ZyXEL P-660R-D1 port forwarding
I recently upgraded my DSL modem from an old Speedstream to this ZyXEL modem. My old setup was using a Linksys WRT54G acting as a router to connect through the modem. With this new modem I no longer need to do that if I keep the modem in 'router' mode. I currently have the modem plugged into port one on the router with other hosts plugged into the other 3 ports. Normal internet access works just fine.
However I have a personal website that I host here. I have been beating my head against a wall for several hours trying to determine why I can't get port 80 to forward to it. There were never any issues with my old setup where I was using the WRT54G to do the forwarding. I have done a lot of searching both here and google with no success. Worse case I could switch the modem over to bridged mode. I really like to monitor the SNMP traffic though so I would like to keep it in 'routing' mode if possible. I like to consider myself quite knowledgeable about home networking which is why I am so stumped by this.
Some guides talk about a firewall on the P660R but I see no config pages for a firewall. The shieldsup common ports scan shows all of the scanned ports as closed with the exception of 21, 23 & 80 being stealthed. I tried the tutorial over at portforward.com and it didn't yield any results. Does Earthlink have a non-user configurable firewall in this? The latest firmware on the ZyXEL site is older than the one I have. Anyone have ideas about what I may have misconfigured?
Some details / settings that may be relevant:
ZyNOS FW: V3.40(AHC.4) | 12/08/2006
Network -> LAN
LAN IP: 192.168.1.1/24
Any IP Setup: (Unchecked) Active
Windows Networking (NetBIOS over TCP/IP): (Unchecked) Allow between LAN and WAN
Network -> NAT -> General
NAT Setup: (checked) Active Network Address Translation
(selected) SUA Only
Network -> NAT -> Port Forwarding
Default Server: 0.0.0.0
1 WWW 80 80 192.168.1.10
Verify under Advanced Setup/Security if the checkbox called Web is unchecked.
Under which section would I find that? At the risk of being long, here is the menu structure. The items with the '--' are tabs after clicking on the top level item. A lot of the pictures I have seen for configuring this modem do not have as graphical a layout as mine.
--WAN Backup Setup
Sorry but perhaps I was wrong about the menu structure of your GUI, but in most of these models without SPI firewall, there is a filter to block some incoming ports, driven by checkboxes at the GUI. It seems not to be the your case. The filters may be manipulated with major granularity using Telnet, but I'm not sure if your model have the menu-driven Telnet interface.
I will try a sight to the manual of your model.
Top level telnet menu (edited for format):
Copyright (c) 1994 - 2006 ZyXEL Communications Corp.
P-660R-D1 Main Menu
1. General Setup
2. WAN Backup Setup
3. LAN Setup
4. Internet Access Setup
11. Remote Node Setup
12. Static Routing Setup
15. NAT Setup
21. Filter Set Configuration
22. SNMP Configuration
23. System Password
24. System Maintenance
25. IP Routing Policy Setup
26. Schedule Setup
Enter Menu Selection Number:
Check at menu 11 / number of your remote node / go to Edit filter set and change to yes with space bar / with Enter you go to Menu 11.5 RN Filter. See at Input Filter Set - Protocol Filter, remember the numbers and delete it. Exit with Enter.
Re test your server o re-scan the port. If now you get Closed instead of Stealth, there was the filter blocking.
Hope this help.
That was indeed the issue. It would be nice if they would have provided all of the options in their web interface. It seems that would be the preferred location unless they did not expect users to ever modify it.
said by ymodem:Welcome to the undocumented world of the Zyxel features behind the GUI.
It would be nice if they would have provided all of the options in their web interface. It seems that would be the preferred location
Well, now that you know where the issue was, you need to configure the filter in a more secure way. It's not a good idea to remove completely the filter from that point, because that filter for sure involves other details about ports and security. In menu 11.5 you saw some number/s you removed that mean/s filter set/s. You need to check at menu 21 for all available sets, open each set seen in 11.5 and check the rule that blocks destination port 80, edit that rule to forward instead drop, and reinstall the filter sets you have seen in 11.5 in that same order they was.
Hope this helps.
i have d same modem/router but my telnet has no menu. help. same problem with port forwarding. thanks!