ZyXEL and mixed NAT non-NAT LAN Subnets

From AAISP Support Site
Revision as of 11:25, 7 October 2020 by AA-Andrew (talk | contribs)

The ZyXEL 1312 and 3925 range of routers don't allow the use of both public and private IPs at the same time on the LAN. There is an option in the web interface to have a 'Public LAN' subnet, but the problem is that the ZyXEL will still NAT all the traffic, and there is no way to configure the router to only NAT the private IP addresses and not to NAT the public IP addresses.

If you are wanting to use a mix of public and private IP addresses on your LAN, then the only option with the ZyXEL is to use 'Port Forwarding' AND 'Address Mapping' features. These are found in the NAT section of the web interface.

These features are rather limited and you many not be able to get the router to do what you want. You'll find that the port mapping does not let you set a destination IP address - that is the specific IP public address that you want to port map on to your server.

The Port Mapping tab will allow you to map ports sent to the Router's WAN IP to internal IP addresses, whilst the 'Address Mapping' will allow you to specify IP addresses in the public block allocated to you that will be used when a device makes an outgoing connection, and this also affects the port map.

Address Mapping

Address mapping example

Normally when the router performs NAT, the IP 'seen' by the internet will be the router's WAN IP address. If you're running a server, you may want it to be 'seen' as one of the IP addresses in your public block that has been assigned to you.

This option will tell the router that when your server (192.168.0.100 in this screenshot) accesses the internet to NAT the traffic as being from the specified IP address (81.187.0.2). This means, that when your server access the internet it will be seen as coming from one of your IP addresses in the allocated block from AAISP.

Port Forwarding

In the Port Forwarding screen, you can set where incoming traffic is sent. The limitation here is that the public IP that the traffic is being sent to cannot be specified. This makes in impossible to define different IP addresses to use the same port. This may be where the limitation of the ZyXEL will let you down and not do what you are wanting.