Packet capture oddness

PeterUK
PeterUK Posts: 3,326  Guru Member
100 Answers 2500 Comments Friend Collector Seventh Anniversary
edited August 2021 in Security

USG60W V4.65

This may only happen on USG40/W and USG60/W has not seen it on the Zywall 110

So I was trying (and got working) to setup a wireless printer over different subnets use NAT and routeing SNAT and as I was doing a packet capture for LAN1 on the USG I saw some thing impossible as I was adding the printer from 192.168.255.250 to 192.168.255.240 (a virtual interface) which would NAT to 192.168.254.132 and SNAT from 192.168.254.129.

https://us.v-cdn.net/6029482/uploads/editor/pz/zuwayf2fy3vr.png


If you look at the TCP port 80 you can see the SYN from 192.168.254.129 to printer 192.168.254.132 OK but the SYN, ACK from printer to 192.168.255.250! well thats impossible the printer does not know about 192.168.255.250 and the fact that the SYN, ACK should send back to 192.168.254.129.

So the only conclusion is the USG when receiving packets is doing the routing SNAT and NAT first then a packet capture.


All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,271  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
    edited August 2021
    Hi @PeterUK

    Could you share your configuration file?
    You can private message configuration file to us.

    Engage in the Community, become an MVP, and win exclusive prizes!

Security Highlight