Port 80 foward

T_G
T_G Posts: 17  Freshman Member
First Comment Second Anniversary
edited January 18 in Security

Hello,

i have some ports to open but the 80 give me a problem.

I have set the foward, i change the default port on system→www→http but the ports not work,

Some helps?

Thanks

«1

All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Have you done NAT rules?

  • T_G
    T_G Posts: 17  Freshman Member
    First Comment Second Anniversary

    Yes

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Does your ISP allow port 80? does the USG have the WAN IP and that your not behind another router doing NAT?

  • T_G
    T_G Posts: 17  Freshman Member
    First Comment Second Anniversary

    I'm behind a fritz box 7590 in exposed host mode. Https works because i login in firewall and also the other ports. I also try to foward on fritz box the port 80 on firewall.

  • smb_corp_user
    smb_corp_user Posts: 168  Master Member
    5 Answers First Comment Friend Collector Second Anniversary

    Maybe I have misunderstood, I could be completely missing the point, but anyway:

    I thought the interface wan1 would be your connection to/from the Fritz box / ISP / internet, and you would have to access the Zyxel via one of the LAN ports. Then again, I may have misunderstood your network.

  • T_G
    T_G Posts: 17  Freshman Member
    First Comment Second Anniversary

    Hello

    I have a fritz box as router. Then the firewall for 2 lan. The router have a mode called 'exposed' that open all port to 1 device (the firewall). I need to see the Port 80 from external to server on a lan. For the other ports hat I have opened it works, but for the 80 not.

    Thanks

  • T_G
    T_G Posts: 17  Freshman Member
    First Comment Second Anniversary

    I have maked a test. I set from frizbox port foward on a test pc with webserver connected directly. And works.

    If i set the same port on the firewall it not works, so the ISP not block the port.

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited January 19

    Do a packet capture on the USG for port 80 and do a port scan to see if it hit the USG

    https://www.grc.com/x/ne.dll?bh0bkyd2

    One other thing you can try but really you only do this for other reason is make a service group with HTTP and use that in your NAT rule for port mapping type.

  • T_G
    T_G Posts: 17  Freshman Member
    First Comment Second Anniversary

    I have maked a test, it tell me "Stealth"

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited January 19

    Yes but is the traffic getting to the USG, go to diagnostics > packet capture move WAN1 in capture interfaces and set host port to 80 and capture then go to GRC and scan for port 80 stop capture then go to files and open the .cap file for WAN1 you should see from 4.79.142.206 a TCP SYN to port 80

Security Highlight