Zywall Multiple WAN IP's through NAT to servers??

Discussion in 'Networking & Security' started by joweaver88, Jul 30, 2013.

  1. joweaver88

    joweaver88 n00b

    Messages:
    8
    Joined:
    Jul 30, 2013
    Ok so here is my network setup and after I explain that I will explain what I am trying to do.

    I have a comcast business class cable modem/router with a block of 5 static WAN IP addresses. This router is set up as a passthrough with no DHCP to a Zywall USG 100 firewall/router we are using this as our main router and DHCP server, this router's WAN interface uses the first static IP in our block. Then the Zywall is connected to a 24 port unmanaged gigabit switch which all of our devices are connected to.

    Most of our devices are simple configs just using DHCP for internet access.

    What I am trying to do currently is put a single server (a couple more later but one for now) outside our LAN using one of the unused static WAN IP addresses.

    I have been struggling with this for hours and need assistance (please I beg you!)

    I created a virtual interface of my main WAN interface using one of the spare static IP's... it is working because if I navigate to it in my browser it brings up the zywall login page.

    Now I just need to get NAT to pass that IP over... I would like to actually be able to set the static within windows on the server so that virtual interface is essentially a bridge. I have no idea how to do this though.
     
    Last edited: Jul 30, 2013
  2. Wrench00

    Wrench00 2[H]4U

    Messages:
    3,423
    Joined:
    Sep 30, 2003
    Usually you would assign the whole block to the WAN address.

    You then make an address object for each IP address that's part of the block and make a firewall and a Nat rule to allow IP->Server1 IP2->server2 etc..

    That's how its done on a sonicwall.
     
  3. joweaver88

    joweaver88 n00b

    Messages:
    8
    Joined:
    Jul 30, 2013
    I have actually been following instructions I found for a sonicwall haha... just to get the main idea. But with the Zywall you cant assign a whole block to a single external interface. You can only assign a single IP to it. You can however then create "virtual interfaces" from the main external interface for example.

    Wan1 (IP: x.x.x.5) < physical (this is the IP of the router itself)
    Wan1:1 (IP x.x.x.6) < virtual
    Wan1:2 (IP x.x.x.7) < virtual
    Wan1:3 (IP x.x.x.8) < virtual
    Wan1:4 (IP x.x.x.9) < virtual

    This seems to partially do what I want because then if I navigate to x.x.x.6 I get the Zywall login page just like I would if I navigate to x.x.x.5

    Right now I actually disabled the firewall just to make things simpler... I will worry about the firewall after I get NAT functioning properly. I found some threads on another forum about the Zywall's and someone mentioned SNAT instead of NAT but if you go to the NAT configuration there is a little notification saying that SNAT is dealt with via policy routing...

    I am definitely lost and a bit over my head right now.
     
  4. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,164
    Joined:
    Mar 18, 2008
    I've never dealt with zywall but all you have to do is now create dnat rules with the destination of the wan ip you want and NAT it to the ip of the server.
     
  5. marley1

    marley1 [H]ardness Supreme

    Messages:
    5,447
    Joined:
    Jul 18, 2000
    One to One NAT is what you want to use.

    Then port forward as normal with firewall
     
  6. marley1

    marley1 [H]ardness Supreme

    Messages:
    5,447
    Joined:
    Jul 18, 2000
    Also ZyXEL support is great, they will log in or do a join.me and set up with you.