ZyXEL → Can't NAT on the 2nd WAN connection

Beyond my shallow level of expertise I am afraid. How many IPs do you have? Reason I ask is that you cannot use the WAN2IP for both
a one to one NAT and normal NAT. I am probably off base but that is my first impression.

Why not treat the second WAN as a normal WAN and simply stick the server on the LAN, then use port forwarding and firewall rule to access the server from the outside. Use a dyndns server name and you have the same affect but even better as users don't need to remember a number but simply a name.

Hi Anav,

I have four static IPs on wan1, and I have two statics IPs on wan2. One is dedicated to the fiber ppoe modem, the other, the wan2 port of my zywall.I don't get that. I only want to do a one to one NAT on my wan2 port. I have attached a diagram of what I want to do : the address 212.xx.yy.152 is forwarded to my OwnCloud server (but for now lands on my Zywall).

Yeah WAN2 looks weird but I have never had multiple IPs. I just cant get my head around how your zywall will see the 212.....152 IP if the pppoe modem doesnt let it pass through to WAN2.

Does the PPoE modem simply pass through the second IP (not convert it to 192 address??)
perhaps if your cloud server was on a 192.168.18.5 ADDRESS it would work???

For me multiple IPs means the modem is supplying them. In your case the modem seems to be NATing to your router in which case you would never be able to use the .152 IP.

I have attached the screenshot of how my modem is configured for now.Why is that ? I thought that by doing so, if I request »212.xx.yy.162 it would arrive on the modem, then the firewall and then my cloud server. You can't do to 1:1 NAT in a row ?I thought about that, but in that case, I would have to connect the cloud server directly to the modem and that would certainly work : but then my server wouldn't be anymore behind the firewall.

You still need a firewall rule to allow the traffic to the server, perhaps that is causing the blockage

I have disabled it for testing purpose, no success.

And let's suppose it was the case (firewall blocking it), then it shouldn't show the Zywall login page.

as I stated I have never seen a block of IPs work the way you want them too. Now this is simply reading other peoples posts and not my own knowledge. I do not think you can sent the .152 IP address through WAN2 in its configuration.

I think the best you can do is map- configure the .152 Ip to a specific Modem 192.168 IP address and then one to one nat that to the server............

I don't understand what you are suggesting. Everything is working fine on the wan1 port : i have several public IPs and the NAT is working fine (wan1-2, wan1-3, etc.. in one of my screenshots).

The BIG difference is that on my wan1 port, it's a PPoE connection (fiber bridge), but on my wan 2 port, it's a static IP to my PPoE modem.

My limited knowledge doesn't let me understand what happens when you do a 1:1 NAT (what is changed) : I "only" want to do a 2nd 1:1 NAT from address 212.xx.yy.162 to 192.168.3.5 but I can find how to make that work

Looking at your modem pics it sure looks as if though they have set it up to do nat 1 to 1. So my concerns are alleviated on that front.

Why do you have .162 setup in the first shot( bottom half of first jpeg).......... you assign .162 to the wan2 on the router........ (assuming the modem is 18.1)

So instead of using .162 for your cloud serve mapping try the following.......

Keep the wan setup as is, and assign the one to one mapping of 192.168.18.3 to the cloud server and make the adjustment in your modem to 192.168.18.3 to the public IP .162 on the other side of the modem.

I think the issue is that first pic your assigning 18.2 to the router and that's why the zywall page shows up.......

so in the zywall your one to one mapping is 192.168.18.3 (public IP on the modem side) to the IP of the server 192.168.3.5.

Just to make sure I am not missing something here, but you do have two modems?
One for each of the WAN port?
If yes, why do you not just bridge them both?

You need to make sure that the addresses used for each wan port are not in the same subnet.

In theory you can do 1-1 nat as many times as you want, but stuff like VPNs might not like it much.

Hey GOG, any updates>>>>>> Did you try the IP changes I suggested?