1

I have one server behind NAT router that already set up port forwarding to server port 7000(server-client talk UDP). Everything is fine, except sometime the packet that is sent to client is not from port 7000, so firewall on client side drop it.

Symmetric NAT map out-going source port to another port, when this server connect with more than one client.

I already setup port forward and think that NAT won't overwrite my rule.

Anyone has an idea ?

thanks in advance ^^ voteforpedro

  • 1
    How about telling us what firewall/NAT system you have in place? Various vendors do things differently. – Zoredache Sep 08 '09 at 06:45
  • I have Zyxel P-660H-T1 v2 as NAT/Router on server side. I found out that it uses symmetric NAT. –  Sep 08 '09 at 07:16

2 Answers2

0

Symmetric NAT is bidirectional NAT. Port forwarding processes the rulebase twice for forwarded traffic. So there are two rules performing in this kind of NAT; once on the input, and again on the output.

  • In my case, I use Zyxel P-660H-T1 v2 as NAT router. In its web-ui configuration page, NAT setup page doesn't let me choose input/output rules, so I think It's input rules. The question is, how can I set up output rule for this system ? Or I have to use the console to setup this( That is not good for my customer ,quite complicated). –  Sep 08 '09 at 07:22
0

Finally, I found what cause this problem. I use zyxel router. And I think it's Zyxel's bug.

Sometime zyxel map outgoing port to another that isn't 7000. This behavior isn't found in my tested routers such as huaweii. Updating firmware cannot fix this. I hope zyxel team fix this bug soon.