Multiple public ip addresses used in source NAT, in a ZyWall usg2000, how does it actually work
However, the information on how this pool of addresses is actually used is scant.
Can I configure how the next address to be used is found, like round-robin, hashed-address or random, and can I configure when a particular pool address translation is released?
And will the ZyWall do NAT translation overload with addresses in a pool like with a single WAN ip address?
Comments
-
Hello hansjalbertsson,
As your description,
configuration of the load-balancing(trunk) is based on port, so you cannot configure the pool address on trunk.
Secondly, on the NAT, select Many 1:1 NAT, and you can set the pool address for original IP,
Charlie0 -
I missed to say "in configuring snat under policy route or in the snat part of an interface's configuration panels".
The help facility in the usg300 and 2000 describes how you can use an address object containing a range of publically known addresses and have the usg do NAT to that range rather than a single address.
I 'm sure I'll have to set up virtual interfaces in the zywall, have my isp route that range via my zywall's WAN port, and possibly set up some routing information.
Or am I being too optimistic.
0 -
you can try the policy route.
ex: Range of Public IP: 8.222.222.220~8.222.222.223, range of client IP: 192.168.2.22~192.168.2.33
Create the object for range of public IP and range of client IP and each public IP.
Go to policy route, Source Address"Range of client IP", Destination Address"Range of Public IP", Next Hop:Type"Interface",Interface"Wan interface", Address Translation: Select one of public IP.
You need to create three (policy routing)profiles for each public IP on Address translation.0 -
Jeremylin: what I want to find out are the rules followed by the ZyWall in doing SNAT using multiple public ip addresses, and, also, what else I need to do to enable internet traffic to reach the addresses in that pool.
So, I have 3 questions:
1st: when a second, new client in my private net connects to the internet, how does the ZyWall determine which public address to use for that client? Can this be configured?
2nd: when all the public ip addresses used for SNAT are already in use, what happens when the next private net client tries to connect? And, can this be configured?
3rd: I presume my ISP must route traffic for all of my assigned public addresses to my WAN connection(s), but what must I do in my usg2000 to enable the ZyWall to pick up that traffic and route it properly?
P.S. My ZyWall usg2000 is running what I think is the very latest patch to the 3.30(AQW.7) ZLD FW.0 -
If you want to configure the client"A" access network via Public IP"A", you need to set routing on USG.
Moreover, the clients will route to the same public IP, however, the public IP with different ports.
please set and test the configuration which I mentioned on previous message on your environment to see the result.
The 3.30(AQW.7) is the latest firmware for sure, but as I know the USG 2000 is old model on USG Series.
0 -
Update. If your router is running firmware 4.35 firmware, please note that NATing configuration looks a bit different. Here's an update:
In cases where the devices behind the Zyxel hold private IPsbecause they required firewall protection. Typically this method is used when servers are connected behind the Zyxel.
Method 1is 1:1 NAT and is used if firewall functionality is desired. This method only works when their is a router in front of the Zyxel so that both the Zyxel and the device behind the Zyxel can use the same gateway.
*Go to Object>Address and add a host for each public static IP
*Go to NAT and add a rule that says: 1:1 NAT Type>Interface WAN1>Source IP=any>External IP=Public Address>Internal IP=Private IP of the device you're NATIng to
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight