Good day, I have a Bell Fibre Op connection (east coast Canada) that I have been using with my zyxel router for some time.
My goal is to transfer this to my HEX unit. I have already successfully proved that I can use my Cable (backup and email ISP) on the HEX.
Historical Process to Connect FIBRE WAN to Zyxel.
a. The first step was configuring WANX on my zyxel router using plain ethernet settings of a static IP address of 0.0.0.0. mask of 0.0.0.0 for mask.) WAN X was defined as an external interface. In some respects people may think of this as leaving WAN1 UNCONFIGURED (this view may help when tacklng the HEX).
b. I then created VLAN35 and associated it to the interface WANX. It was also deemed an external interface. I selected get IP automatically for the Ethernet Settings
c. At this point I could connect the assigned physical WAN Port to the ISP and pull an IP successfully on VLAN35 but could not get any traffic to the PCs on the LAN network.
d. We noticed that in my Trunk rule I had incorrectly associated the Primary interface to be WAN1 and changed this to VLAN35.
NOTE: Trunk was simply a Load Balancing SETUP for my two ISPs, where the Fibre was primary and the Cable was backup. It was done in such a way that the Cable was not going to be used unless FIBRE was unavailable)
e. I still could pull an IP, and could see the VLAN talking to DNS servers but no internet traffic on the PCs.
NOTE: On the WANX Ethernet interface (and VLAN35), the type External is automatically selected. The manual states that the zywall automatically assigns snat settings and default route for traffic it routes from internal interfaces to external interfaces What we missed is that this does not necessarily apply to VLAN associated interfaces! We now suspected, the packets from LAN to vlan35 were being forwarded with source ip and port of the LAN hosts and the responses were then not coming back to ZyWALL. (and I had the audacity in another mikrotik thread to ask why block LANIPs from leaking out of the router LOL)
d. It was determined that no SNAT was occurring and was the issue.
e. This was solved by policy routing. A route was created that identified all LAN traffic (I created a LANZONE object that including both a LAN and DMZ), that indentified all users and all services and the NEXT HOP was my defined TRUNK. I could have used the VLAN interface as the Email service was on Cable, but I wanted load balancing so that all PCs could get to the net if FIBRE went down.
Note: I had to put a route for my eastlink email to Cable first before the Trunk rule so that we can access the email but the rest of traffic has to go to Trunk.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The takeaway for me is
-
I need help setting up the WANX ethernet settings for the HEX (using Ether5)
How do I mimic a null or unconfigured WANX on the HEX, on the zywall it was a static IP and mask of all zeros??? -
I should ensure that all LAN traffic next hop is VLAN35
-
I should ensure that traffic leaving the LAN for VLAN35 has SNAT
-
If I can get this far, then I can worry about fail over.
Edit Comment: I believe it may be as simple as just doing the VLAN interface alone not piggybacking on a WAN interface.
NOTE when hooked up to the mikrotick on Cable/Eastlink (thru ether2) on the HEX I can access the email and internet just fine.
Conclusion: For some reason SNAT is already setup on the Eastlink interface and I don’t remember doing that, nor a route for my LAN to go out the EASTLINK interface??
Would be great if someone could explain how come that is working?
I assume its part of the default config, so the answer is check your config first as the answers will be in there.