NAT to SNAT broken in 4.35(AAAA.3)
Guru Member
Not sure how far back this goes but V4.35(AAAA.0)ITS-WK46-r90773 works fine.
Heres the setup
ZyWALL 110
OPT WAN IP
LAN2 192.168.138.1\255.255.255.240
SERVER PC connected to LAN2 with 192.168.138.2 (no gateway set)
NAT rule
routing SNAT rule
So what should happen when working is:
80.0.253.70 > WAN IP:25 > NAT and routeing SNAT > 192.168.138.1 > 192.168.138.2:25
traffic back to sender
192.168.138.2:25 > 192.168.138.1 > NAT and routeing SNAT >WAN IP:25 >80.0.253.70
Comments
-
Ok after doing some reboots the issue happens with V4.35(AAAA.0)ITS-WK46-r90773 and I have found that its trying to go out of VLAN443 with WAN IP to target IP I think this has same thing to do with this issue.
https://businessforum.zyxel.com/discussion/3047/ping-request-gose-in-on-opt-the-reply-out-vlan443/p1
even with the rules its broken
https://businessforum.zyxel.com/discussion/comment/9552/#Comment_9552
But the workaround of set to SYSTEM_DEFAULT_WAN_TRUNK then back to my vlan443andopt trunk works.
0 -
So after many reboots and switching between firmwares I can't re-create the issue maybe caused be incoming packets hitting the Zywall when booting up but thats a guess.
0 -
Hi @PeterUK
This symptom we do not met on V4.35(AAAA.0)ITS-WK46-r90773.
Can you share your configuration and topology for us?
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
like I say a I can't re-create the issue if it happen again by upgrading the firmware I update this post.
0 -
So its happened again on a reboot on V4.38(AAAA.0) and I leave it for a bit but likely a reboot will fix it or the workaround I said above.
So here is whats going on when the problem happens for both SMTP and DNS.
OPT
LAN2 it then correctly sends by NAT to SNAT from 192.168.138.1 to 192.168.138.2
VLAN443 and for some reason it does not go out OPT but out VLAN443
0 -
0 -
Hi @PeterUK
I would like to know if it happens every time the firmware upgrade is done.Or it only happened on the specific firmware upgrade?
Can you share with us which firmware do you upgrade from?
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
This time it did not happen when I did a upgrade it happened just when doing a reboot of V4.38(AAAA.0) and it does not happen all the time.
0 -
Hi @PeterUK
I’ve tried to set up the configuration you provided for us, however the symptom do not happened after reboot device many times,
Can you share the remote access via private message to us when the symptoms occurred?
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
Like I said its a hard bug to happen and does not happen all the time.
The ZyWALL 110 is not something I what for you to remote access too but if I want this fixed I guess I have no choice.
luckily I have not rebooted or done the workaround to fix the issue.0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.6K Security
- 240 USG FLEX H Series
- 268 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 385 News and Release
- 83 Security Advisories
- 28 Education Center
- 9 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 72 Security Highlight
