Switched Cable to DSL and can’t access any ports, ZS answers

Home Page Forums Network Management Networking Switched Cable to DSL and can’t access any ports, ZS answers

This topic contains 2 replies, has 0 voices, and was last updated by  lip 8 years, 7 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #42551

    lip
    Member

    I changed from Cable(eth0) to DSL(eth2), copied VS & FW rules
    Now nothing can get past the ZS, it answers ping and will show it’s interface only nothing gets by it
    …not sure what to post here but this is from NAT

    Chain PREROUTING (policy ACCEPT 5596 packets, 379K bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpts:5000:5084 to:192.168.1.8:5000-5084
    0 0 DNAT udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:20000 to:192.168.1.8:10000-20000
    0 0 DNAT tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50022 to:192.168.1.8:22
    0 0 DNAT tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50080 to:192.168.1.8:80
    0 0 DNAT tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50083 to:192.168.1.8:83
    0 0 DNAT tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50443 to:192.168.1.10:443
    0 0 DNAT tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:192.168.1.5:25
    0 0 DNAT tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:192.168.1.5:443
    0 0 DNAT udp — ETH02 * 0.0.0.0/0 0.0.0.0/0 udp dpts:5000:5084 to:192.168.1.8:5000-5084
    0 0 DNAT udp — ETH02 * 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:20000 to:192.168.1.8:10000-20000
    0 0 DNAT tcp — ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50022 to:192.168.1.8:22
    0 0 DNAT tcp — ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50080 to:192.168.1.8:80
    0 0 DNAT tcp — ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50083 to:192.168.1.8:83
    0 0 DNAT tcp — ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50443 to:192.168.1.10:443
    0 0 DNAT tcp — ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:192.168.1.5:25
    0 0 DNAT tcp — ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:192.168.1.5:443
    0 0 DNAT tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5085 to:192.168.1.9:5085
    0 0 DNAT tcp — ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5085 to:192.168.1.9:5085

    Chain POSTROUTING (policy ACCEPT 70 packets, 5766 bytes)
    pkts bytes target prot opt in out source destination
    5122 312K SNATVS all — * * 0.0.0.0/0 0.0.0.0/0
    291 18199 MASQUERADE all — * ETH00 0.0.0.0/0 0.0.0.0/0
    4761 288K MASQUERADE all — * ppp0 0.0.0.0/0 0.0.0.0/0

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination

    #50813

    ppalias
    Member

    May I suppose that ppp0 is for the ADSL on ETH02?
    Is the DNS configured correctly? You have changed provider so make sure you are using the right DNS servers.

    #50814

    lip
    Member

    yes, ppp0 is on eth2.
    yes, dns is the same as opendns is used.
    DNS is status ‘down’ and entirely blank except forwarders:
    ANY (Server: 208.67.222.222,208.67.220.220)
    *DNS, DHCP, AD, EXCH – Done by MS server (apparently it’s not entirely happy if it doesn’t control all these)

    We had to use another router until we figure out the setting not allowing mail or anything through the ports.
    Outgoing all works fine.
    Incoming DNS/IP fine, router responds fine (even to WAN pings – I’d like to turn that off), but blocks all traffic to ports.

    I’ll post the full config, doing screen shots now.

    #50815

    lip
    Member

    If anyone happens to read this… seems I had two things wrong:

    1 – SETUP>HTTPS> I had added the WAN interface and a specific external IP to try to access ZS externally – DON’T do this, it doesn’t work, and it takes over entire the interface, 443 can no longer be used for anything else, hence we couldn’t access our exchange webmail.

    2 – Switched from Cable modem to DSL modem, but hadn’t switched rules from ETH02 to ppp0.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.