/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .footer { background: #545454; color: #cdcdcd; font-size: 14px; line-height: 1.5; padding: 18px 0; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer a { color: #cdcdcd; text-decoration: none; } .footer a:hover { color: #cdcdcd; text-decoration: none; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-col { padding: 0 3px; } .footer-col-copyRight { justify-content: flex-start; } .footer-col-logo { justify-content: flex-end; } .footer-col-logo a { margin-right: 10px; } .footer-col-copyRight, .footer-col-logo { flex: 1; display: flex; } .logo { width: 120px; height: 28px; opacity: 0.6; } @media screen and (max-width: 768px) { .footer-row { display: block; } .footer-col { width: 100%; text-align: center; margin: 6px 0; } .footer-col:first-child { margin-top: 0; } .footer-col:last-child { margin-bottom: 0; } .footer-col-copyRight, .footer-col-logo { justify-content: center; } .logo { margin: 0 auto; } } /*# sourceMappingURL=styles.css.map */ <iframe src="https://www.googletagmanager.com/ns.html?id=GTM-KSB6LQH" height="0" width="0" style="display:none;visibility:hidden"></iframe>

Unable to browse websites hosted on my LAN

Hector

Hector Posts: 3

First Comment

April 2019 edited April 2021 in Security

My previous USG 20 died and I upgraded to a Zywall 110. I'm hosting several websites on my LAN. I'm using an Apache web server reverse proxy to specific domains to different servers in my LAN. All it's doing is forwarding port 80 to port 8080 on Heracles. I already changed the firewall's port to 8081. This all worked fine on my USG 20.

The 110 has the new (to me) Security Policy Control. I've tried several permutations, but I can't seem to get the right rule to let me see the hosted sites from inside my LAN.

Here are the NAT rules:

Image: https://us.v-cdn.net/6029482/uploads/editor/do/xubeojtkukuc.png

Here are the policy rules:

Image: https://us.v-cdn.net/6029482/uploads/editor/33/tl7cwnwsupq1.png

I tried about 26 or 27 different permutations of the SERVER_REVERSE_PROXY rule with no luck. The websites work fine from the WAN.

Thanks in advance!

0

Accepted Solution

Zyxel_Stanley Posts: 1,299

Zyxel Employee

April 2019 Answer ✓

Hi @Hector

The reason is because NAT loopback function did not enabled.

Due to you access to server from LAN side, so NAT loopback function is required.

It’s happy to know we found the reason of it.

1

All Replies

Zyxel_Stanley Posts: 1,299

Zyxel Employee

April 2019

Hi @Hector

The service port (destination port) on your policy control rule should be 8080 port but not 80.

You can change it as 8080 and try it again.

Also you can reference to FAQ according port forwarding guide.

0
Hector Posts: 3

April 2019

I changed the policy control rule as you suggested like so:

I'm still unable to browse websites from my LAN. The new Email_IMAP rule is working as I expected. This one is so strange!

Any other ideas?

0
Zyxel_Stanley Posts: 1,299

Zyxel Employee

April 2019

Hi @Hector

It’s strange situation, due to your mail server is working correctly.

I will send you private message for check this situation more details.

0
PeterUK Posts: 2,240

Guru Member

April 2019 edited April 2019

You could try IPv4 to any and see if that works
Are you using the newest firmware?

0
Hector Posts: 3

April 2019

Both NAT and Security Control rules are IPV4.

I'm using firmware version V4.33(AAAA.0). As far as I can tell, that the latest for Zywall 110.

0
PeterUK Posts: 2,240

Guru Member

April 2019

Looking at your screenshots you cannot have “Enable NAT Loopback” setting enabled with “External IP” set to “any”.

Make a address rule with type “INTERFACE IP” for “wan1” and set that for “External IP” and check “Enable NAT Loopback”.

0

Security Highlight

Security Help Center

Monthly Express

Threat Intelligence

Video Tutorials

EnglishTiếng ViệtРусскийไทย中文（台灣）

/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .footer { background: #545454; color: #cdcdcd; font-size: 14px; line-height: 1.5; padding: 18px 0; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer a { color: #cdcdcd; text-decoration: none; } .footer a:hover { color: #cdcdcd; text-decoration: none; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-col { padding: 0 3px; } .footer-col-copyRight { justify-content: flex-start; } .footer-col-logo { justify-content: flex-end; } .footer-col-logo a { margin-right: 10px; } .footer-col-copyRight, .footer-col-logo { flex: 1; display: flex; } .logo { width: 120px; height: 28px; opacity: 0.6; } @media screen and (max-width: 768px) { .footer-row { display: block; } .footer-col { width: 100%; text-align: center; margin: 6px 0; } .footer-col:first-child { margin-top: 0; } .footer-col:last-child { margin-bottom: 0; } .footer-col-copyRight, .footer-col-logo { justify-content: center; } .logo { margin: 0 auto; } } /*# sourceMappingURL=styles.css.map */