NAT rule structure for PPPoE pass-through connection?
Freshman Member
I've used Zyxel routers/firewalls for 20+ years and still when I go to a new model this seems to cause problems!
USG Flex 100 H with dual WAN.
WAN1 (P1) is a Zen full fibre connection, which uses PPPoEpass-through to connect, so has a child PPP1 i/f object
WAN2 (P2) is a Virgin cable connection. The Business Hub doesn't support modem mode so WAN2 is in a private subnet of the hub, but is mapped as a DMZ target so all traffic hits it unfiltered.
I'm trying to allow access to internal services via either WAN i/f
Security Policy is configured for WAN > LAN, with appropriate host and port restrictions.
NAT rule for WAN2 (ge2) allows the connection straight through as it should.
NAT rule for WAN1 (ge1 OR ppp1) configured the same causes the packet to be dropped with a "Match default rule DNAT Packet, DROP" in the event log.
I've obviously missed something, and have gone through all the options I've previously had to use with Prestige, USG, NSG and other models to no avail.
Both WAN interfaces are up and carrying traffic.
What have I missed?
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 169 Nebula Ideas
- 113 Nebula Status and Incidents
- 6K Security
- 382 USG FLEX H Series
- 294 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.7K Consumer Product
- 267 Service & License
- 412 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
