Issue with virtual server / NAT when using multiple public static IPs
Background:
Our ISP provides us a WAN connection with 5 (consecutive) static IPs.
When I try to add a NAT rule as follows, I get the error listed below. I am unable to figure out where the problem is. I'm using a Zywall 1100.
Mapping Type: Virtual Server
Interface: ge1
External IP: <static_ip_4>
Internal IP: <server_ip>
Service: https
Error: The port is conflicting with a port of zyxel device. Please fill-in a different port number or change the service port to a different one.
What I tried:
In system->www, added an admin service control to deny all addresses of WAN zone to access the admin page (forced admin users to go through VPN).
I remember this method worked in the previous versions, but am having issues in the latest version (for some reason, the device suddenly froze and reset to factory default after I updated the SSL certificate and am now having to restore all settings back. It refuses to restore the settings from my backup and so am doing it manually).
Our ISP provides us a WAN connection with 5 (consecutive) static IPs.
When I try to add a NAT rule as follows, I get the error listed below. I am unable to figure out where the problem is. I'm using a Zywall 1100.
Mapping Type: Virtual Server
Interface: ge1
External IP: <static_ip_4>
Internal IP: <server_ip>
Service: https
Error: The port is conflicting with a port of zyxel device. Please fill-in a different port number or change the service port to a different one.
What I tried:
In system->www, added an admin service control to deny all addresses of WAN zone to access the admin page (forced admin users to go through VPN).
I remember this method worked in the previous versions, but am having issues in the latest version (for some reason, the device suddenly froze and reset to factory default after I updated the SSL certificate and am now having to restore all settings back. It refuses to restore the settings from my backup and so am doing it manually).
0
All Replies
-
I was able to add it via CLI. Still don't understand why I cannot add it via GUI/Web interface though. So, leaving this thread open in case someone can explain.
The CLI command I used was:
configure terminal
ip virtual-server <rule_name> interface wan1 original-ip WAN4 map-to <server_host_ip_object> map-type port protocol tcp original-port 443 mapped-port 443 nat-loopback
0 -
Same issue here
https://businessforum.zyxel.com/discussion/1678/v4-32-nat-port-80-and-443-not-allowed
Its to stop people making a rule that locks you out of the GUI which I think was a bad move but as you have done you have worked around it if you now check your NAT rule in the GUI you will see a warning on the port.
What your meant to do is change the GUI ports but you shouldn't have too.
Their is said to be a update for checking where you login in from so that you can NAT them ports without locking you out the GUI.
0 -
The https already be used by Unit, so you cannot configure the https service on NAT rule.
Therefore, just modify the port number of accessing GUI on WWW page first.0 -
Nope you don't have too you can config the NAT to use 80 and 443 if you know what your doing without conflict.
0 -
@PeterUK @OneZyUser
Regarding to this case,
The solution will be included in next patch firmware released by the end of Feb.
@OneZyUser
For the device's freeze issue,
can I know what firmware version did you use? and the certificate you upload which you generated by yourself?
I will private message you for details.
Charlie
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight