NAT Loopback not working if network is not directly connected to ZyWall 110

Options
IlyaTaskaev
IlyaTaskaev Posts: 5
First Comment
edited April 2021 in Security
Network scheme listed below:



1:1 NAT

Task: Ping Server from the local network (172.19.1.30) by Public IP: 99.99.99.99.



Internet is working, 

When I ping it from my Laptop I got "Request timed out" error.

Source IP: 172.19.1.30
Dest IP:  99.99.99.99

Policy rules added with maximum rights allowed from anywhere to the server IP 172.19.0.21.

I tried packet capture on 172.19.0.21 server, and I see packets from my laptop, but it comes from 172.19.99.2 IP, therefore NAT is working:



Seems ZyWall does not revert back the original source IP address (172.19.1.30) to the packet and not resend it back to my Laptop according to static route? Is this design restrictions?

When I ping it from HP router ping is successful.

For any directly connected to ZyWall network, it works perfectly, but for Network, which needs to be routed it doesn't work.

Accepted Solution

  • IlyaTaskaev
    IlyaTaskaev Posts: 5
    First Comment
    Answer ✓
    Options
    Hey, this little boi resolves the issue

    Now it works perfectly, thank you for the suggestion to update firmware. 

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2019
    Options

    Hi @IlyaTaskaev

    Which firmware is working on your ZyWALL110?

    Can you capture the ICMP packets on interface 172.19.99.2?

  • IlyaTaskaev
    IlyaTaskaev Posts: 5
    First Comment
    edited May 2019
    Options
    Stanley, thank you for your reply!

    >Can you capture the ICMP packets on interface 172.19.99.2?
    I think ZyWall have the ability to capture traffic, I need to try it.

    My Firmware Version: V4.20(AAAA.2) / 2016-11-22 19:04:14, not latest, but, do you think it can affect NAT?

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2019
    Options

    Hi @IlyaTaskaev

    We have fixed similar issue in official firmware.

    Can you upgrade to 4.33 firmware first and try it again?

    Avoids configuration issue in upgrading process, you can forward your configuration to me by private message. I can help to verify it first,
  • IlyaTaskaev
    Options
    We need to plan downtime to do it, thank you again, I will update this thread as soon as we update firmware 
  • IlyaTaskaev
    Options
    Hi! 

    I have updated my ZyWall to the latest firmware:

    System Name:zywall-110 
    Model Name:ZyWALL 110 
    Serial Number:S152L51400338 
    MAC Address Range:04:BF:6D:1A:29:CD ~ 04:BF:6D:1A:29:D3 
    Firmware Version:V4.33(AAAA.0) / 2019-01-09 09:37:31

    The issue is still here, updating firmware not helped me.

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2019
    Options

    Hi @IlyaTaskaev

    I will send private message to you for check this issue more details.

  • IlyaTaskaev
    IlyaTaskaev Posts: 5
    First Comment
    Answer ✓
    Options
    Hey, this little boi resolves the issue

    Now it works perfectly, thank you for the suggestion to update firmware. 
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @IlyaTaskaev
    It's good to know your issue has resolved. :+1:

Security Highlight