Zyxel Adsl Modem P-660h-t1 V2

[trogers]

Note also, if you are using a wireless connection to the router, you have to set the static LAN IP address into the properties of your wireless adapter card.

In the same way, if you are using a ethernet cable connection to the router, you have to set the static LAN IP address into the properties of your local network adapter card.

[welo]

It's not that difficult.....

But it's not that easy either. Browsing this thread I see a lot of terms that are familiar to us but would not be understood in detail by a novice user:

LAN

WAN

DHCP

IP Pool

static IP

public/private IP

NAT

modem/router

tracert

Often minor differences will cause confusion, 'static IP' being a good example for how a user who has some experience can easily be mislead (WAN <> LAN)

So I consider your comment somewhat arrogant or at least not very amicable.

Btw I had troubles myself configuring a port forward several times though I consider myself to be pretty advanced on this topic and IT in general. I suspect either uTorrent or my modem playing tricks on me, such as not responding to changes until after restarts or something like that. Things like that will confuse a novice even more than me...

Whatever, I am paying to much attention to a troll.

welo

[nikster]

I got a Zyxel P660 from CAT as well. If you enable UPnP, everything just works. You don't have to type in or memorize port numbers and stuff like that. UPnP does this for you.

So enable UPnP on the Zyxel. Go to 192.168.1.1, log in with user: admin, password 1234 (the default on the zyxel), then Advanced->UPnP, and turn it on. Should look like this:

Then in your Bittorrent client, reset it to default to make sure it's using UPnP. All bittorrent clients I know of support UPnP.

While the zyxel is a modem, it's also a router, as are most DSL modems. The default configuration for these is that they are set up as modem and DHCP server so you can just plug in a wireless router and off you go.

There is one final potential problem: Your wireless router might be set up as DHCP server. Turn that off. Make sure it's not doing any DHCP serving. You want the zyxel to act as the only DHCP server on your network so that UPnP may work. However, this last step is also required for any of the other solutions to work. Port forwarding can only work if there's only one DHCP server, whether it's done via UPnP or manually. I just think that doing it manually is a waste of time.

It's easy in the same way that everything is easy if you know how

Edited December 1, 2009 by nikster

[welo]

My guide to troubleshooting a port forward:

1. Make sure your computer has assigned a static local IP, use this tutorial. The tutorial is very complete, try to read and understand the whole thing

Regarding DNS servers: in Thailand it's not a bad idea to use openDNS anyway, so just use those: 208.67.222.222, 208.67.220.220

Be sure you can still access the internet, otherwise don't jump to the next step!

If you don't use a static IP the port forward might still work for now, but will most probably fail sooner or later because the IP address assigned to your computer by the router will change.

2. Temporarily turn off any personal firewall that is running on your computer (Windows Firewall, Zonealarm, whatever...). The risk is minimal since your computer is not (easily) accessible from the internet anyway thanks to your router. This is why we need to establish a port forwarding in the first place.

3. Start your bittorrent client and configure and/or take notes of the used port. Use telnet to check whether the program is opening the specific port and no firewall on your computer is blocking it:

- Open a command line window: Windows Start Menu -> Run -> cmd

- telnet to your local IP (the one from step 1) and the port where your torrent program is listening (step 2): telnet [your-local-ip] [bittorrent-port], e.g. telnet 192.168.1.2 6888

- If the port is open and accessible the window will go black with only a blinking cursor (the connection has been established), otherwise a error message will state some kind of connection problem. A connection problem might indicate that the port is blocked or that you provided the wrong ip or port.

4. Now tackle the configuration on your router! Use this website to check whether your port is open. Hit refresh to test again. Don't rely on the status indicator on your bittorrent client, utorrent's status lamp is pretty slow to react on changes sometimes. The website is more relyable!

If you cannot get the port check on the website to 'turn green' then you can be pretty sure something is wrong with the router config. If - and only if - you didn't skip any of the previous steps!!!

A router restart might help in some cases.

5. Now you can check your bittorrent client, it should turn green, too. I found that restarting uTorrent helps. Also make sure that uTorrent really exits by making sure there is no uTorrent.exe process in the task manager (CTRL-SHIFT-ESC -> processes).

6. Now restart your personal firewall and see if things still work. Also restart your bittorrent client, your firewall might only start fully working on newly established connections.

7. Restart your computer and see if things still work.

8. Restart your router and see if things still work.

Always remember, don't jump to the next step if the check for one of the steps fails. A systematic approach will make troubleshooting a lot easier.

HTH

welo

[trogers]

I got a Zyxel P660 from CAT as well. If you enable UPnP, everything just works. You don't have to type in or memorize port numbers and stuff like that. UPnP does this for you.

Turning on UPnP at the router is a security threat and you loose the hardware firewall that the NAT function provides:

http://en.wikipedia.org/wiki/Universal_Plug_and_Play

http://www.grc.com/nat/nat.htm

[marinediscoking]

I also have this modem. I have spent hours trying to get port forwarding to work with no luck.

From a previous poster on page 1 said "it is impossible"!!! He was right!

I have also been trying to port forward utorrent and ipcams with TTT and CAT adsl lines. I wish I had read this tread before i bought it a few weeks ago, well to late now.

There is no new firmware availible for it and contacting zyxel usually does not help. I am going to buy a different modem, I have used several other zyxel modems here in thailand with no problems forwarding ports. The modem does work great if you don't need to forward any ports.

@nikster the screen shot of uPnP page is not same as the model we are discussing (zyxel P-660h -T1 V2) it looks totally different on mine.

[trogers]

@nikster the screen shot of uPnP page is not same as the model we are discussing (zyxel P-660h -T1 V2) it looks totally different on mine.

The P-660H series is similar to the HW series but is not wireless and has 2 working ports (1+2). Ports 3 and 4 are reserved for ISP functions as told by True's tech on the phone.

Points to watch out are:

- set a static LAN IP address into your local connection adapter card within the range of 192.168.1.40 to 192.168.1.50

- connect the ethernet cable to port 1, and log into the router with admin rights

- port forward to the static LAN IP address chosen.

- make sure firewall is not set to block LAN to WAN signals.

[welo]

It seems Port Forwarding is possible on a Prestige P-660H-T1, I guess you guys are aware of this guide?

http://portforward.com/english/routers/por...T1/Utorrent.htm

There are reports of successfully port forwarding on a P-660H on this thread.

However, as tigerbeer stated in his comment and what is also my experience with a different Zyxel (WLAN) router (P-320v2), the Zyxel software implements a rather powerful firewall software in terms of features that is a lot less powerful when it comes to handling a high number of connections.

A high number of connections is very unique to bittorrent/P2P software, most programs (web browsers for isntance) just open only a handful of connections simultaneously. So whereas the port forwarding should be possible to setup (green light) it might as well be that the connection/router stalls within the first 5 minutes when more connections are established.

The problem of too many connections is not limited to a specific bittorrent client, however, default connection limits might differ between utorrent and vuze which might make it look like it is.

Try to find the setting for the maximum number of connection ('global') and limit it to 100. Download speeds might remain low but the router should be able to handle it. Also look into your routers log whether you find something like 'exceeded maximum connection session limit'.

It might be possible to configure the Zyxel to perform well with higher number of connections, I just didn't bother to find out yet since my SpeedTouch modem/router performs well without any tweaking and I use the Zyxel as Wireless AP only.

I also wonder about the information given by True support that port 3+4 is reserved for ISP use only. That might either be just bogus information or the router's firmware has been heavily modified for True (well, I will not mention what seems more likely to me...)

This thread is never going to die, is it?

welo

[nikster]

I got a Zyxel P660 from CAT as well. If you enable UPnP, everything just works. You don't have to type in or memorize port numbers and stuff like that. UPnP does this for you.

Turning on UPnP at the router is a security threat and you loose the hardware firewall that the NAT function provides:

http://en.wikipedia.org/wiki/Universal_Plug_and_Play

Hmm... right. That makes sense. If uTorrent can use UPnp, then so can some malware. The site mentions that Adobe flash can do it from the browser, which is worrying. Even though I haven't heard of wide-spread outbreaks of Flash malware that does that, it could happen any day, and it could be used to open an attack vector for other software.

That makes UPnP much less attractive. Too bad, because I really loved how it works.

Edited December 11, 2009 by nikster

[welo]

Hmm... right. That makes sense. If uTorrent can use UPnp, then so can some malware. The site mentions that Adobe flash can do it from the browser, which is worrying. Even though I haven't heard of wide-spread outbreaks of Flash malware that does that, it could happen any day, and it could be used to open an attack vector for other software.

That makes UPnP much less attractive. Too bad, because I really loved how it works.

The mentioned attack took advantage of a security issue in Adobe's Flash player that has been fixed since April 2008 (player version 9,0,124,0).

However, it is still possible for malware/trojans that has infected a computer on the local network to use uPnp to reconfigure the router. In such a case there are many different ways for malware/trojans to manipulate your computer (key loggers for instance). Even without uPnp it is easily possible for a trojan to establish a connection to a server on the internet and send data 'home'.

A personal firewall that filters not only incoming but also outgoing traffic (something that Windows Firewall does NOT do) can help to identify trojans in both such cases - whether they use uPnp or they just open a connection. For inexperienced users it might be difficult to identify illicit connections even with a Personal Firewall installed.

uPnp surely offers additional options to trojans that have successfully infected a computer behind a NAT router. I am no expert on trojans/malware to rate how widespread uPnp (ab)use is and whether under these circumstances uPnp should be disabled on the router or not.

welo

[trogers]

For inexperienced users it might be difficult to identify illicit connections even with a Personal Firewall installed.

welo

Sysinspector of ESET is a freeware and very useful to find unusual startup and running processes, as well as details of network connections being used by the comp:

http://www.eset.com/download/sysinspector.php

[welo]

Sysinspector of ESET is a freeware and very useful to find unusual startup and running processes, as well as details of network connections being used by the comp:

http://www.eset.com/download/sysinspector.php

Thanks, nifty tool! Takes a snapshot of current TCP connections only though. Windows Sysinternals' TCPView is less nifty but has live view. However, I like ESET's tool for its 'niftyness'

welo

[nikster]

Hmm... right. That makes sense. If uTorrent can use UPnp, then so can some malware. The site mentions that Adobe flash can do it from the browser, which is worrying. Even though I haven't heard of wide-spread outbreaks of Flash malware that does that, it could happen any day, and it could be used to open an attack vector for other software.

That makes UPnP much less attractive. Too bad, because I really loved how it works.

The mentioned attack took advantage of a security issue in Adobe's Flash player that has been fixed since April 2008 (player version 9,0,124,0).

However, it is still possible for malware/trojans that has infected a computer on the local network to use uPnp to reconfigure the router. In such a case there are many different ways for malware/trojans to manipulate your computer (key loggers for instance). Even without uPnp it is easily possible for a trojan to establish a connection to a server on the internet and send data 'home'.

A personal firewall that filters not only incoming but also outgoing traffic (something that Windows Firewall does NOT do) can help to identify trojans in both such cases - whether they use uPnp or they just open a connection. For inexperienced users it might be difficult to identify illicit connections even with a Personal Firewall installed.

uPnp surely offers additional options to trojans that have successfully infected a computer behind a NAT router. I am no expert on trojans/malware to rate how widespread uPnp (ab)use is and whether under these circumstances uPnp should be disabled on the router or not.

welo

I'd need more details. Let's forget about the case of an already-infected computer - in my opinion, if you have a trojan, it's too late to talk about security - it's over.

The thing about reconfiguring upnp is that there seems to be no security - no router password required. It's just some http(?) requests sent to 192.168.1.1. And it seems to me that that would be possible any number of ways from a website no? JavaScript? Java? Flash? I guess I need more information on the original attack, and on how UPnP works.

[bangkok blue]

Getting some very similar problems with TRUE's Zyxel 1 port wifi model! It's driving me mad!!!!!

I don't use the wifi, connect my computer directly to 8MB, occasionally my gf uses her laptop to surf via the wifi off the same modem!

Have port forwarded correctly, I have listed exceptions in windows firewall, I have set up the static IP correctly.

Sometimes get the green logo, sometimes get a yellow logo, sometimes red!!!!!!!

Downloads vary, from slow 20-30kps, ok 100-150kps and occasionally 700-800kps, highly inconsistent!!!!!!! Not what I'd expect from an 8MB ADSL cable connection.

All other things work fine, streaming, radio, browsing etc.... It seems until someone becomes familiar with this modem it looks as though that there is a conflict with downloading torrents with a Zyxel router.

Disabling firewalls in the router, or UPnP enabled would put the computer at risk.

I'm open to suggestions, right now I've hit a complete dead end with this problem.

[bangkok blue]

That being said, does say in UT setup guide that most routers have UPnP universal plug and play built in, this being checked will allow port forwarding and means you no longer have to set up a manual port...

Does anyone know for sure if this leave you open to Malware, viruses etc...???

Surely UT wouldn't recommend to do this if there were security issues???

[trogers]

Getting some very similar problems with TRUE's Zyxel 1 port wifi model! It's driving me mad!!!!!

I don't use the wifi, connect my computer directly to 8MB, occasionally my gf uses her laptop to surf via the wifi off the same modem!

Have port forwarded correctly, I have listed exceptions in windows firewall, I have set up the static IP correctly.

Sometimes get the green logo, sometimes get a yellow logo, sometimes red!!!!!!!

Downloads vary, from slow 20-30kps, ok 100-150kps and occasionally 700-800kps, highly inconsistent!!!!!!! Not what I'd expect from an 8MB ADSL cable connection.

All other things work fine, streaming, radio, browsing etc.... It seems until someone becomes familiar with this modem it looks as though that there is a conflict with downloading torrents with a Zyxel router.

Disabling firewalls in the router, or UPnP enabled would put the computer at risk.

I'm open to suggestions, right now I've hit a complete dead end with this problem.

Firewall setting in the router:

- Permit LAN to WAN signals in Bypass

- In Anti-probing, set it not to respond to pings from WAN.

Edited December 14, 2009 by trogers

[bangkok blue]

Trogers, thanks for the tip... Have done as you've advised, LAN to Wan signals already permitted.

Have now changed to Respond to Lan only.

Being as I have decided (After reading the risks to opening up UPnP mapping in my router) to manually set up a port using a static I.P, do I need to check UPnP mapping in the Utorrent preferences?

[trogers]

Trogers, thanks for the tip... Have done as you've advised, LAN to Wan signals already permitted.

Have now changed to Respond to Lan only.

Being as I have decided (After reading the risks to opening up UPnP mapping in my router) to manually set up a port using a static I.P, do I need to check UPnP mapping in the Utorrent preferences?

Uncheck UPnP, both in the router and in Utorrent.

Make sure static LAN IP address set into your comp is within the the IP address pool of the router - 192.168.1.33 to 192.168.1.64 (see DHCP settings in the router).

[welo]

I'd need more details.

The thing about reconfiguring upnp is that there seems to be no security - no router password required. It's just some http(?) requests sent to 192.168.1.1. And it seems to me that that would be possible any number of ways from a website no? JavaScript? Java? Flash? I guess I need more information on the original attack, and on how UPnP works.

Google is your friend

http://www.gnucitizen.org/blog/flash-upnp-attack-faq/

But basically all you've said is correct:

A flash 'app' was used to send http headers to the local router on the uPnp port and reconfigure it. Depending on the uPnp support of the router you could do a horrible many of things, e.g. configure a port forward accessible from the internet so others could reroute their traffic through your router and attack another website.

This falls under the categroy 'cross-domain' issues: Flash should not allow connections to other domains than the server the app/movie originated from. This was fixed/implemented in Flash Player as of April 2008.

It was not really a uPnp issue, since allowing remote connections to other domains can be used for all kind of attacks. uPnp just caught a lot of attention because the effects are so severe.

UPnp is a HTTP header based protocol (if I remember correctly) and provides NO MEANS OF AUTHENTICATION. I guess the idea was to just make it work without needing any intervention by the user, well, plug and play.

Not sure what was the justification for that, maybe assuming that it is run only within a safe environment/network(?), but implementing a simple authentication mechanism (optional) probably would have avoided many problems.

This is an article in favor of uPnp.

http://networking.nitecruzr.net/2006/01/na...ty-risk-or.html

From what I know all web technologies implement cross-domain policies now, meaning you can connect to the originating server only where the script was loaded from. A similiar attack heavily used in the early days of web 2.0 was using Javascript to manipulate and/or steal contents from other browser windows. This has been fixed long since.

Of course all those sandbox techniques made life not especially easier for web developers

I don't worry to much about uPnp on my home network for the same reasons you stated. In consider a malware infection as exceptional anyway, no matter if the malware tries to manipulate my router, steal my passwords or just sits and wait.

As I said before, even without uPnp malware can 'call home' and send stolen data (e.g. passwords).

However, what has to be considered is that uPnp allows malware to not only affect the computer it has infected but easily attack the entire local network. Imagine the malware reroutes all traffic through the attacker's computer on the internet, allowing all traffic to be analyzed and logged, and even manipulated...

So in any network with computers not fully under my control I would have strongly want to disable uPnp on the router. Well, just thinking now what I will do the next time a friend stops by and connects his computer to my network LOL

welo

welo

[welo]

That being said, does say in UT setup guide that most routers have UPnP universal plug and play built in, this being checked will allow port forwarding and means you no longer have to set up a manual port...

Does anyone know for sure if this leave you open to Malware, viruses etc...???

Surely UT wouldn't recommend to do this if there were security issues???

It's not the application that makes use of uPnp that is a security issue but the router that has uPnp enabled. In case of any malware that manages to infect a computer on your local network it might use uPnp to reconfigure your router and...

• attack (and infect) other computers on your network
  
• use your router to hide attacks to other computers on the internet
  
• intercept and analyze communication between computers on the local network and the internet
  
• ...
  

Please note that the malware has to infect your computer in the first place by other means than uPnp. The mentioned attack technique using Flash where you just had to visit a malicious website that could incorporate a Flash app/movie to reconfigure your router is no longer working if you use an updated Flash player (fixed as of April 2008).

One might argue that because of the design of uPnp (lack of any form of authentication) and the severity of possible abuse related to routers it is fundamentally flawed and always a security risk, and I cannot completely disagree with that (see my previous, more detailed post to decide on your own).

welo

[bangkok blue]

Still got the bloody red light! It must be something to do with Zyxel routers. Did get the green logo for a bit last night... then yellow, now red

OOOHHH! Green now.... I think it may well be down to the amount of torrents you have on your programme.

check this out

http://forum.utorrent.com/viewtopic.php?pid=422150#p422150

you should not have any more torrents active in your programme then the chart recommends.

in my case a 480kps upload speed max connections upload or download 3, max downloads 2. upload limit 40kps. On that basis from what I have just experienced, in my case, I should never have any more than 3 torrents on my UT programme at a time.

Try it....

Edited December 15, 2009 by bangkok blue

[trogers]

Still got the bloody red light! It must be something to do with Zyxel routers. Did get the green logo for a bit last night... then yellow, now red

OOOHHH! Green now.... I think it may well be down to the amount of torrents you have on your programme.

check this out

http://forum.utorrent.com/viewtopic.php?pid=422150#p422150

you should not have any more torrents active in your programme then the chart recommends.

in my case a 480kps upload speed max connections upload or download 3, max downloads 2. upload limit 40kps. On that basis from what I have just experienced, in my case, I should never have any more than 3 torrents on my UT programme at a time.

Try it....

I run a max of 4 torrents on my 4/1mbps True line and limit global upload speed to 60KB/s.

Max no. of total connections = 64.

[Prasert]

@Bangkok blue: The problems you're facing are not typically Zyxel.

In the Zyxel configuration, you can set a number for maximum concurrent sessions. Once that number has been reached, the router will not translate another session.

So while you're trying to connect to several peers using udp, the router starts making translations for each udp session.

The most important characteristic of udp, is that it's connectionless (so there is no end-connection control as in tcp) and the router will cancel the translation once it times out.

This means you can have 200 open connections to peers that are not sending you any data. uTorrent cancels the inactive peer, but the router still has an active session open in it's table!

Two approaches to solve it: tweak the settings of uTorrent. The forum link you posted earlier will help you in the right direction; and google for setting the nat timeout values. This cannot be done through the web interface, but has to be done through the CLI (command line interface - which means telnet to your router and type the commands to execute them).

[infernalman7]

@bangkok blue. Have you turn off the Firewall on your Zyxel router? That was what stopping me from effective port forward and uPnP

[trogers]

I have just noticed in my Win7. Sometimes a Window Update may reset the properties of TCP/IP properties to default - Obtain an IP address automatically. In effect, the network adapter is no longer set with a static LAN IP address and port forward does not work with the comp.

Check your static IP address status.

[infernalman7]

^^ If you are using the Zyxel router, you should be able to lock in the DCHP IP list to a Mac address. Basically, the modem/router will only give the same number of IP address to that client computer.

[MikeWill]

There are free programs:

Simple Port Forwarding at: http://www.simpleportforwarding.com/

Simple Static IP at: http://www.pcwintech.com/simple-static-ip

[Atleee]

Throw the dam_n thing in the fireplace and buy a different brand. That's my plan anyway