Re: Zyxel ZyWall 10 router MADNESS

From: MC (daven(delete_this)_at_miraclecatDELETETHISTOO.com)
Date: 09/11/04

  • Next message: Charles Newman: "Port 1026"
    Date: Sat, 11 Sep 2004 21:24:40 GMT
    
    

    I meant to say that the 3 machines are configured to
    "Many to One No Overload" rather than "Many to One Overload"

    "MC" <daven(delete_this)@miraclecatDELETETHISTOO.com> wrote in message
    news:78I0d.174619$mD.52778@attbi_s02...
    > Hi,
    >
    > Here is exactly what is going on.
    > First off, there is no ISP involved here. All systems get pre-configured
    in
    > a staging network whereby equipment can be evaluated
    > to see if it will work as advertised.
    >
    > The WAN IP port is STATIC and set to 192.168.1.1 255.255.255.0 (e.g.
    > internal class C)
    > The LAN IP port is STATIC and set to 192.168.0.1 255.255.255.0 (e.g.
    > internal class C)
    > DHCP is turned off.
    > Firewall is turned off (temporarily, for testing connections, of course).
    >
    > 3 machines on the LAN side are configured mapped MANY-TO-ONE OVERLOAD
    > 192.168.0.10-12 LAN mapped to IPs 192.168.1.10-12 WAN
    >
    > No static routes are configured.
    > No port forwarding is configured (you don't need it if you are mapping
    > internal IPs directly to external IPs on a 1-1 basis).
    >
    > I have a computer on the WAN side (my laptop) that is set to 192.168.1.42
    of
    > which I do the WAN-side testing.
    > There is a router on the network at 192.168.1.2 for outside access (but
    > taking it out of the loop has no effect on this issue).
    >
    > My problem is that as soon as I switch from "SUA-Only" to "Full Feature"
    > mode, ALL WAN access to the router is completely disabled (no pinging, no
    > telnetting, no HTTP, nada! - completely shut down). For example, pinging
    > 192.168.1.1 no longer generates a response after making the switch.
    > REMEMBER the FIREWALL IS STILL OFF!
    > Just in case the unit mysteriously turned the firewall back on, I went in
    > the LAN side and telnetted in to 192.168.0.1 and verified with 100%
    > certainty, that the firewall was indeed turned off. I also went in and
    > verified with 100% certainty that remote management was still enabled.
    > For kicks, I made certain that the packets on all interface directions
    (Wan
    > to Lan, etc) were set to being forwarded and not dropped.
    >
    > To make sure that it was the switching of modes that caused the blockage
    of
    > 192.168.1.1, I switch the mode back to "SUA Only" from "Full Feature" and
    > remote access to the router was restored. (eg I can ping 192.168.1.1
    again).
    >
    > Once again: The WAN address is NOT being forwarded (why on Earth would
    > anyone do that anyway?)
    > The FIREWALL is TURNED OFF (turning on the firewall does not fix the
    problem
    > and only would add another variable to this insanity).
    >
    > I cannot use SUA because there are 4 websites with 4 separate IPs on the
    > same NIC interface on the same computer all needing port 80. I could just
    > set the router to not use NAT at all, but the extra layer of security NAT
    > provides is very desirable especially with automated worms, also I may
    wish
    > to set up an additional rule sharing a single outside IP with many inside
    > boxes.
    >
    > As far as remote management, when this is put in place it will be managed
    > via the serial port connected to an outside power controller box with
    > terminal abilities via HTTPS (pretty neat actually) - 2 levels of security
    > there and all SSL. The power controller owning its own WAN IP so that the
    > router can be rebooted remotely (as most routers need to be every now and
    > then).
    >
    > Anyway, it makes no sense whatsoever that the WAN port becomes in
    accessible
    > when switching modes, so I think that I have a defective unit, unless
    there
    > is a SECRET MAGICAL METHOD of getting it to work As Advertised.
    >
    >
    >
    >
    >
    >
    >
    > "shopping.nowthor.com" <nospam@shopping.nowthor.com> wrote in message
    > news:j7t4k01a51dhbesfk673uu2lhegk9oso3q@4ax.com...
    > > On Sat, 11 Sep 2004 01:51:38 GMT, "MC"
    > > <daven(delete_this)@miraclecatDELETETHISTOO.com> wrote:
    > > >
    > > >Has anyone had much luck in configuring a Zywall firewall router?
    > > >
    > >
    > > Yes, absolutely!
    > >
    > > >
    > > >Every time I set the the NAT to "Full Feature", remote access is turned
    > off
    > > >(the unit can no longer be managed via the WAN port) and the unit locks
    > me
    > > >out, regardless of whether the firewall is turned on or off.
    > > >
    > >
    > > First, make sure the firewall is always on. There is no point in
    > > buying a firewall and then disable it.
    > >
    > > Second, do you have more than one public IP address? If the answer is
    > > no then you don't need "Full Feature". "SUA Only" is the way to go.
    > >
    > > Are you trying to connect to the ZyWALL from the WAN side using the
    > > WAN IP address? If yes, have you created a firewall tule to allow HTTP
    > > access to the ZyWALL?
    > >
    > > Or, if you are using Multi-NAT and created forward rules, make sure
    > > you aren't forwarding (WAN IP address/port 80) to some other device.
    > >
    > > BTW, it's not a very good idea to remotely configure a ZyWALL over
    > > HTTP. It's better to create an IPsec tunnel first.
    >
    >


  • Next message: Charles Newman: "Port 1026"