USG40 - Port forwarding problems
Hi,
I’m facing some issues setting port forwarding to internal NAS with USG40.
My configuration is:
INTERNET --> ISP ROUTER 192.168.0.1 -- USG40 192.168.0.253, DHCP/GATEWAY 192.168.1.1 to internal LAN1 range 192.168.1.xx-192168.1.yy
This is what I’ve done:
1 -set up an object for the internal HOST assigning its internal address: 192.168.1.200
2-NAT with:
Port Mapping Rule: Virtual Server
Incoming Interface: Wan 1
Original IP: User Defined —> Public IP Address
Mapped IP: internal NAS IP
Port Mapping Type: Port —>TCP —> Original 8080, Mapped 8080
NAT Loopback enabled
3-Policy Control rule:
From: WAN
To: LAN1
Source: Any
Destination: internal NAS IP
Service: TCP protocol, Starting/Ending port 8080.
But, when I try to access port 8080 from an external location I cannot access and if I test it with a port checker it says that it’s closed or filtered. Also, I I read USG’s log I can see that at any attempt to connect a “Match default rule, DROP error occurs with ACCESS BLOCK message.
What I’m doing wrong? I cannot understand. The only thing is that I suppose could interfere is a NAT rule I set up for L2TP VPN with 1:1 NAT mapping type using wan1 as Interface, original IP our public IP address and as Mapped IP USG’s 192.168.0.253 IP with any Protocol selected.
Could you help me, please?
Thank you
Regards
Comments
-
Are you able to put your ISP router in modem mode or bridge mode? or double NAT by DMZ to 192.168.0.253 by your ISP router you then need Original IP: User Defined 192.168.0.253.
1 -
Hi @kaika313,
“Match default rule, DROP”, can you try to disable security policy rule temporarily for testing.(Configuration > Security Policy > Policy Control > “Enable policy control”)
If it is okay to connect the NAS by disable USG security policy, then we can focus on security policy configuration.
0 -
Hi @Zyxel_Cooldia, I've disabled it but the only difference is that instead of waiting some seconds to give me error this time negative response (the same) is immediate.0
-
0
-
Hi @kaika313,
From the configuration file, the NAT rule “Original IP” should be USG wan interface IP, instead of upper layer router public IP.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight