This guide will provide instructions on setting up port forwarding rules on the NBG router.
Overview
NAT (Network Address Translation) is the translation of the IP address of a host in a packet. Use port forwarding to make computers on a private network behind the Zyxel router available outside the private network. If the router has only one public IP address, you can make the computers in the private network available by using ports to forward packets to the appropriate private IP address. Below is a step-by-step list of instructions on creating port forwarding rules on the ARMOR-Z1 (NBG6816).
Supported Devices
ARMOR-Z1 (NBG6816)
Accessing the WebGUI
It is recommended that any configuration changes made to the router are done via a hardwired computer, especially when making changes to the wireless setup. Please be sure to have a computer connected to a LAN port (LAN1-LAN4) before proceeding with the setup changes. To access the web configuration screen for the ARMOR-Z1 (NBG6816) router, open an internet browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.). Type http://192.168.1.1 on the browsers address bar and press/hit the ENTER/RETURN key on your keyboard. This will open the routers login screen.
Type in the device password on the login screen to continue the setup. The default password for the Zyxel router is 1234. If the password was previously changed, type in the new password to continue.
Once logged in you will be prompted to change the administrative password, only if still using the default 1234 credentials. Type in a new password for the administrative credentials and click the Change button to save/apply the new setting, or, click the Skip button to continue into the web configuration screen and keep the administrative password as 1234.
Port Forwarding Menu
In the WebGUI click on the Expert option on the right side of the window, once in the expert mode click the WAN menu option across the bottom of the window.
From the WAN menu click on the NAT → General option on the left side of the window to access the port forwarding setup.
To create a rule fill in the necessary Port Forwarding fields and click the Add button to insert the rule. The Zyxel router has 12 predefined port forward rule options, these 12 predefined entries are the most used when creating port forwarding rules. Below are the descriptions for the 12 predefined entries in the router:
Service | Protocol | Port |
WWW | TCP_UDP | 80 |
HTTPS | TCP | 443 |
FTP | TCP | 21 |
E-Mail (SMTP) | TCP | 25 |
E-Mail (POP3) | TCP | 110 |
Telnet | TCP | 23 |
NetMeeting | TCP | 1720 |
PPTP | TCP_UDP | 1723 |
IPSec | UDP | 500 |
VoIP (SIP) | TCP_UDP | 5060 |
TFTP | UDP | 69 |
Real-Audio | TCP_UDP | 554 |
From the "Service Name" dropdown select the desired service port you wish to open/forward and provide the "Server IP Address" of the computer/device you wish to forward the traffic to. All other fields will be automatically filled in based on selected service name.
If the port you are attempting to open is not one of the predefined services select the "User define" option from the Service Name drop down box to manually enter the info.
- Provide a name for the service (L2TP based on screenshot below)
- Select the protocol used by the port service (UDP based on screenshot below)
- Specify the "Server IP Address" you need the service forwarded to
- Type in the Port number for the desired service (1701 based on screenshot below for L2TP)
- Click the Add button to save the entry, repeat the steps for any other ports that need to be opened/forwarded.
Once all port forwarding rules have been added click the Apply button on the top right of the configuration window to have the settings take effect.
Testing and Troubleshooting
To test if the ports are open you can visit a website with a port scanning tool to test the ports you have opened. Such sites include:
http://www.whatsmyip.org/port-scanner/
http://www.t1shopper.com/tools/port-scan/
http://mxtoolbox.com/PortScan.aspx
Please note that port scanning only works on TCP ports as this protocol requires a handshake to verify whether it is open or closed/stealth.
If the services being hosted are common services such as port 80 (WWW), 21 (FTP) or 3389 (RDP), you can use a web browser and/or the Remote Desktop Connection application built into Windows to test.
If the test fails:
- Check the software/firmware version currently running on the router against our FTP server. Make sure the current software/firmware version is installed.
- Reboot the router by pressing the power button found on the rear panel of the appliance. Wait 15-30 seconds before powering back ON.
- Verify the port forwarding rules to make sure the correct port, protocol and server IP address are being used.
- Is the service accessible locally? If you cannot access the service locally, it will not work from the internet either. Test the service(s) locally (internal network) to make sure the server is replying to the traffic.
- Disable the firewall on the computer/device that is running the service(s) to make sure it is not blocking the traffic.
- Windows: To disable the Windows firewall, open a RUN dialog box. You can access this by pressing the Windows + R keys on the keyboard.
- Type "firewall.cpl" and click OK or hit the Enter/Return key.
- Select the option to "Turn Windows Firewall on or off" on the left. Disable the firewall by selecting the "Turn off Windows Firewall" and click the OK button to save the settings.
Note: If you're using a third party software firewall, Trend Micro, Norton, McAfee, etc., please open the softwares control panel and disable the firewall feature. - Mac OS X: To disable the firewall on Mac OS X open System Preferences → Security & Privacy, click the Firewall tab and press the "Turn Off Firewall" button to disable.
- Make sure the server hosting the service(s) is pointing to the router as the default gateway.
- Bypass any other piece of networking equipment (switches, access points, etc.) and connect the server directly to the router (if possible). This will rule out the devices between the NBG router and server from causing the problem.
- Check with the ISP (Internet Service Provider) to make sure the port(s) are not blocked on the service end. Some residential ISPs block certain ports, such as port TCP:80, to prevent users from hosting websites on residential internet lines.
- Contact Zyxel Technical support for additional support. Support is available Monday through Friday from 8AM to 5PM PT @ 800-255-4101 option 5. You can also get email support by completing the "Support Request Form" here.
Comments
0 comments
Please sign in to leave a comment.