Solved

Zyxel router Access Control log stops access

Posted on 2009-05-14
3
1,644 Views
Last Modified: 2013-12-14
This is a P-660HW-D1.

I have enabled multi-nat, and mapped an external address to an internal one (1:1).  The internal address has a server set to respond to SSH (port 22).  A firewall rule permits any WAN address access.

From the outside, I can connect to this service, no problem.

The firewall log feature has an "Access Control" option.  If I turn this on, the above access is blocked.  Turn logging off again, it works fine.  What on earth is going on?
0
Comment
Question by:wohenben
  • 2
3 Comments
 
LVL 16

Expert Comment

by:ccomley
ID: 24393152
I've used lots of Zyxel routers - I don't  have access to one right this minute - and I can't visualise the Access Control option you speak of - can you say which menu it's on? What does the "help" page say it's for?

One "trick" you may find helpful, it used to be important on earlier firmware, though these days doesn't appear necessary, but it can't hurt to try. When you switch from SUA to Full Nat Control, as well as setting up the 1:1 you need for your server and a 1:Many for the rest of your LAN, set up a 1:1 between the router WAN address and the router LAN address.  So you have a plan something like this:-

210.121.126.1  <1:1> 192.168.1.1 (the router)
210.121.126.2  <1:1> 192.168.1.2 (your server)
210.121.126.3  <1.Many> 192.168.1.33 to 192.168.1.66 (your DHCP range)

0
 

Author Comment

by:wohenben
ID: 24397901
Thanks for the tip.  I'd already found out the first bit the hard way!
When setting a 1:1 for a server, do you also need a Server entry?  It wasn't clear from the docs if I just needed 1:1, Server, or both.

The Access Control is a check box in the log settings.  The manual doesn't say what it's for, but it seems to log matches (or mismatches) on the access control rules.

In fact I've found the problems go deeper than that.  Making even the slightest change to the address mapping rules if doing remote admin disconnects me, then I have to wait for the timeout before logging in again.
0
 

Accepted Solution

by:
wohenben earned 0 total points
ID: 24413934
Update:  I'm going to close this and re-submit as the problem seems to be different to what I initially thought.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now