by jason.lee » Sun Feb 19, 2012 9:58 am
I have a Sonice supplied ZyXel p-663hn-51. I also have 4 static ip's with my fusion service.

One of the static ip's is nat'd thru the ZyXel and onto my private network - 10.0.1.x. I have an Airport Extreme that I'm using it to supply my dhcp addresses - I didn't want the ZyXel doing this. So far everything is working great.

I have a vmware instance on another machine on my 10.0.1.x network that I want to expose as a public ip. Does anyone have docs or know of the steps to do this?


- jason
by mbreese » Mon Feb 20, 2012 1:49 am
I *think* you'd have to have that machine plugged into the Zyxel box, and then you'd have to have the VM setup to use the external address. That sounds like a very odd setup though. There might be a way to do it with routing rules, but I doubt it.

Do you need to expose the entire VM or just a specific port/ports? If it is just a set of ports, you can do that with NAT rules. (Advanced setup > NAT in the Zyxel).
by jason.lee » Mon Feb 20, 2012 8:06 am
Just need to expose specific ports. I'll try the NAT rules.

by jason.lee » Mon Feb 20, 2012 11:28 am
Hmm, so this isn't what I was exactly looking for. After more digging I don't think the Zyxel will allow me to assign static ip's and forward to a private address. I know this is what NAT is, but from what I've gathered, it can nat the one ip, but in order to use the other external ip's, I'd have to plug in physical machines into the other ethernet ports and then add another wan port to connect to that ethernet port.

I have a Cisco RV016 in the closet and I might have to break that out for all of this to work.
by jason.lee » Fri Feb 24, 2012 2:47 pm
I got my RV016 to work. I have the ability to do one-to-one nat in it to internal ip address. I can also firewall that address, which I've done. I didn't find an (easy/clear) way to do this on the Zyxel.

However - my initial request to load a web page up seems really slow. I thought at first it was a dns thing, but I tried, for instance, 'dig google.com' and it came back really quick, in 38msec.

For instance, when I load up http://www.appleinsider.com, it says the page + js load takes about 6s. To complete the rest of the images takes a total of about 29s. If I connect straight into the Zyxel, the same page loads in 10s.

So I'm wondering how the RV016 is really slowing it down that much. If any has any thoughts, I'd appreciate it. Thx.
by toast0 » Fri Feb 24, 2012 9:21 pm
I'm not sure if 38 msec is really all that quick (this is the 'query time at the bottom of the dig output right?; I'm seeing < 10 ms with dig google.com @ns1.sonic.net from my computer directly attached to my dsl modem). Cisco specs claim 200 mbps nat throughput and 97 mbps vpn throughput, so it seems like it should be able to keep up/not slow you down.

What does your network look like now?

Zyxel (bridge mode) <-> RV016 (NAT) <-> Airport Extreme (as access point + DHCP?)

If you have more than one device doing NAT, that's bad. It might be worth verifying MTU settings on everything is 1500, which should be the default... mismatched MTU can screw stuff up and make things slow.
by jason.lee » Sat Feb 25, 2012 8:27 am
Hi toast,

Thx for the reply. Yah, I was thinking 38msec might be on the high side, but I'm also ~10k from the co, so I wasn't sure how much that affected things.

My current setup is like so:

Zyxel (bridge mode) <- RV016 (NAT/Firewall/DHCP) <-> Gig Switch for wired / AE (access pt) for wireless

I have a MacPro that I do most of my work on and the mtu is 1500. It's also connected to my internal network via gigabit. I bought the RV016 about 6+ years ago, so, maybe it's just slow and I never noticed it before..?

I did some more poking around in the RV016. I had my nat'd ip denying all incoming traffic for that external ip. I did a port scan on the ip and then removed the overall block on it and then just blocked the open ports. Also on my machine I'm running an proxy ad blocker called GlimmerBlocker. I disabled that and it seems like now everything is faster. So, it looks like it was GlimmerBlocker. It's weird tho because it just started with the RV016 added.

Oh well, guess I'll live with this for now and keep playing with things. Thx for the reply.
