Zywall 5 and WHS? RRS feed

  • Question

  • Hi to all of you,


    I have a Zywall 5 firewall/rotuer and cannot have it to work with WHS.


    Even if I enable uPnP, WHS tells me it cannot configure it!

    Can anyone tell me how to configure it manually ?


    Thanks a lot for your help!



    Saturday, November 3, 2007 4:39 PM


  • OK now it works. I had to perform a total reset of the router.

     I then went through the configuration carefully and it works.


    I used the website grc.com (shields up) to test if my port were open ).


    Now I am online... great !



    Sunday, November 4, 2007 10:02 PM

All replies

  • If my Zywall1 is any indication, it may have suceeded and not known it. I got a similar message, but I see the UPnP settings in the NAT list when I use the router's command line interface.


    If you know how to manage the router from the web interface, go to the (I think this is what it will be called on the Zywall5) SUA page and see if you can define the port forwarding for WHS. (See the WHS Help for the ports to be forwarded.) You may get an error about duplicate ports. (The GUI doesn't show all of the port forwarding setup via UPnP.)


    Have you ever mananged the router from the command line interface? There are commands--can't test them here since I'm away from home so I'm hesitant to put down an untested sequence from my head--that let you see the total list of the NAT/port forwarding setup. I went through the above steps and then found them in the table anyway.


    Of course all of that having been said, I still can't get to my server from outside, for reasons yet to be understood. So, my Zywall1 may still be a problem regadless of the entries I see in the NAT table.

    Saturday, November 3, 2007 5:08 PM
  • I've never managed my router from a command line, only from the web interface.


    I see the SUA options, I configured the port forwarding option, but it still doesn't work???


    Any other ideas?




    Saturday, November 3, 2007 6:26 PM
  • Tough to say. (You say you configured the port forwarding option. Did you configure all three ports and where they should go inside? Is the server still atthat interior address?) I suspect this feature will be the Support Achilles' Heel of WHS. There are a LOT of things that can go wrong and WHS has control of very few of them.


    First principals: can you get to it from inside your network? (This worked for me and I assumed it was a good sign and took off for the weekend. Now in a real world test it doesn't work from outside.) Is the IP being served up by DNS the correct current exterior IP for your router? Does your ISP block any ports?


    I'm still trying to think of a good test from outside to figure out if my traffic is really getting to the router exterior.

    Saturday, November 3, 2007 7:02 PM
  • One thing you might check is your lan adapter. I worked for a day and a half investigating what sounds like similar trouble only to figure out that my old lan card did not even have drivers available that would work. I was then able to connect right away.Had three connection issues with UNP enable, bought a new Dlink Lan card (DFE-530TX) installed it and poof no problems.
    Saturday, November 3, 2007 8:35 PM
  • It is not a cable or driver problem, besides port forwarding, everything runs good from within my network. I can use remote access, see the web site and everything.


    Can't someone post screenshot of the port forwarding configuration for a zywall 5 ?




    Saturday, November 3, 2007 9:36 PM
  • I'd send a screenshot if I had one and if it was working.


    What have you done to confirm your exterior traffic is really getting to the router and failing there?


    How are you testing it from the exterior? A dialup from a machine normally on your network? A separate machine not on your network ever?


    Who's your ISP/CLEC? I'm on Earthlink/Covad.


    I ask these questions as much to understand your technique since I'm battling some of the same issues as to try to help clarify/resolve your issue.

    Saturday, November 3, 2007 9:59 PM
  • OK now it works. I had to perform a total reset of the router.

     I then went through the configuration carefully and it works.


    I used the website grc.com (shields up) to test if my port were open ).


    Now I am online... great !



    Sunday, November 4, 2007 10:02 PM
  • I wish I could say I were having equal success with my Zywall 1.


    WHS has configured NAT via UPnP:

    Code Block

    Password: *********
    Copyright (c) 1994 - 2003 ZyXEL Communications Corp.
    gate_fire> ip nat server disp
    Server Set: 1
    Rule         name             Svr P Range    Server IP       LeasedTime
         Active  protocol    Int Svr P Range    Remote Host IP Range
       1 DMZ                       default      0
          No      ALL               0 - 0     -
      13 WHS_Port_Mapping_80       80 - 80   0
         YES      TCP              80 - 80    -
      14 WHS_Port_Mapping_443     443 - 443   0
         YES      TCP             443 - 443   -
      15 WHS_Port_Mapping_4125    4125 - 4125   0
         YES      TCP            4125 - 4125  -
      36 RR-Reserved             1026 - 1026   0
         YES      ALL               0 - 0     -


    But I cannot get through the router to the port forwarded server at unless I set the Firewall to off. This despite the firewall settings page saying "WAN to LAN -- All traffic originating from the WAN is blocked unless you configure port forwarding rules." Isn't that what those rules are as noted above for ports 80, 443, and 4126? I have confirmed this with ShieldsUp and the WHS test app itself. If the firewall is enabled, the port forwarding rules do nothing. If the firewall is disabled, the port forwarding rules forward and all the other traffic is finding closed ports--presumably at the router itself.


    If anybody has any thoughts and what I might be missing, I'd be really greateful...

    Monday, November 5, 2007 12:12 AM
  • For the archive and future searchers: Zynos/Zywall will accept port forwarding requests via UPnP if UPnP is enabled and if the additional setting "Allow users to make configuration changes through UPnP" is enabled. But they will only ENFORCE/ALLOW these requests if "Allow UPnP to pass through Firewall" is also set. That's not what that title communicated to me, but it's what it does.

    Tuesday, November 6, 2007 3:37 AM