ZyXEL Communications ZyWALL 1000 User Manual
Chapter 6 Tutorials
ZyWALL USG 1000 User’s Guide
153
6.7.2 NAT Loopback Policy Route
Without a NAT loopback policy route, the LAN user SMTP traffic goes to the LAN SMTP
server has the LAN computer’s IP address as the source. The source address is in the same
subnet, so the LAN SMTP server replies directly. The return traffic uses the SMTP server’s
LAN IP address as the source address
server has the LAN computer’s IP address as the source. The source address is in the same
subnet, so the LAN SMTP server replies directly. The return traffic uses the SMTP server’s
LAN IP address as the source address
1
. This creates a triangle route since the source does not
match the original destination address (1.1.1.1). The user’s computer shuts down the session.
Figure 100 Triangle Route
Configure a policy route to use the IP address of the ZyWALL’s ge1 (LAN) interface,
192.168.1.1 as the source address of the traffic going to the LAN SMTP server from the LAN
users. This way the LAN SMTP server replies to the ZyWALL and the ZyWALL applies
NAT.
192.168.1.1 as the source address of the traffic going to the LAN SMTP server from the LAN
users. This way the LAN SMTP server replies to the ZyWALL and the ZyWALL applies
NAT.
Figure 101 NAT Loopback Policy Route
Click Network > Routing > Policy Route > Add and create the policy route as shown next.
Be careful of where you create the route as routes are ordered in descending priority. This
policy route applies source NAT to traffic sent from the LAN to the SMTP server.
Be careful of where you create the route as routes are ordered in descending priority. This
policy route applies source NAT to traffic sent from the LAN to the SMTP server.
1.
Even if the packets go through the ZyWALL, they only undergo layer 2 switching, not NAT.
192.168.1.21
LAN
192.168.1.89
Source 192.168.1.21
SMTP
192.168.1.21
LAN
192.168.1.89
Source 192.168.1.89
SMTP
NAT
Source 192.168.1.1
SMTP