NAT Woes

I had a fairly simple job to do today - set up some NATing on a new ZyWall firewall. I've done similar in the past, but it beat me this time. Everything looked OK, but the firewall failed to play ball. All I wanted was to NAT one (for now) public IP from the WAN to the DMZ. I called the ISP and they confirmed that everything was OK on their end. So I upgraded the firmware - still no joy. I called local ZyWall support. They talked me through what to do, which was what I had done (with one exception - I had done something extra which wasn't required but wouldn't cause a problem) and gave me a couple of workarounds. The workarounds failed drastically - seemed like the ZyWall got its knickers in a twist. So, factory reset and build from scratch (yes, I had a backup of the config, but I was advised to build it from scratch in case there was a problem with the config). Still no joy .

So, I put back in the old solution (always have a backup plan), tested it and took the ZyWall away with me for further analysis. Next step is verification that I wasn't having finger trouble. Thereafter, escalation with ZyWall and perhaps hooking up a sniffer to see what's going on. Unfortunately it's just one of those two hour jobs which is going to take something more like two days!

I'll post an update when I get to the bottom of it. Grrrr.

B