Port forwarding on VPN100 doesn't work

begg
begg Posts: 4  Freshman Member
First Comment

hello

I'm trying since some days to get a certain port forwarded to ony of my clients and I don't get it to work. maybe some basics first:

  • got a fritzbox as modem AND router first (unfortunately there's no bridge mode)
  • zyxel vpn100 is connected over WAN port to the fritzbox, get's an internal IP-address of fritzbox
  • all other clients are connected through vpn100 - dhcp on vpn100 is activated so the whole ip-network is managed bei vpn100 dhcp

i don't get it to work for one simple client to open the port 32400 for outside communication. for some details: there is a synology NAS working with plex server.

  • port 32400 is forwarded on fritzbox for the whole vpn100 network

next to vpn: at object, i created an address and a geo IP:

at seczruty policy, i created a new entry at policy control:

last but not least the network → NAT entry:

i am pretty sure there is something i didnt understand so far…maybe some1 can help me to get this work. if you need some more informations please let me know what you need.

regards

begg

Accepted Solution

  • begg
    begg Posts: 4  Freshman Member
    First Comment
    Answer ✓

    hey there

    got the solution….i just tried and set some params until it worked…try and error…it's a little bit annoying but now it works…i had to set up the nat any to any…see the differences if you're interested in (left side old params / right side new params):

All Replies

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited November 13

    Does traffic for port 32400 get to VPN100 WAN1 port when you run packet capture and run a probe https://www.grc.com/port_32400.htm

  • begg
    begg Posts: 4  Freshman Member
    First Comment

    you mean i should try another port right? mayb my isp blocks this port…will try another one

  • valerio_vanni
    valerio_vanni Posts: 91  Ally Member
    First Answer First Comment Friend Collector Second Anniversary

    He suggests to test if the first step (forward from Fritz to VPN100) works.

    Looking at your screenshots, I don't understand why are you setting "Plex Synology WAN IP" as WAN IP of VPN100.

    When Fritz forwards port, connection that reaches VPN100 WAN has Fritz IP as source address, not WAN IP of VPN100.

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    policy rule for source address may need to be any

  • valerio_vanni
    valerio_vanni Posts: 91  Ally Member
    First Answer First Comment Friend Collector Second Anniversary

    Or, at least, LAN IP of Fritz. Even if it's likely the same, since I don't think there are other devices between Fritz and VPN100.

    For sure it cannot work the way is set now.

  • begg
    begg Posts: 4  Freshman Member
    First Comment
    Answer ✓

    hey there

    got the solution….i just tried and set some params until it worked…try and error…it's a little bit annoying but now it works…i had to set up the nat any to any…see the differences if you're interested in (left side old params / right side new params):

Security Highlight