Solved

Zyxel router Access Control log stops access

Posted on 2009-05-14
3
1,658 Views
Last Modified: 2013-12-14
This is a P-660HW-D1.

I have enabled multi-nat, and mapped an external address to an internal one (1:1).  The internal address has a server set to respond to SSH (port 22).  A firewall rule permits any WAN address access.

From the outside, I can connect to this service, no problem.

The firewall log feature has an "Access Control" option.  If I turn this on, the above access is blocked.  Turn logging off again, it works fine.  What on earth is going on?
0
Comment
Question by:wohenben
  • 2
3 Comments
 
LVL 16

Expert Comment

by:ccomley
ID: 24393152
I've used lots of Zyxel routers - I don't  have access to one right this minute - and I can't visualise the Access Control option you speak of - can you say which menu it's on? What does the "help" page say it's for?

One "trick" you may find helpful, it used to be important on earlier firmware, though these days doesn't appear necessary, but it can't hurt to try. When you switch from SUA to Full Nat Control, as well as setting up the 1:1 you need for your server and a 1:Many for the rest of your LAN, set up a 1:1 between the router WAN address and the router LAN address.  So you have a plan something like this:-

210.121.126.1  <1:1> 192.168.1.1 (the router)
210.121.126.2  <1:1> 192.168.1.2 (your server)
210.121.126.3  <1.Many> 192.168.1.33 to 192.168.1.66 (your DHCP range)

0
 

Author Comment

by:wohenben
ID: 24397901
Thanks for the tip.  I'd already found out the first bit the hard way!
When setting a 1:1 for a server, do you also need a Server entry?  It wasn't clear from the docs if I just needed 1:1, Server, or both.

The Access Control is a check box in the log settings.  The manual doesn't say what it's for, but it seems to log matches (or mismatches) on the access control rules.

In fact I've found the problems go deeper than that.  Making even the slightest change to the address mapping rules if doing remote admin disconnects me, then I have to wait for the timeout before logging in again.
0
 

Accepted Solution

by:
wohenben earned 0 total points
ID: 24413934
Update:  I'm going to close this and re-submit as the problem seems to be different to what I initially thought.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question