Thursday, September 30, 2010

How to configure nat port translation in a ZyXEL 661 ADSL router

Problem
Configuring Port Mapping via web interface is not possible. Use telnet commands detailed below.

Solution
If you are having problems configuring port mapping on a Zyxel router, the below instructions should help you.
There is no way of doing this using the web GUI so please use the telnet command to configure port mapping. You can only do port address translation via the command line interface (telnet):

Example 1: translate external ports 4420 through 4422 to internal ports 8080 through 8082 ip 192.168.26.101

:4420 -> 192.168.26.101:8080
:4421 -> 192.168.26.101:8081
:4422 -> 192.168.26.101:8082

ip nat server load 1
ip nat server edit 2 svrport 4420 4422
ip nat server edit 2 intport 8080 8082
ip nat server edit 2 forwardip 192.168.26.101
ip nat server edit 2 active yes
ip nat server save

To display the table
ip nat server load 1
ip nat server disp 1

Notes: (1) The "load 1" is required to loading the set #1 (1st page) of rules, the "edit 2" refers to the 2nd rule (in set #1) (2) svrport refers to the ports as they appear on the WAN side before the translation (3) intport refers to the ports as they appear on the LAN side after the translation (4) if you view the port forwarding rules in the web interface (Network > NAT) the external ports (svrport) are shown in rule 1 (N-1)
If your firewall is enabled, then you will need to create a firewall rule based on the internal ports (intport).

Add WAN/LAN rule 1 Permit Source IP = any Destination IP = 192.168.26.101 Service = TCP/UDP Port 8080 to 8082

Example 2: translate external; ports 4420 through 4422 to internal port 80 on IPs 192.168.26.101 through 192.168.26.103

:4420 -> 192.168.26.101:80
:4421 -> 192.168.26.102:80
:4422 -> 192.168.26.103:80

ip nat server load 1
ip nat server edit 2 svrport 4420 4420
ip nat server edit 2 intport 80 80
ip nat server edit 2 forwardip 192.168.26.101
ip nat server edit 2 active yes
ip nat server edit 3 svrport 4421 4421
ip nat server edit 3 intport 80 80
ip nat server edit 3 forwardip 192.168.26.102
ip nat server edit 3 active yes
ip nat server edit 4 svrport 4422 4422
ip nat server edit 4 intport 80 80
ip nat server edit 4 forwardip 192.168.26.103
ip nat server edit 4 active yes
ip nat server save

The firewall is simpler
Add WAN/LAN rule 1 Permit Source IP = any Destination IP = 192.168.26.101 to 192.168.26.103 Service = http

A quick example
Forward port 8080 to internal server 192.168.1.231 port 80
ip nat server load 1
ip nat server disp 1
ip nat server edit 2 active 1
ip nat server edit 2 svrport 8080 8080
ip nat server edit 2 intport 80 80
ip nat server edit 2 forwardip 192.168.1.231
ip nat server save

For more info take a look at
http://www.granitecomputers.co.uk/resources/knowledge_detail.asp?kbid=19

No comments:

Post a Comment