Zyxel P874 - cannot port forward

I’m getting ready to install a NAS server on my home network, which, of course, I want to access from outside for ftp, http and cloud services. I’ve got a Zyxel P874 modem/router, and use CHT/Hinet. I’ve spoken with CHT, and they insist they don’t block ports.

After logging into the router from WAN-side using CHT/CHTSVDSL, under Advanced Setup/NAT, I’ve set up port-forwarding for ftp, http, ssh and https to my desktop (static IP: When I forwarded ftp, http and ssh, I was informed the modem/router’s internal servers were switched to ports 2121, 8080 and 2222, respectively.

However, I cannot connect to my server from the WAN side. Connecting from the LAN isn’t a problem, so I know the ftp and webservers are working. But attempting to ftp to my public ip just gets me the modem. It would seem the ports aren’t being forwarded.

Anyone else have this problem, or am I missing a setting?

Attached is a screenshot of my NAT settings.

Update and bump. Quick summary: even after port-forwarding (see previous post), trying to ftp into my site or connect to my web server from the WAN side just takes me to the P874 ftp and http servers; I can’t get past the router into my network.

Above services ARE enabled. Here’s the screenshot:

I believe the issue is your Access Control.

Whilst its not clear from the screenshot, I believe the Access Control for Zyxel boxes refers to accessing those services on the box itself, rather than those services on machines in the LAN.

When you connect to your router externally, because you’ve allowed WAN connections to access HTTP and FTP services on the router, its connecting to those services rather than following the port forward to your machine. Disable them and that should solve your connectivity issues (this is how our office connection is currently setup, without issue).

On a side note, I came across this thread because I’m trying to access a VPN on the internal side of my P874 router. I’ve set port 1723 to forward through to my VPN Server, but no luck. I can connect to the VPN when I’m hooked up the LAN, so there’s nothing wrong with the server or client settings themselves as best as I can tell.

As far as I’m aware Access Control isn’t an issue in this instance. I’m 99% certain it has something to do with PPTP Passthrough, but I can’t find such an option on the router - can anyone shed some light?

Thanks for the reply, Ryan. Unfortunately, it isn’t working here. I’ve tried every possible combination; the result is alwys the same: when the LAN side services are disabled, I can’t connect to anything, attempts just time out. With the LANside services enabled, all I can get is the router. The WANside toggles don’t seem to affect anythng.

There must be another setting somewhere I haven’t been able to find.

I suppose I’ll give CHT a call tomorrow and see if I can get someone out to set this up for me (it’s there modem; they should support it, I hope).

If that doesn’t work, has anyone had success replacing a P874 with their own router/modem – one easier to configure? Or does CHT allow that? Any recommendations on a decent replacement?

OK, problem solved. Or more specifically, there wasn’t a problem at all.

Turns out, the P874’s ARP cache was the issue. Whenever I attempted to connect to my WANside IP from within my LAN, the ARP cache was routing everything straight back to the modem; where I thought I was connecting through the Internet, it turns out I was never getting out of the LAN.

I ran across the street to the 7-11 and from there everything works great.