Re: Zyxel ZyWall 10 router MADNESS

• Previous message: MC: "Re: Zyxel ZyWall 10 router MADNESS"
• In reply to: MC: "Re: Zyxel ZyWall 10 router MADNESS"
• Next in thread: shopping.nowthor.com: "Re: Zyxel ZyWall 10 router MADNESS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 11 Sep 2004 21:24:40 GMT

I meant to say that the 3 machines are configured to
"Many to One No Overload" rather than "Many to One Overload"

"MC" <daven(delete_this)@miraclecatDELETETHISTOO.com> wrote in message
news:78I0d.174619$mD.52778@attbi_s02...
> Hi,
>
> Here is exactly what is going on.
> First off, there is no ISP involved here. All systems get pre-configured
in
> a staging network whereby equipment can be evaluated
> to see if it will work as advertised.
>
> The WAN IP port is STATIC and set to 192.168.1.1 255.255.255.0 (e.g.
> internal class C)
> The LAN IP port is STATIC and set to 192.168.0.1 255.255.255.0 (e.g.
> internal class C)
> DHCP is turned off.
> Firewall is turned off (temporarily, for testing connections, of course).
>
> 3 machines on the LAN side are configured mapped MANY-TO-ONE OVERLOAD
> 192.168.0.10-12 LAN mapped to IPs 192.168.1.10-12 WAN
>
> No static routes are configured.
> No port forwarding is configured (you don't need it if you are mapping
> internal IPs directly to external IPs on a 1-1 basis).
>
> I have a computer on the WAN side (my laptop) that is set to 192.168.1.42
of
> which I do the WAN-side testing.
> There is a router on the network at 192.168.1.2 for outside access (but
> taking it out of the loop has no effect on this issue).
>
> My problem is that as soon as I switch from "SUA-Only" to "Full Feature"
> mode, ALL WAN access to the router is completely disabled (no pinging, no
> telnetting, no HTTP, nada! - completely shut down). For example, pinging
> 192.168.1.1 no longer generates a response after making the switch.
> REMEMBER the FIREWALL IS STILL OFF!
> Just in case the unit mysteriously turned the firewall back on, I went in
> the LAN side and telnetted in to 192.168.0.1 and verified with 100%
> certainty, that the firewall was indeed turned off. I also went in and
> verified with 100% certainty that remote management was still enabled.
> For kicks, I made certain that the packets on all interface directions
(Wan
> to Lan, etc) were set to being forwarded and not dropped.
>
> To make sure that it was the switching of modes that caused the blockage
of
> 192.168.1.1, I switch the mode back to "SUA Only" from "Full Feature" and
> remote access to the router was restored. (eg I can ping 192.168.1.1
again).
>
> Once again: The WAN address is NOT being forwarded (why on Earth would
> anyone do that anyway?)
> The FIREWALL is TURNED OFF (turning on the firewall does not fix the
problem
> and only would add another variable to this insanity).
>
> I cannot use SUA because there are 4 websites with 4 separate IPs on the
> same NIC interface on the same computer all needing port 80. I could just
> set the router to not use NAT at all, but the extra layer of security NAT
> provides is very desirable especially with automated worms, also I may
wish
> to set up an additional rule sharing a single outside IP with many inside
> boxes.
>
> As far as remote management, when this is put in place it will be managed
> via the serial port connected to an outside power controller box with
> terminal abilities via HTTPS (pretty neat actually) - 2 levels of security
> there and all SSL. The power controller owning its own WAN IP so that the
> router can be rebooted remotely (as most routers need to be every now and
> then).
>
> Anyway, it makes no sense whatsoever that the WAN port becomes in
accessible
> when switching modes, so I think that I have a defective unit, unless
there
> is a SECRET MAGICAL METHOD of getting it to work As Advertised.
>
>
>
>
>
>
>
> "shopping.nowthor.com" <nospam@shopping.nowthor.com> wrote in message
> news:j7t4k01a51dhbesfk673uu2lhegk9oso3q@4ax.com...
> > On Sat, 11 Sep 2004 01:51:38 GMT, "MC"
> > <daven(delete_this)@miraclecatDELETETHISTOO.com> wrote:
> > >
> > >Has anyone had much luck in configuring a Zywall firewall router?
> > >
> >
> > Yes, absolutely!
> >
> > >
> > >Every time I set the the NAT to "Full Feature", remote access is turned
> off
> > >(the unit can no longer be managed via the WAN port) and the unit locks
> me
> > >out, regardless of whether the firewall is turned on or off.
> > >
> >
> > First, make sure the firewall is always on. There is no point in
> > buying a firewall and then disable it.
> >
> > Second, do you have more than one public IP address? If the answer is
> > no then you don't need "Full Feature". "SUA Only" is the way to go.
> >
> > Are you trying to connect to the ZyWALL from the WAN side using the
> > WAN IP address? If yes, have you created a firewall tule to allow HTTP
> > access to the ZyWALL?
> >
> > Or, if you are using Multi-NAT and created forward rules, make sure
> > you aren't forwarding (WAN IP address/port 80) to some other device.
> >
> > BTW, it's not a very good idea to remotely configure a ZyWALL over
> > HTTP. It's better to create an IPsec tunnel first.
>
>

• Previous message: MC: "Re: Zyxel ZyWall 10 router MADNESS"
• In reply to: MC: "Re: Zyxel ZyWall 10 router MADNESS"
• Next in thread: shopping.nowthor.com: "Re: Zyxel ZyWall 10 router MADNESS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]