Re: Zyxel ZyWall 10 router MADNESS
From: MC (daven(delete_this)_at_miraclecatDELETETHISTOO.com)
Date: Sun, 12 Sep 2004 07:07:12 GMT
It has the latest firmware (it is brand new).
I heard that the ZyWall 5 was plagued with reboot problems in several places
on the Internet, so I stay away from that model.
I was hoping that someone could provide a working BIN file from a unit that
was working properly so I could upload that and just change the IPs to mine.
"shopping.nowthor.com" <email@example.com> wrote in message
> Before I reply to this post in full, could you verify you are running
> the latest firmware as I suggested in the other post of mine?
> On Sat, 11 Sep 2004 19:14:11 GMT, "MC"
> <daven(delete_this)@miraclecatDELETETHISTOO.com> wrote:
> >Here is exactly what is going on.
> >First off, there is no ISP involved here. All systems get pre-configured
> >a staging network whereby equipment can be evaluated
> >to see if it will work as advertised.
> >The WAN IP port is STATIC and set to 192.168.1.1 255.255.255.0 (e.g.
> >internal class C)
> >The LAN IP port is STATIC and set to 192.168.0.1 255.255.255.0 (e.g.
> >internal class C)
> >DHCP is turned off.
> >Firewall is turned off (temporarily, for testing connections, of course).
> >3 machines on the LAN side are configured mapped MANY-TO-ONE OVERLOAD
> >192.168.0.10-12 LAN mapped to IPs 192.168.1.10-12 WAN
> >No static routes are configured.
> >No port forwarding is configured (you don't need it if you are mapping
> >internal IPs directly to external IPs on a 1-1 basis).
> >I have a computer on the WAN side (my laptop) that is set to 192.168.1.42
> >which I do the WAN-side testing.
> >There is a router on the network at 192.168.1.2 for outside access (but
> >taking it out of the loop has no effect on this issue).
> >My problem is that as soon as I switch from "SUA-Only" to "Full Feature"
> >mode, ALL WAN access to the router is completely disabled (no pinging, no
> >telnetting, no HTTP, nada! - completely shut down). For example, pinging
> >192.168.1.1 no longer generates a response after making the switch.
> >REMEMBER the FIREWALL IS STILL OFF!
> >Just in case the unit mysteriously turned the firewall back on, I went in
> >the LAN side and telnetted in to 192.168.0.1 and verified with 100%
> >certainty, that the firewall was indeed turned off. I also went in and
> >verified with 100% certainty that remote management was still enabled.
> >For kicks, I made certain that the packets on all interface directions
> >to Lan, etc) were set to being forwarded and not dropped.
> >To make sure that it was the switching of modes that caused the blockage
> >192.168.1.1, I switch the mode back to "SUA Only" from "Full Feature" and
> >remote access to the router was restored. (eg I can ping 192.168.1.1
> >Once again: The WAN address is NOT being forwarded (why on Earth would
> >anyone do that anyway?)
> >The FIREWALL is TURNED OFF (turning on the firewall does not fix the
> >and only would add another variable to this insanity).
> >I cannot use SUA because there are 4 websites with 4 separate IPs on the
> >same NIC interface on the same computer all needing port 80. I could
> >set the router to not use NAT at all, but the extra layer of security NAT
> >provides is very desirable especially with automated worms, also I may
> >to set up an additional rule sharing a single outside IP with many inside
> >As far as remote management, when this is put in place it will be managed
> >via the serial port connected to an outside power controller box with
> >terminal abilities via HTTPS (pretty neat actually) - 2 levels of
> >there and all SSL. The power controller owning its own WAN IP so that the
> >router can be rebooted remotely (as most routers need to be every now and
> >Anyway, it makes no sense whatsoever that the WAN port becomes in
> >when switching modes, so I think that I have a defective unit, unless
> >is a SECRET MAGICAL METHOD of getting it to work As Advertised.
> >"shopping.nowthor.com" <firstname.lastname@example.org> wrote in message
> >> On Sat, 11 Sep 2004 01:51:38 GMT, "MC"
> >> <daven(delete_this)@miraclecatDELETETHISTOO.com> wrote:
> >> >
> >> >Has anyone had much luck in configuring a Zywall firewall router?
> >> >
> >> Yes, absolutely!
> >> >
> >> >Every time I set the the NAT to "Full Feature", remote access is
> >> >(the unit can no longer be managed via the WAN port) and the unit
> >> >out, regardless of whether the firewall is turned on or off.
> >> >
> >> First, make sure the firewall is always on. There is no point in
> >> buying a firewall and then disable it.
> >> Second, do you have more than one public IP address? If the answer is
> >> no then you don't need "Full Feature". "SUA Only" is the way to go.
> >> Are you trying to connect to the ZyWALL from the WAN side using the
> >> WAN IP address? If yes, have you created a firewall tule to allow HTTP
> >> access to the ZyWALL?
> >> Or, if you are using Multi-NAT and created forward rules, make sure
> >> you aren't forwarding (WAN IP address/port 80) to some other device.
> >> BTW, it's not a very good idea to remotely configure a ZyWALL over
> >> HTTP. It's better to create an IPsec tunnel first.