How to configure the Zyxel Prestige 660HW –T1 for use with multiple echolink or popnote nodes

Challenge

To enable more than one echolink or popnote node to use a single ASDL connection which has multiple WAN IP addresses assigned. 

Solution

This is achieved by 1-1 mapping of WAN IP addresses to LAN IP addresses and opening the WAN to LAN firewall to enable echolink and popnote ports.

Configuration of Zyxel Prestige assumes default settings.  The only changes described are to allow port forwarding using multiple static WAN and LAN IP addresses.   Carry out the configuration in the following order which is very important otherwise certain menus will not be available.

LAN setup

WAN setup

NAT setup

FIREWALL changes

Test using echo link

LAN setup

Keep the default configuration for the LAN DHCP setup.  Ensure that the client IP pool is large enough to cover all (static and dynamic) IP addresses that you intend to use. 

LAN Static DHCP

Enter MAC address and static LAN IP address of computers used for port forwarding applications.  Ensure these are within the range of the DHCP pool.  Leave the LAN pc’s DHCP configuration as default, ie they receive the LAN Ip from Zyxel DHCP server.

WAN IP address

My ADSL connection is PPoA so the setup is here is described for PPPoA. Enter the static router  WAN IP address assigned by your ISP.  Enter username and password provided by ISP.

NAT – Mode

Select ‘Full Feature’ and click on ‘edit details’ to configure the NAT address mapping rules.

NAT – address Mapping Rules

For each static LAN/WAN IP addresses enter a new rule, for each mapping rule select 1-1 type.

For the DHCP served IP’s mapping rule select many-to-one (M-1).

 

NAT - Address Mapping Rules
Local Start IP Local End IP Global Start IP Global End IP Type Rule 1 192.168. 1. 50 . . . xxx.xxx.xxx.xxw . . . 1-1 Rule 2 192.168. 1. 51 . . . xxx.xxx.xxx.xxx . . . 1-1 Rule 3 192.168. 1. 52 . . . xxx.xxx.xxx.xxy . . . 1-1 Rule 4 192.168. 1. 33 192.168. 1. 49 xxx.xxx.xxx.xxz . . . M-1 Rule 5 . . . . . . . . . . . . - Rule 6 . . . . . . . . . . . . - Rule 7 . . . . . . . . . . . . - Rule 8 . . . . . . . . . . . . - Rule 9 . . . . . . . . . . . . - Rule 10 . . . . . . . . . . . . -

 

FIREWALL

Use default rules

Firewall - Default Policy
X  Enable Firewall    X  Allow Asymmetrical rule
	CAUTION: When Allow Asymmetrical Route is checked, all LAN to LAN and WAN to WAN packets will bypass the Firewall check.
Packet Direction Default Action Log LAN to LAN / Router Forward LAN to WAN Forward WAN to LAN Block WAN to WAN / Router Block

 

Firewall rules summary

To receive incoming messages WAN to LAN firewall rules have to be created for each service. 

Select packet direct as WAN to LAN.

Create a new UDP only service for popnote (port 54538,54539) and echolink (port 5198,5199). 

 This example shows the 3 static destination LAN Ip’s with echolink and popnote services.

NB The default policy is to block

Packet Direction   WAN to LAN

Default Policy: Block, Log

Rule Active Source IP Destination IP Service Action Schedule Log Alert 1 Y Any 192.168.1.52 *Echo link(UDP:5198-5199) *Popnote(UDP:54538-54539) Forward No No 2 Y Any 192.168.1.51 *Echo link(UDP:5198-5199) *Popnote(UDP:54538-54539) Forward No No 3 Y Any 192.168.1.50 *Echo link(UDP:5198-5199) *Popnote(UDP:54538-54539) Forward No No

 

Test

The most effective test is to use the ‘Firewall/router test’ from the echolink tools menu.  TCP 5200 and four UDP 5198 and 5199 tests should all succeed.  If two tests fail then the most likely cause is within the NAT rules.  Use popnote and send a message to K5HUM if you don’t get an echo then something is wrong.

Logging

Turn logging on to aid trouble shooting as it is a good diagnostic tool showing which traffic is given access and which is blocked by the Zyxel firewall.

Author

Steve G4NZV 22/11/07