Re: Zyxel ZyWall 10 router MADNESS

From: MC (daven(delete_this)_at_miraclecatDELETETHISTOO.com)
Date: 09/12/04


Date: Sun, 12 Sep 2004 07:07:12 GMT

It has the latest firmware (it is brand new).
I heard that the ZyWall 5 was plagued with reboot problems in several places
on the Internet, so I stay away from that model.
I was hoping that someone could provide a working BIN file from a unit that
was working properly so I could upload that and just change the IPs to mine.

"shopping.nowthor.com" <nospam@shopping.nowthor.com> wrote in message
news:74r6k0prr0hef45upiedtpubbou4crlghn@4ax.com...
> Before I reply to this post in full, could you verify you are running
> the latest firmware as I suggested in the other post of mine?
>
> On Sat, 11 Sep 2004 19:14:11 GMT, "MC"
> <daven(delete_this)@miraclecatDELETETHISTOO.com> wrote:
> >
> >Hi,
> >
> >Here is exactly what is going on.
> >First off, there is no ISP involved here. All systems get pre-configured
in
> >a staging network whereby equipment can be evaluated
> >to see if it will work as advertised.
> >
> >The WAN IP port is STATIC and set to 192.168.1.1 255.255.255.0 (e.g.
> >internal class C)
> >The LAN IP port is STATIC and set to 192.168.0.1 255.255.255.0 (e.g.
> >internal class C)
> >DHCP is turned off.
> >Firewall is turned off (temporarily, for testing connections, of course).
> >
> >3 machines on the LAN side are configured mapped MANY-TO-ONE OVERLOAD
> >192.168.0.10-12 LAN mapped to IPs 192.168.1.10-12 WAN
> >
> >No static routes are configured.
> >No port forwarding is configured (you don't need it if you are mapping
> >internal IPs directly to external IPs on a 1-1 basis).
> >
> >I have a computer on the WAN side (my laptop) that is set to 192.168.1.42
of
> >which I do the WAN-side testing.
> >There is a router on the network at 192.168.1.2 for outside access (but
> >taking it out of the loop has no effect on this issue).
> >
> >My problem is that as soon as I switch from "SUA-Only" to "Full Feature"
> >mode, ALL WAN access to the router is completely disabled (no pinging, no
> >telnetting, no HTTP, nada! - completely shut down). For example, pinging

> >192.168.1.1 no longer generates a response after making the switch.
> >REMEMBER the FIREWALL IS STILL OFF!
> >Just in case the unit mysteriously turned the firewall back on, I went in
> >the LAN side and telnetted in to 192.168.0.1 and verified with 100%
> >certainty, that the firewall was indeed turned off. I also went in and
> >verified with 100% certainty that remote management was still enabled.
> >For kicks, I made certain that the packets on all interface directions
(Wan
> >to Lan, etc) were set to being forwarded and not dropped.
> >
> >To make sure that it was the switching of modes that caused the blockage
of
> >192.168.1.1, I switch the mode back to "SUA Only" from "Full Feature" and
> >remote access to the router was restored. (eg I can ping 192.168.1.1
again).
> >
> >Once again: The WAN address is NOT being forwarded (why on Earth would
> >anyone do that anyway?)
> >The FIREWALL is TURNED OFF (turning on the firewall does not fix the
problem
> >and only would add another variable to this insanity).
> >
> >I cannot use SUA because there are 4 websites with 4 separate IPs on the
> >same NIC interface on the same computer all needing port 80. I could
just
> >set the router to not use NAT at all, but the extra layer of security NAT
> >provides is very desirable especially with automated worms, also I may
wish
> >to set up an additional rule sharing a single outside IP with many inside
> >boxes.
> >
> >As far as remote management, when this is put in place it will be managed
> >via the serial port connected to an outside power controller box with
> >terminal abilities via HTTPS (pretty neat actually) - 2 levels of
security
> >there and all SSL. The power controller owning its own WAN IP so that the
> >router can be rebooted remotely (as most routers need to be every now and
> >then).
> >
> >Anyway, it makes no sense whatsoever that the WAN port becomes in
accessible
> >when switching modes, so I think that I have a defective unit, unless
there
> >is a SECRET MAGICAL METHOD of getting it to work As Advertised.
> >
> >
> >
> >
> >
> >
> >
> >"shopping.nowthor.com" <nospam@shopping.nowthor.com> wrote in message
> >news:j7t4k01a51dhbesfk673uu2lhegk9oso3q@4ax.com...
> >> On Sat, 11 Sep 2004 01:51:38 GMT, "MC"
> >> <daven(delete_this)@miraclecatDELETETHISTOO.com> wrote:
> >> >
> >> >Has anyone had much luck in configuring a Zywall firewall router?
> >> >
> >>
> >> Yes, absolutely!
> >>
> >> >
> >> >Every time I set the the NAT to "Full Feature", remote access is
turned
> >off
> >> >(the unit can no longer be managed via the WAN port) and the unit
locks
> >me
> >> >out, regardless of whether the firewall is turned on or off.
> >> >
> >>
> >> First, make sure the firewall is always on. There is no point in
> >> buying a firewall and then disable it.
> >>
> >> Second, do you have more than one public IP address? If the answer is
> >> no then you don't need "Full Feature". "SUA Only" is the way to go.
> >>
> >> Are you trying to connect to the ZyWALL from the WAN side using the
> >> WAN IP address? If yes, have you created a firewall tule to allow HTTP
> >> access to the ZyWALL?
> >>
> >> Or, if you are using Multi-NAT and created forward rules, make sure
> >> you aren't forwarding (WAN IP address/port 80) to some other device.
> >>
> >> BTW, it's not a very good idea to remotely configure a ZyWALL over
> >> HTTP. It's better to create an IPsec tunnel first.
> >
>



Relevant Pages

  • Re: FTP versus Copy
    ... Remember he said over a WAN. ... Swen Internet worm to visit you. ... itself to UseNet News Groups as well as it has its own email engine. ... |>best option for copying these files to the central site? ...
    (microsoft.public.win2000.general)
  • Re: Public IP Address for Remote Access
    ... for wan access to your home pc you are better off using ... with vnc there are lots of things to do if you want a secure connection. ... home a internet provider that has dynamic ip addressing. ... router to the particular pc on you lan (note that all of the pcs on your lan ...
    (alt.sys.pc-clone.dell)
  • Re: Some Questions about my Routers Setup
    ... Because the firmware that is installed in the router must have ... you have another Web server out there on the ... Web server exposed to the public Internet even if it running Apache. ...
    (comp.security.firewalls)
  • Re: Unable to reach POP server
    ... I have actually already set up a rule to redirect all WAN ... Running Outlook as a regular Exchange client is great when inside on the LAN ... I'm not saying there aren't ways to run MAPI over the Internet, ...
    (microsoft.public.windows.server.networking)
  • Re: VPN setup with static IP. How?
    ... is internal LAN and 192.168.1.10 is ... for external WAN. ... WAN port of this rouetr is connected to DSL modem's RJ45. ... > through the Internet, and port forwarding extends the link to the machine on ...
    (microsoft.public.windows.server.networking)