  "Any" "VIP(ethernet3)" "ANY" permit log
set policy id 2
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set ssh enable
set config lock timeout 5
set dl-buf size 4718592
set ntp server "0.0.0.0"
set ntp server backup1 "0.0.0.0"
set ntp server backup2 "0.0.0.0"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route  0.0.0.0/0 interface ethernet3 gateway 59.139.44.41 preference 20
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit

ssffzz1

进WEB界面去搞。
命令行的俺也不熟悉哦。

thatday

我在web界面下也搞了一天了，还是没进展．哎！

ssffzz1

你到杜松之家 看看，前期他们老来做广告让我给T走了。
JUNIPER那里还是比较好一点的。另外手册我倒是有，基本就没看过。

thatday

我现在邮件倒是映射到内网了，但ＷＥＢ还不行，规则我是一起做的呀．
哎．这个破墙，那啥ＢＩＰ，ＶＩＰ反正很多ＩＰ，还是ＬＩＮＵＸ直观．