Having some issues with a Port Forward

rudolfb · March 2022

Every tutorial I have seen tells you to use wan1 as the incoming interface value for the NAT. In our case we had to use wan1_ppp as the incoming source, and then everything works as expected. In the Dashboard you will see the Interface Status Summary, and see the wan1 with a small plus sign. Open the tree list object, and use that object that is associated with the external IP address of the router as the incoming interface of the NAT.

Image: https://us.v-cdn.net/6029482/uploads/editor/kf/etqox077r5xv.jpg

NAT

Incoming interface: wan1_ppp
Source IP: any
External IP: WAN_IP (an ip address object pointing to INTERFACE IP wan1)
Internal IP: an ip address object of type HOST to the internal IP that the NAT is to be routed to
Port Mapping Type: Port
Protocol: any
External port_ 38080
Internal Port: 38080

Image: https://us.v-cdn.net/6029482/uploads/editor/tz/6czo8fnip22q.jpg

Security Policy 1 Allow

From: WAN
To: LAN1
Source: a group ip object for the allowed fixed IP addresses that can use this policy
Destination: an ip address object of type HOST to the internal IP that the NAT is to be routed to
Service: a service object that identifies the port that will be routed
Action: allow

Image: https://us.v-cdn.net/6029482/uploads/editor/25/8v5ubdsyo23i.jpg

Security Policy 2 Deny

From: WAN
To: LAN1
Source: any
Destination: any
Service: a service object that identifies the port that will be routed
Action: deny

Image: https://us.v-cdn.net/6029482/uploads/editor/xr/jrl21wcqpais.jpg

The first policy will only allow a NAT from the allowed source IP addresses

The second policy, which must be after the first object in the policy list, will explicitly deny any access to the port from a non-allowed IP address.

Zyxel_Stanley · March 2022

Hi @rudolfb
Thanks for share your experience on it.

Having some issues with a Port Forward

All Replies

NAT

Security Policy 1 Allow

Security Policy 2 Deny

Categories

Security Highlight

Security Help Center