V4.32 NAT port 80 and 443 not allowed

PeterUKPeterUK Member Posts: 689  Guru Member
edited September 16, 2018 4:02AM in ZyWALL USG Series

So your stopping the use of 80 and 443 from WAN or OPT to a NAT IP? This seems like a silly idea?   

This idea needs to be done correctly as I have a rule in place that works with it saying its conflicting when its not for a Virtual interface on LAN1. I can understand its to stop people from doing a NAT rule on LAN1 directly that stops them logging in but its too strict.

    

Accepted Solution

«1

All Replies

  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 718  mod

    Hi @PeterUK  

    It is because the port 80 has been used in ZyWALL HTTP server.

    You can change default HTTP server port as others, then there is no this problem.

    Configuration > System > WWW > HTTP server port.


  • PeterUKPeterUK Member Posts: 689  Guru Member
    edited September 17, 2018 5:41PM

    But you don't have too the rule works fine without changing the ZyWALL HTTP server. You can run a web server on port 80 with ZyWALL HTTP server on port 80.


  • PeterUKPeterUK Member Posts: 689  Guru Member

    just an update this is still a problem in V4.33

  • OneZyUserOneZyUser Member Posts: 10  Freshman Member
    edited February 5, 2019 8:34AM
    @Zyxel_Stanley, the problem is if I disable admin access to port 443 (https, or 80 http) from WAN (so that only admins can access it from within the LAN), I should be able to free up that port for a virtual server behind NAT (when coming from WAN, and nat_loopback disabled).
    Another corner case is, as it happened to me, if I have a group of static IPs (all terminating at the same physical port), this rule will prevent me from running another server on the same port (even if I use a different static WAN IP).


  • jonatanjonatan Member Posts: 37  Freshman Member
    For example, it is possible to do so

  • RaphaelOliveiraRaphaelOliveira Member Posts: 34  Freshman Member
    Hi.You can use the "Redirect Service" to public a web service.
    You need create a security police allow this traffic (Wan to Serverxxx Allow)
  • I just got a new firewall for a customer and I have the same issue. I don't mind the warning if my Nat rule was set to answer on my firewall IP, but I have a block of 5 IP's and I get this error even if I set the nat rule to answer on a different IP address, I think this is pretty dumb as the only way to resolve seems to be to change the device ports to something else... not a deal breaker but a pain. if this is the way it will be you should default the firewall access ports to something besides 80 and 443 out of the box. like 8080 and 4433 (as most other firewalls already do this) but I still don't understand why this would happen when setting nat rule to answer on an IP other than my firewall interface ip.
  • PeterUKPeterUK Member Posts: 689  Guru Member
    edited March 20, 2019 7:08AM

    Its said that this will be fixed at some point but what you can do is Edit the config file to force to the ports you want.


  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 994  mod
    @michael3767
    This case already solved in the patch firmware, so which model are you using?
    I will private message firmware to you.
    Charlie
Sign In to comment.