Overview
NAT (Network Address Translation) is the translation of the IP address of a host in a packet. Use port forwarding to make computers on a private network behind the ZyXEL router available outside the private network. If the router has only one public IP address, you can make the computers in the private network available by using ports to forward packets to the appropriate private IP address. Below is a step-by-step list of instructions on creating port forwarding rules on VMG devices.
Supported Devices
VMG1312-B10A
VMG1312-B10D
VMG1312-B30A
VMG3925-B10A
VMG3925-B10B
VMG3926-B10A
VMG4325-B10A
VMG4380-B10A
VMG4825-B10A
VMG5313-B10A
VMG5313-B30A
VMG8324-B10A
VMG8324-B30A
VMG8924-B10A
VMG8924-B30A
VMG9823-B10A
Accessing the Web Configurator
To access the device web configuration screen to configure the modem/router, please connect your computer directly to an available LAN port. A wired computer is needed to minimize downtime when making changes to the configuration. During the configuration process the device may reboot to apply changes successfully, this means a temporary loss of connection to the network, this is why it is not recommended to make any configuration changes via wireless.
Open an internet browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and delete the contents of the address bar. Type http://192.168.1.1 on the address bar and hit the enter/return key on the keyboard. 192.168.1.1 is the ZyXEL default IP address, if your VMG was provided to you by the internet service provider it may be running proprietary firmware/software based on your provider's standards for operation. If this is the case you may need to contact the service provider to obtain the IP address for the web configurator and login credentials (administrative credentials). Once the correct web configurator address is entered on the browser, the following screen will appear requesting the administrator credentials.
Enter the ZyXEL administrative credentials: username=admin & password=1234
Or, enter the ISP proprietary administrator credentials: must be obtained from the ISP
After the ZyXEL default credentials are entered a prompt will appear to create a new admin password. Create a new password the press the Apply button to save the settings, or, check the box "No need to change password. Do not show this page next time" and click Apply to keep the default password.
Port Forwarding
Port forwarding rules can be created from the Network Setting → NAT menu.
From the Port Forwarding tab click the Add New Rule button to insert/create a rule.
- Active – Activate or Disable the rule
- Service Name – Name for the service rule being created, "RDP" for example.
- WAN Interface – Select the correct internet connection: ADSL, VDSL or ETHWAN (varies by model).
- WAN IP – Optional, for use only if getting multiple IP addresses from ISP.
- Start Port – First port to open
- End Port – Last port to open (Note: if only opening one port, the start and end port entries should the same)
- Translation Start Port – Optional, only use if start port will be converted to different port before forwarding to server.
- Translation End Port – Optional, only use if incoming port will be converted before forwarding to server.
- Server IP Address – IP address of the machine connected to the VMG LAN where the port traffic needs to be forwarded to.
- Protocol – Are the ports TCP based, UDP based ports or both TCP/UDP.
- Click OK to create and save the port forwarding entry.
- Repeat the process to add any additional port forwarding entries.
The VMG also has predefined port forwarding rules for some of the most commonly used services. You can create a port forwarding rule based on these built-in applications. Click the Applications tab to add a rule.
- WAN Interface – Select the correct internet connection: ADSL, VDSL or ETHWAN (varies by model).
- Server IP Address – IP address of the machine connected to the VMG LAN where the port traffic needs to be forwarded to.
- Application Category – Select the category of the application from the dropdown.
- Application Forwarded – Select the service group from the dropdown.
- View Rules – Click the button to view the list of service ports for the selected application.
- Click OK to save/apply the settings.
Testing and Troubleshooting
To test if the ports are open you can visit a website with a port scanning tool to test the ports you have opened. Such sites include:
http://www.whatsmyip.org/port-scanner/
http://www.t1shopper.com/tools/port-scan/
http://mxtoolbox.com/PortScan.aspx
Please note that port scanning only works on TCP ports as this protocol requires a handshake to verify whether it is open or closed/stealth.
If the services being hosted are common services such as port 80 (WWW), 21 (FTP) or 3389 (RDP), you can use a web browser and/or the Remote Desktop Connection application built into Windows to test.
If the test fails:
- Check the software/firmware version currently running on the router against our FTP server. Make sure the current software/firmware version is installed.
- Reboot the router by pressing the power button found on the rear panel of the appliance. Wait 15-30 seconds before powering back ON.
- Verify the port forwarding rules to make sure the correct port, protocol and server IP address are being used.
- Is the service accessible locally? If you cannot access the service locally, it will not work from the internet either. Test the service(s) locally (internal network) to make sure the server is replying to the traffic.
- Disable the firewall on the computer/device that is running the service(s) to make sure it is not blocking the traffic.
- Windows: To disable the Windows firewall, open a RUN dialog box. You can access this by pressing the Windows + R keys on the keyboard.
- Type "firewall.cpl" and click OK or hit the Enter/Return key.
- Select the option to "Turn Windows Firewall on or off" on the left. Disable the firewall by selecting the "Turn off Windows Firewall" and click the OK button to save the settings.
Note: If you're using a third party software firewall, Trend Micro, Norton, McAfee, etc., please open the softwares control panel and disable the firewall feature. - Mac OS X: To disable the firewall on Mac OS X open System Preferences → Security & Privacy, click the Firewall tab and press the "Turn Off Firewall" button to disable.
- Make sure the server hosting the service(s) is pointing to the router as the default gateway.
- Bypass any other piece of networking equipment (switches, access points, etc.) and connect the server directly to the router (if possible). This will rule out the devices between the NBG router and server from causing the problem.
- Check with the ISP (Internet Service Provider) to make sure the port(s) are not blocked on the service end. Some residential ISP's block certain ports, such as port TCP:80, to prevent users from hosting websites on residential internet lines.
- Contact ZyXEL Tech Support for further assistance @ 800-978-7222. Support is available Monday to Friday from 8AM-5PM Pacific Time. You can also reach us via email by submitting a support request form here.
Comments
0 comments
Please sign in to leave a comment.