Having some issues with a Port Forward

2»

All Replies

  • rudolfb
    rudolfb Posts: 1
    Every tutorial I have seen tells you to use wan1 as the incoming interface value for the NAT. In our case we had to use wan1_ppp as the incoming source, and then everything works as expected. In the Dashboard you will see the Interface Status Summary, and see the wan1 with a small plus sign. Open the tree list object, and use that object that is associated with the external IP address of the router as the incoming interface of the NAT.




    NAT

    • Incoming interface: wan1_ppp
    • Source IP: any
    • External IP: WAN_IP (an ip address object pointing to INTERFACE IP wan1)
    • Internal IP: an ip address object of type HOST to the internal IP that the NAT is to be routed to
    • Port Mapping Type: Port
    • Protocol: any
    • External port_ 38080
    • Internal Port: 38080



    Security Policy 1 Allow

    • From: WAN
    • To: LAN1
    • Source: a group ip object for the allowed fixed IP addresses that can use this policy
    • Destination: an ip address object of type HOST to the internal IP that the NAT is to be routed to
    • Service: a service object that identifies the port that will be routed
    • Action: allow



    Security Policy 2 Deny

    • From: WAN
    • To: LAN1
    • Source: any
    • Destination: any
    • Service: a service object that identifies the port that will be routed
    • Action: deny



    The first policy will only allow a NAT from the allowed source IP addresses

    The second policy, which must be after the first object in the policy list, will explicitly deny any access to the port from a non-allowed IP address.

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @rudolfb
    Thanks for share your experience on it.  B)

Security Highlight