USG FLEX 50 Struggling w. virtual server publishing

MichaD68

Dear all,
I´m struggling with publishing virtual server from my internal LAN to the internet. Here´s my configuration:
WAN1 is connected to a Starlink Gen3 Router with Ethernet cable. As my Starlink service contract doesn´t support public IP, I´m using a second internet Service (DSL) which is connected to the OPT Port and configured as a PPPoE connection. OPT Port and PPPoE interface has been added to the WAN zone.

Both services running well with outgoing internet traffic!
The PPPoE connection is configured to report the dynamic IP adress to DYNDNS service, so the external router interface is accessable from the public internet.

I did setup to publish my internal webserver with the NAT USG configuration. Port 80 from the webserver is translated to an different external port because finaly I want to publish a second server as well.

I also did setup a firewall rule to open port 80 for the IP adress of my internal webserver.

The USG LOG shows me that external requests on the PPPoE Interface will be forwarded to my internal webserver on Port 80 (…firewall rule…access forward) but I´m not able to get connected to the webserver with a device (browser) from the internet.

I already captured the packages and the wireshark showed me that the packages comming from my external devices IP adress arrived at the internal webserver and the webserver packages adressed to the corresponding dst mac address looks also pretty good to me…?!?

It really drives me crazy and I have no ideea what else to try…

Is there anybody with some recommendations??

with kind regards

Michael

Zyxel_Tina

Hi @MichaD68,

Welcome to Zyxel Community!

To assist with reviewing and troubleshooting the virtual server (port forwarding) configuration, we recommend referring to the following articles. Please note that although some of the screenshots may appear outdated, the core configuration principles remain the same and can still serve as useful references:

(Standalone mode)

• How to setup port forwarding to my internal RDP PC? — Zyxel Community
• Why is the Virtual Server or 1:1 NAT configuration correct, but the NAT still cannot work? — Zyxel Community

(Nebula cloud-managed)

• [ATP/FLEX] How to configure a NAT Rule (Virtual Server) on Nebula? — Zyxel Community

If these resources don’t resolve the issue, we’d be happy to help investigate further. Please send us the following via private message so we can better understand your current setup:

• Diagnostic info file of your USG FLEX 50. Please refer to the following FAQs for instructions on how to collect the diagnostic file in different management mode.
  • [ATP/FLEX] How to collect diagnostic file on Firewall Local WEB GUI? — Zyxel Community
  • [ATP/FLEX] How to collect diagnostic file on Nebula Firewall Local WEB GUI? — Zyxel Community
• Wireshark packet capture (with a brief note on where the capture was taken — e.g., remote client, USG FLEX 50, or the web server)