Virtual Server (Port Forwarding) Rule(s) Setup for 4.XX Firmware version and higher
Table of Contents
Scenario
With Virtual Server (Port Forwarding) the ZyXEL gateway forwards specific requests to the selected server/client. This guideline shows how to setup a Virtual Server rule.
Create Address Objects
To create a Virtual Server rule, the simplest way is to start with creating address objects.
In this tutorial we will create two objects, one for the WAN1 (GE1) Interface IP-address and one for the server’s internal IP-address.
To create an address object go to the Configuration menu. Select the Object → Address menu.
Click the Add button.
Give the object a name. Choose “Interface IP” as Address Type, as this will dynamically follow the interface IP-address, and select Interface “WAN1” (GE2).
Click the OK button |
Use the same step for the server’s address object. Here you use “Host” as Address Type. Insert your server’s internal IP-address.
Click the OK button |
Create Service Object
To create a service object for ports that are not predefined go to Configuration → Object → Service. You will be presented with a list of all the service objects on the device, both user created and predefined. If there isn’t a service object created for the port number(s) you need please click the Add button to insert a service rule.
- Give the object a name
- Specify protocol “TCP” or “UDP” (if you need both protocols you will need to add multiple service object, one using the TCP protocol and the other with UDP)
- Specify start and end ports (if you only need one port such as the example above just specify the start port and the object will be created for a single port only)
Click the OK button
Create Virtual Server Rule
To create a Virtual Server rule go to, Configuration → Network → NAT menu. Click the Add button to insert a rule.
- Enable rule
- Insert a rule name
- Select Virtual Server
- Choose the incoming interface (usually WAN1 or GE1)
- Select the “WAN1_IP” object for Original IP
- select “Int_SRV_IP” for Mapped IP
- Select Service for the Port Mapping Type
- In Original and Mapped Service select the service object you created for the port(s) that need to open
Click the OK button
Note: NAT Loopback can be activated so internal clients can contact the server based on public info (WAN IP, DDNS hostname, Domain Name, etc.), only if Original IP is not set to ANY.
Create Policy Control Rule
As the final step, we need to create a Policy Control rule, to allow traffic to pass through to the server. Go to the Configuration → Security Policy → Policy Control menu and press the Add button to insert a rule.
- Provide a name to the Policy Control rule.
- Select FROM WAN TO LAN1.
- Insert your servers IP-address object as Destination.
- Select your preferred Service or Service Group (in this case HTTP is selected).
- Set Access as Allow.
- Enable Log if needed.
Click the OK button
Comments
0 comments
Please sign in to leave a comment.