ZyXEL Communications ZyWALL 1000 User Manual

ZyWALL USG 1000 User’s Guide

This chapter describes how to set up, manage, and remove virtual servers. First, it provides an 
overview of virtual servers, and, then, it introduces the virtual server screens and commands. 
See 

 for related information on these screens.

Virtual server is also known as port forwarding or port translation.

"

The virtual server changes the destination address of packets. This is also 
known as Destination NAT (DNAT). 

Virtual servers are computers on a private network behind the ZyWALL that you want to 
make available outside the private network. If the ZyWALL has only one public IP address, 
you can make the computers in the private network available by using ports to forward packets 
to the appropriate private IP address.
In the ZyWALL, you set up a virtual server for each forwarding rule. The first part of the 
virtual server defines the conditions required to forward the packet.

• Original IP - the original destination address; it can be an Ethernet, VLAN, bridge, or 

PPPoE/PPTP interface; a specific IP address; or a HOST address object. (See 

• Protocol Type - the protocol [TCP, UDP, or both (Any)] used by the service requesting 

the connection.

• Original Port(s) - the original destination port or range of destination ports. You might 

use a range of destination ports for unknown services or when one server supports more 
than one service.

The second part of the virtual server controls where the packet is forwarded if the conditions 
are satisfied.

• Mapped IP - the translated destination address.
• Mapped Port(s) - the translated destination port or range of destination ports.

The original port range and the mapped port range must be the same size.