Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Zyxel router Access Control log stops access

Posted on 2009-05-14
3
Medium Priority
?
1,673 Views
Last Modified: 2013-12-14
This is a P-660HW-D1.

I have enabled multi-nat, and mapped an external address to an internal one (1:1).  The internal address has a server set to respond to SSH (port 22).  A firewall rule permits any WAN address access.

From the outside, I can connect to this service, no problem.

The firewall log feature has an "Access Control" option.  If I turn this on, the above access is blocked.  Turn logging off again, it works fine.  What on earth is going on?
0
Comment
Question by:wohenben
  • 2
3 Comments
 
LVL 17

Expert Comment

by:ccomley
ID: 24393152
I've used lots of Zyxel routers - I don't  have access to one right this minute - and I can't visualise the Access Control option you speak of - can you say which menu it's on? What does the "help" page say it's for?

One "trick" you may find helpful, it used to be important on earlier firmware, though these days doesn't appear necessary, but it can't hurt to try. When you switch from SUA to Full Nat Control, as well as setting up the 1:1 you need for your server and a 1:Many for the rest of your LAN, set up a 1:1 between the router WAN address and the router LAN address.  So you have a plan something like this:-

210.121.126.1  <1:1> 192.168.1.1 (the router)
210.121.126.2  <1:1> 192.168.1.2 (your server)
210.121.126.3  <1.Many> 192.168.1.33 to 192.168.1.66 (your DHCP range)

0
 

Author Comment

by:wohenben
ID: 24397901
Thanks for the tip.  I'd already found out the first bit the hard way!
When setting a 1:1 for a server, do you also need a Server entry?  It wasn't clear from the docs if I just needed 1:1, Server, or both.

The Access Control is a check box in the log settings.  The manual doesn't say what it's for, but it seems to log matches (or mismatches) on the access control rules.

In fact I've found the problems go deeper than that.  Making even the slightest change to the address mapping rules if doing remote admin disconnects me, then I have to wait for the timeout before logging in again.
0
 

Accepted Solution

by:
wohenben earned 0 total points
ID: 24413934
Update:  I'm going to close this and re-submit as the problem seems to be different to what I initially thought.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question