V4.32 NAT port 80 and 443 not allowed
All Replies
-
Just to bring that back its still a iusse with on frimware V4.33(AAAA.0)ITS-WK19-r88384
This is when connecting to LAN1 so it should not conflict
2 -
Hi @PeterUK
My test procedure as below,
-USG OPT interface ip is 10.214.48.21
-opt_ip is 10.214.48.21
-opt_ip_2 is 10.214.48.22
The NAT rule will check if that external IP is conflict with interface IP
1) External IP is another IP => No error, because it’s different IP
2) External IP is same as OPT interface IP => Show error, user cannot click “OK” to save this rule. It’s expected behavior assume it’s same IP.
Is the device address object “OPTIP” same as interface IP?
0 -
But what if you have one WAN IP for years the USG/ZyWALL have been able to have port 80 or 443 from external to LAN IP with the GUI on ports 80 and 443 with no conflict when connecting to the GUI from LAN. Thats the point am making.
1 -
Hi @PeterUK
In the case, it will not have waring message if the rule was exist before firmware updating to V4.33WK19.
However, if you delete the original NAT rule(port 80,443) and add it back, the waring message will still show up
0 -
So in the next firmware will we be able to have ports 80 and 443 from external to a LAN IP and have them ports for the GUI?
0 -
Hi @PeterUK ,
If there’s port confliction. The device is not allowed to add this setting. You can change the device’s HTTP/HTTPS port to different ones (ex. 80 to 8080, 443 to 4433) so that the NAT virtual server on port 80/443 won’t be rejected then.
WWW port setting at "CONFIGURATION > System > WWW > Service Control"
0 -
Their no conflict! For years! Years!! I and everyone has been able to the have ports 80 and 443 from external to a LAN IP and have them ports for the GUI on ONE WAN IP. Yes I get doing that means you can't get to the GUI from external BUT it does not matter as you can get to the GUI from internal.
So to that end why not add a check box override or even a check how the GUI is being accessed (a smarter check) to know the user can still log in after the rule.
The good thing that you can do is edit the config to force the change.
0 -
Hi @PeterUK
Thanks for the suggestion, I would like to move this topic to ideal section.
Feel free to add comment here.
https://businessforum.zyxel.com/discussion/2932/v4-32-nat-port-80-and-443-not-allowed#latest
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight