Packet capture oddness

PeterUK
PeterUK Posts: 1,591
50 Answers 1000 Comments Friend Collector Fifth Anniversary
 Guru Member
edited August 2021 in Security

USG60W V4.65

This may only happen on USG40/W and USG60/W has not seen it on the Zywall 110

So I was trying (and got working) to setup a wireless printer over different subnets use NAT and routeing SNAT and as I was doing a packet capture for LAN1 on the USG I saw some thing impossible as I was adding the printer from 192.168.255.250 to 192.168.255.240 (a virtual interface) which would NAT to 192.168.254.132 and SNAT from 192.168.254.129.

https://us.v-cdn.net/6029482/uploads/editor/pz/zuwayf2fy3vr.png


If you look at the TCP port 80 you can see the SYN from 192.168.254.129 to printer 192.168.254.132 OK but the SYN, ACK from printer to 192.168.255.250! well thats impossible the printer does not know about 192.168.255.250 and the fact that the SYN, ACK should send back to 192.168.254.129.

So the only conclusion is the USG when receiving packets is doing the routing SNAT and NAT first then a packet capture.


All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 737
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 500 Comments
     Guru Member
    edited August 2021
    Hi @PeterUK

    Could you share your configuration file?
    You can private message configuration file to us.

Security Highlight