USG FLEX 100 and NXC2500 Port Forwarding

shortl
shortl Posts: 9
First Comment Friend Collector Second Anniversary
edited April 2021 in Security
hello everybody,

maybe someone can help me with my problem:

I need to configure a port forwarding rule for one wired computer on left side (office-pc)

Office PC IP-Address: 192.168.1.101 and port 4712 incoming needed

how do i pass this port through usg-flex-100 and nxc2500 to office-pc?

wan-ip is static on usg-flex-100 >> goes to lan2 172.20.0.1 >> to nxc2500 goes to port 2 192.168.1.xxx

i've tried with nat / snat on usg-flex-100 and also on nxc2500 but i've not come to a working solution...

is this solvable? or do i need a network redesign?

regards, shortl

Comments

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    25 Answers First Comment Friend Collector

    Hi @shortl,

     

    Can you please configure as following;

     

    1 – Create address object for your wan1 IP and Office-PC;



    2- Add NAT under Configuration > Network > NAT



    3- Add Policy Control rule under Configuration > Security Policy > Policy Control



    Here’s similar topic, please take as reference;

    https://community.zyxel.com/en/discussion/1448/how-to-setup-port-forwarding-to-my-internal-rdp-pc#latest

     

    Best regards.


  • shortl
    shortl Posts: 9
    First Comment Friend Collector Second Anniversary
    hi zyxel_can

    thx for your advice, but maybe my visio was not precise enough:

    regarding to your help >> pls take a look

    lan1 interface on usg is not connected to any switch or computer, lan1 interface was only for test purpose, so pls ignore

    whole traffic (computers, wlan-ap....) goes through lan2 interface on usg

    so office-pc is connected to switches and the main switch uplink goes to nxc2500 (cause of captive portal redirect on controller for mobile clients)

    from nxc2500 to usg via one wire via interface ge1 on nxc2500 to interface lan2 on usg

    i think your screenshots are taken from usg settings, right?

    do i also need to make some nat-rules on nxc2500?

    i've also activated firewall on nxc2500, some rules more needed?

    regards, shortl
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    25 Answers First Comment Friend Collector
    edited March 2021
    Hi @shortl,

    In that case you will need 2 NAT settings;

    1- NAT 1 : [In USG FLEX 100] from wan_IP:Port 4712 to : 172.20.0.X (NXC's IP Address):4712

    2- NAT 2 : [In NXC2500] from 172.20.0.X (NXC's IP Address):4712 to 192.168.1.101:4712

    Best regards.
  • shortl
    shortl Posts: 9
    First Comment Friend Collector Second Anniversary
    thx man, that was the trick, all working now

    regards

Security Highlight