Having some issues with a Port Forward
![[Deleted User]](https://us.v-cdn.net/6029482/uploads/defaultavatar/nN4PAQRO7TCNP.jpg)
[Deleted User]
Posts: 51 
Ally Member
Ally Member
in Security
This should be simple, and it was, until I had to configure the rule in a Zyxel Firewall.
I run a backup from a remote web server to a local SFTP Server via port 22022.
Everything works. The locally receiving machine is a Windows and those settings are as they where before I placed the USG40 on my Lan. netstat -an shows the port listening and there is no reason to think anything is wrong there.
On the web server, same story, everything worked for months and I have a local log file archive of thousands of successful transfers to prove that.
So when configuring a Port Forward on a Zyxel USG40 I seem to be missing something despite following the Guide that is available in the interface and despite having done some troubleshooting to find out what is wrong. As part of this I do of course check the logs, I should specifically check for MESSAGE log entries according to this: https://kb.zyxel.com/KB/searchArticle!viewBlob.action?attOid=14440 , but there are none.
The configuration looks like this:
So any hints on what may be wrong? I have not messed with the Security Policy, since this should be picked up by it and an exclusion made automagically. If it is any kind of smart.
The manual indicates another way to do this, but I am just assuming it is wrong, since there is a guide to do it in the interface.
0
Accepted Solution
-
The link you post is a very old article. This is up to date one,
https://support.zyxel.eu/hc/en-us/articles/360001390934-NAT-Rule-Configuration-on-a-USG-Port-Forwarding-
You need to add the security policy.
It's not automatically add allow WAN to LAN firewall rule for NAT.
0
Master Member
All Replies
-
The link you post is a very old article. This is up to date one,
https://support.zyxel.eu/hc/en-us/articles/360001390934-NAT-Rule-Configuration-on-a-USG-Port-Forwarding-
You need to add the security policy.
It's not automatically add allow WAN to LAN firewall rule for NAT.
0 -
The link I posted is the one referred to from within the interface. I did not look it up usin google or archive.org to find it.Ian31 said:The link you post is a very old article. This is up to date one,
https://support.zyxel.eu/hc/en-us/articles/360001390934-NAT-Rule-Configuration-on-a-USG-Port-Forwarding-I'll read through your link and see if that works better.Oh, I see know. All has to be done manually. Every single rule. Old firewalls are stupid Excel sheets after all. ... ffs...0 -
You likely need source IP to any to have any IP connect to 192.168.1.234
0 -
PeterUK said:
You likely need source IP to any to have any IP connect to 192.168.1.234
No, since the IP of the web host is fixed.
0 -
So it be
remote IP of web server > WAN IP:22022 > NAT > remote IP of web server > 192.168.1.234:220220 -
OK, first fail log...Need to revise and startover...
Maybe I missed the wan + any port > lan + 22022Edited out IP addresses.0 -
Firewall rule should look like:FROM: WANTO: any (or whatever zone contains the 'receiving machine')SOURCE: <WEBSERVER_IP>DEST: 192.168.1.234SERVICE: <PORT 22022>ACTION: allow0
-
I know, I think I am fucking up the Security Policy part which is a first for me so I will just have to try again.(have been doing port forwards in different routers - D-link, Asus, Cisco - for more than 20 years, but this is a Firewall as well so more complex.)0
-
Yeah wonderful...1
2021-06-20 10:57:26
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:16021
ACCESS FORWARD
2
2021-06-20 10:57:20
notice
Security Policy Control
priority:1, from WAN to LAN1, UDP, service others, DNAT Packet, ACCEPT
141.98.10.208:5063
192.168.1.234:5060
ACCESS FORWARD
3
2021-06-20 10:57:19
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
192.99.35.225:49748
192.168.1.234:2236
ACCESS FORWARD
4
2021-06-20 10:57:14
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:41520
ACCESS FORWARD
5
2021-06-20 10:57:13
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:57040
ACCESS FORWARD
6
2021-06-20 10:57:13
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:4798
ACCESS FORWARD
7
2021-06-20 10:57:10
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:13675
ACCESS FORWARD
8
2021-06-20 10:57:08
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:32576
ACCESS FORWARD
9
2021-06-20 10:57:07
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
185.128.43.46:53024
192.168.1.234:4400
ACCESS FORWARD
10
2021-06-20 10:57:05
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:19776
ACCESS FORWARD
11
2021-06-20 10:57:00
notice
Security Policy Control
priority:1, from WAN to LAN1, UDP, service others, DNAT Packet, ACCEPT
155.94.196.244:1461
192.168.1.234:8080
ACCESS FORWARD
12
2021-06-20 10:56:51
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:40999
ACCESS FORWARD
13
2021-06-20 10:56:48
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:55375
ACCESS FORWARD
14
2021-06-20 10:56:44
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:52626
ACCESS FORWARD
15
2021-06-20 10:56:41
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:59429
ACCESS FORWARD
16
2021-06-20 10:56:40
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:4307
ACCESS FORWARD
17
2021-06-20 10:56:40
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:63759
ACCESS FORWARD
18
2021-06-20 10:56:31
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:38879
ACCESS FORWARD
19
2021-06-20 10:56:30
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:9859
ACCESS FORWARD
20
2021-06-20 10:56:27
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:8376
ACCESS FORWARD
21
2021-06-20 10:56:27
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:5481
ACCESS FORWARD
22
2021-06-20 10:56:24
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:1421
ACCESS FORWARD
23
2021-06-20 10:56:23
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:16933
ACCESS FORWARD
24
2021-06-20 10:56:21
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:23952
ACCESS FORWARD
25
2021-06-20 10:56:19
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:18574
ACCESS FORWARD
26
2021-06-20 10:56:05
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:6860
ACCESS FORWARD
27
2021-06-20 10:56:05
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:52889
ACCESS FORWARD
28
2021-06-20 10:56:04
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:53159
ACCESS FORWARD
29
2021-06-20 10:56:02
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:40172
ACCESS FORWARD
30
2021-06-20 10:55:59
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:40554
ACCESS FORWARD
31
2021-06-20 10:55:55
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:29123
ACCESS FORWARD
32
2021-06-20 10:55:51
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:16495
ACCESS FORWARD
33
2021-06-20 10:55:50
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
101.176.111.31:25619
192.168.1.234:23
ACCESS FORWARD
34
2021-06-20 10:55:48
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:39891
ACCESS FORWARD
35
2021-06-20 10:55:47
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:21441
ACCESS FORWARD
36
2021-06-20 10:55:46
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:2396
ACCESS FORWARD
37
2021-06-20 10:55:39
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:17200
ACCESS FORWARD
38
2021-06-20 10:55:39
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:28094
ACCESS FORWARD
39
2021-06-20 10:55:38
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:6363
ACCESS FORWARD
40
2021-06-20 10:55:36
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:22795
ACCESS FORWARD
41
2021-06-20 10:55:35
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:37179
ACCESS FORWARD
42
2021-06-20 10:55:31
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:30807
ACCESS FORWARD
43
2021-06-20 10:55:30
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:36501
ACCESS FORWARD
44
2021-06-20 10:55:29
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:20308
ACCESS FORWARD
45
2021-06-20 10:55:28
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:39861
ACCESS FORWARD
46
2021-06-20 10:55:27
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:54809
ACCESS FORWARD
47
2021-06-20 10:55:26
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:61318
ACCESS FORWARD
48
2021-06-20 10:55:23
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:37500
ACCESS FORWARD
49
2021-06-20 10:55:22
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:16274
ACCESS FORWARD
50
2021-06-20 10:55:21
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:61748
ACCESS FORWARD
51
2021-06-20 10:55:19
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:36613
ACCESS FORWARD
52
2021-06-20 10:55:18
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:63058
ACCESS FORWARD
53
2021-06-20 10:55:18
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:5383
ACCESS FORWARD
54
2021-06-20 10:55:17
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:58846
ACCESS FORWARD
55
2021-06-20 10:55:17
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:23937
ACCESS FORWARD
56
2021-06-20 10:55:15
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
92.63.197.16:43024
192.168.1.234:63092
ACCESS FORWARD
57
2021-06-20 10:55:06
notice
Security Policy Control
priority:1, from WAN to LAN1, TCP, service others, DNAT Packet, ACCEPT
116.117.157.69:21712
192.168.1.234:2236
ACCESS FORWARD
I will be making a support ticket for this, then I can include all the details - which frankly I am not doing here, and get a better response.
0 -
Hi @SecCon
May be your default policy control rule already broken then caused traffic blocked by default configuration.
I will send you private message for further check on it.
0
Guru Member
Freshman Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
