IP Pool & NATing

Neman/Core-TAC
 Zyxel-334
If customer wants to configure his Live ip pool following are the steps

o Click on the LANIP AliasCheck IP Alias 1Enter First useable live IP, Subnet mask of IP pool
in corresponding fieldsRIP Direction and RIP Version should be kept default.

Give First pool

Live IP Address

Live IP Pool Subnet Mask

o Then Goto SUA/NATAddress Mappingclick on insert

o Then according to requirement we need to proceed. Following cases can occur
o Case 1:- One to one Mapping
o Case 2:- Many to one Mapping
o Case 3:- Many one to one mapping
o Case 4:- Many to Many Overload
o Case 5:- Server
For IP pool configuration Case 3 is required. Enter the Live IP`s as shown. Suppose pool was 124.109.224.152/30
then enter useable IPs as:-
After Apply is selected, following window will be seen.

For Multi Nat we have to allow the private IPs as well. We have to select the case Case 2:-Many to one Mapping

First of all customer to confirm his global IP form whatismyip.com, suppose it is 58.65.175.24 and then give local
range and this global start IP as:-

After Clicking on apply it will be shown as follows:-

Basic description for all possible Cases are discussed accordingly as:-

Case 1:- One to one mapping It is used when requirement is to map one local IP address to one global IP address as
follows:-

Case 2:-Many to one Mapping In Many-to-One mode, the ZyWALL maps multiple local IP addresses to one
global IP address. This is equivalent to SUA (that is, PAT, port address translation), ZyXEL's Single User Account
feature (the SUA option).

Case 3:- Many one to one mapping In Many-One-to-One mode, the ZyWALL maps each local IP address to a
unique global IP address.
Case 4:- Many to Many Overload In Many-to-Many Overload mode, the ZyWALL maps the multiple local IP
addresses to shared global IP addresses.

So as in above example four local IPs are assigned to 2 global IPs.

Case 5:- Server This type allows you to specify inside servers of different services behind the NAT to be accessible
to the outside world.
 Zyxel Zywall 2
This Document can be used to configure NAT & IP Pool configuration. For doing this, goto NetworkLANIP
alias. Select the IP alias options according to your requirement. In below case there are two different pools being
configured so we have checked both IP Alias options.

Live IP Pool Subnet Mask

Step 1:-

Goto NetworkLANIP alias

In IP Address enter First useable IP of the pool
In IP subnet enter Subnet Mask of the IP Pool

In above example there are two pools which are 203.82.54.48/29 and 203.82.54.112/30

Step 2:-

Goto AdvanceNAT Address mappinginsert

And then do the address mapping as per requirement. In this example private IPs from 192.168.1.33 to 192.168.1.250
are NAT against WAN IP 124.109.36.98 (Many to one mapping). Remaining 6 IP`s are statically NAT (one to one
mapping) :-
Step 3:-

Then Goto AdvanceNATSelect Full Feature Option

Note: - The MAX concurrent session on ZyWALL2 Plus has increased to 3000 which is 1024 on ZyWALL2.

Now the configuration should be verified by PINGing the live IPs.

 DD-WRT
To configure the customer Live IP pool follow below mentioned procedure. Please note that all commands are case
sensitive.

Step 1:

Click on Administration Command

In command editor type following command

o ifconfig br0:1 [First Usable IP] netmask [Subnet Mask]
o For second Pool: ifconfig br0:2 [First Usable IP] netmask [Subnet Mask]
After typing this command save as Startup Configuration as shown below snapshots.

Step 2:
Type
following commands
in command shell:
o iptables -t nat F
For IP Routed customers use the following command:
o iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
 For PPPOE customers customers use the following command:
o iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE
Click on Save Firewall to save configuration.

The configuration should look similar to below picture:

Step 3:
This router is supporting two NATING mode
o Gateway (Multinat or Full featured)
o Routing (NATING OFF or without NAT)
Set operating mode as Gateway using this path:
o Setup Advance Routing operating Mode=Gateway
Click on Apply setting.
 The configuration should look similar to below picture:

Step 4: Disable Firewall

Security SPI Firewall DisableApply Settings

The configuration should look similar to below picture:

Step 5: Checking Configuration

For successful configurations, you should be able to PING the Live IP assigned.
 Port Forwarding
DD-WRT via GUI
1) Access the router using the default gateway and click NAT/QoS tab as shown below:

2) When you click NAT/QoS tab, following window will open:

3) From the following screen, click Add button as below:

4) Upon clicking Add button, you will see window with following options:

5) In the Application field, enter the name of Application (this field is just an identifier for easy understanding of
the user).
6) In protocol field, you can select TCP, UDP or Both depending upon the application. In case you are not
sure what to use, select the Both option.
7) In the Source Net field, type the source IP that will be used for port forwarding. This is field is mostly set to
0.0.0.0 which means any IP from internet can access the internet. If customer wants to make the port
forwarding rule accessible via a specific IP then enter that IP in Source Net field.
8) In the Port from field, enter the port that you will put after WAN IP. General format is WAN_IP:Port_from
9) In the IP Address field enter the IP of the machine behind router. This machine is usually part of LAN.
10) Port to is the port number of the machine behind router.
11) Enable field needs to be checked to enable that port forwarding rule.
12) After you have entered all the fields, click the Save and then click Apply Settings buttons.
13) If the port forwarding is done successfully, you will be able to access the machine using WAN_IP:Port_from
format in your browser.
 DD-WRT via Commands
1) Configuring Port Forwarding via commands is the most preferable way since port forwarding rules entered
using NAT/QoS tab sometimes behave erroneously.
2) Access the routers interface and click the Administration tab at the top of the screen as shown below:

3) When you click Adminstration tab, following screen will open up:

4) Now click the Commands tab as shown below:

5) Now you need to enter following commands and then click Save Firewall button:
iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport PORT_ON_LOCAL_MACHINE -j DNAT --to
IP_Of_LOCAL_MACHINE: PORT_ON_LOCAL_MACHINE
iptables -I FORWARD -p tcp -d IP_Of_LOCAL_MACHINE --dport PORT_ON_LOCAL_MACHINE -j ACCEPT
PORT_ON_LOCAL_MACHINE: The port that is opened (listening) on LAN
IP_Of_LOCAL_MACHINE: The IP assigned to machine on LAN
Note: Above commands need to be entered in one line
6) Above commands only block tcp based traffic. To enable port forwarding on udp traffic; replace the tcp
words from above commands with udp
7) If the port forwarding is done successfully, you will be able to access the machine using WAN_IP:Port_from
format in your browser.