NAT Loopback not working if network is not directly connected to ZyWall 110
Options
IlyaTaskaev
Posts: 5
Network scheme listed below:
1:1 NAT
Task: Ping Server from the local network (172.19.1.30) by Public IP: 99.99.99.99.
Internet is working,
When I ping it from my Laptop I got "Request timed out" error.
Source IP: 172.19.1.30
Dest IP: 99.99.99.99
Policy rules added with maximum rights allowed from anywhere to the server IP 172.19.0.21.
I tried packet capture on 172.19.0.21 server, and I see packets from my laptop, but it comes from 172.19.99.2 IP, therefore NAT is working:
Seems ZyWall does not revert back the original source IP address (172.19.1.30) to the packet and not resend it back to my Laptop according to static route? Is this design restrictions?
When I ping it from HP router ping is successful.
For any directly connected to ZyWall network, it works perfectly, but for Network, which needs to be routed it doesn't work.
1:1 NAT
Task: Ping Server from the local network (172.19.1.30) by Public IP: 99.99.99.99.
Internet is working,
When I ping it from my Laptop I got "Request timed out" error.
Source IP: 172.19.1.30
Dest IP: 99.99.99.99
Policy rules added with maximum rights allowed from anywhere to the server IP 172.19.0.21.
I tried packet capture on 172.19.0.21 server, and I see packets from my laptop, but it comes from 172.19.99.2 IP, therefore NAT is working:
Seems ZyWall does not revert back the original source IP address (172.19.1.30) to the packet and not resend it back to my Laptop according to static route? Is this design restrictions?
When I ping it from HP router ping is successful.
For any directly connected to ZyWall network, it works perfectly, but for Network, which needs to be routed it doesn't work.
0
Accepted Solution
-
Hey, this little boi resolves the issue
Now it works perfectly, thank you for the suggestion to update firmware.0
All Replies
-
Hi @IlyaTaskaev
Which firmware is working on your ZyWALL110?
Can you capture the ICMP packets on interface 172.19.99.2?
0 -
Stanley, thank you for your reply!
>Can you capture the ICMP packets on interface 172.19.99.2?
I think ZyWall have the ability to capture traffic, I need to try it.
My Firmware Version: V4.20(AAAA.2) / 2016-11-22 19:04:14, not latest, but, do you think it can affect NAT?0 -
Hi @IlyaTaskaev
We have fixed similar issue in official firmware.
Can you upgrade to 4.33 firmware first and try it again?
Avoids configuration issue in upgrading process, you can forward your configuration to me by private message. I can help to verify it first,0 -
We need to plan downtime to do it, thank you again, I will update this thread as soon as we update firmware0
-
Hi!
I have updated my ZyWall to the latest firmware:
System Name:zywall-110
Model Name:ZyWALL 110
Serial Number:S152L51400338
MAC Address Range:04:BF:6D:1A:29:CD ~ 04:BF:6D:1A:29:D3
Firmware Version:V4.33(AAAA.0) / 2019-01-09 09:37:31
The issue is still here, updating firmware not helped me.
0 -
Hi @IlyaTaskaev
I will send private message to you for check this issue more details.
0 -
Hey, this little boi resolves the issue
Now it works perfectly, thank you for the suggestion to update firmware.0 -
0
Zyxel Employee
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
