?
Solved

Port-forwarding through two routers...

Posted on 2005-03-07
12
Medium Priority
?
673 Views
Last Modified: 2008-02-01
I have my ADSL modem (Zyxel 660, 192.168.0.1). Connected to it is my wireless router (Netgear 624), 192.168.10.1. Connected to that are all my computers (4).

My Questions are:

How do I set up fort forwarding (ftp, http, rdt, vpn etc...). do I forward from my modem to my computer address (e.g. 192.168.10.5), or from Zyxel to Netgear, and then from Netgear to computer?

Are there different ways of setting it up? If yes, what are the differences.



On another note, I also have a Symantec Firewall/VPN 100. I haven't done any plumbing on that one, but if I did, considering the above, would it go between the routers (otherwise, if it is after the netgear one, the wireless option will be "Firewall-less"...?

0
Comment
Question by:mpaert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 2

Expert Comment

by:joe1968
ID: 13483367
The safer choice of the two you mentioned is to have the Zyxel port forward to the Netgear and then the Netgear port forward to your computers. That way, if someone was able to hack into the Zyxel, you would still have the Netgear acting as a second firewall.

Perhaps a better option for you is to set up a DMZ (demilitarized zone) where you place a publicly accessible server in between two firewalls and you keep your internal PCs behind the two firewalls.

So, assuming only one of your 4 computers needs to be accessible through the Internet. You would have the Zyxel be directly connected to the internet. Then, your server connected to the Zyxel router and port forwarding enabled. The Netgear is then connected to another port on the Zyxel router and your remaining three computers connected to the Netgear router. Port forwarding on your Netgear would be disabled so that access from the Internet cannot reach yor inner three computers.


Internet  <----> Zyxel Router Port 1 <-----> Server PC
                                           Port 2 <--------------------------->  Netgear Router <----> Internal PCs
                                                     

Hope that makes sense.
0
 

Author Comment

by:mpaert
ID: 13483538
fair enough, but currently, the netgear has a different subnet as the zyxel. woudn't this mean that the server can't see the internal PCs? My Server will have FTP, HTTP, VPN and RDT set up, as well as running a DVR security system - thus needing access to the other computers on the different subnet (for VPN and RDT). As far as I know, the netgear doesn't seem to work when setting it to match the zyxels' local ip.

Also, should the symantec firewall come into place somewhere here? I've got it at the moment, and coudl get it for near to nothing... worth having (i don't have any software firewalls running...)
0
 
LVL 2

Expert Comment

by:joe1968
ID: 13486307
Yes, it will mean your server can't see your internal PCs which should be a good thing. You don't want someone hacking into your server and getting access into your internal network that way. You can, of course, still access your server from your internal computers to make changes and updates.

If you still want VPN and RDT access to your internal computers, you can do the double port forward as mentioned first for just those ports.

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Accepted Solution

by:
SeeDavid earned 2000 total points
ID: 13493304
Best idea would be to disable the wireless routers routing function, set it up on the same subnet as your ADSL Modem Router (ie 192.168.0.x)  and use the ADSL Modem Router's port forwarding features.

So your setup should be. Zyxel on IP 192.168.0.1 , Netgear on 192.168.0.2 acting as a wireless Switch (Routing disabled) and  Zyxel port forwarding


Another alternative would be to use the zyxel as an ADSL Modem (disabling router functions) and plugging it to the WAN port on the Netgear and setting up routing, portforwarding, dhcp etc. on the Netgear

0
 

Author Comment

by:mpaert
ID: 13493372
Joe 1968:

I guess it's a very good thing (security-wise) to have the server "detached" from the home network, but if i'd use VPN and RDT, wouldn't that mean that these services could only access shares that the server has access in the first place? (server has no access to shares [different subnet = VPN & RDT no access to shares/"network"]

SeeDavid:

I like that setup. Can all routers' functions be set to bridging? Would the plumbing on that be the same as if it was a router, as in; would the netgear get the ADSL connection to its WAN port?

I've already tried plan B (Modem not router), but it didn't seem to work. Is it bridging I'd be after?
0
 
LVL 2

Expert Comment

by:SeeDavid
ID: 13493394
Since all machines are on the same network, they wont need any bridging.  The plumbing would be the same as if it was a router, though the Zyxel would be connected to the Netgear Router through a normal LAN port, NOT the WAN port
0
 

Author Comment

by:mpaert
ID: 13493410
Thanks a lot. This is where the gremlins have been hiding... the bl**dy WAN port...

What about the Symantec Firewall 100. Would it go after the modem, and everything attached to it? (I haven't used it - I assume it has no routing capablilties? (acts IP-wise like a hub?) - and does just port blocking?)
0
 
LVL 2

Expert Comment

by:SeeDavid
ID: 13493454
I'm not familar with this firewall, but considering it's a hardware firewall, It would essentially turn your one network setup into two. Therefore acting as a bridge between the two networks (the zyxel being one, and the netgear and beyond the other) It would go after the modem like you said, but I am not sure how you would go port forwarding through the firewall and back onto a different network. My advice is to get the first scenario working, then experiment and have some fun!
0
 

Author Comment

by:mpaert
ID: 13493518
Ok I will.

Am I right in assuming then, that by not setting any port-forwarding on the Zyxel, all ports would arrive on the firewall and there port-forwarding can occour there???



[Zyxel Modem]--------[Symantec Firewall 100]-----------------------------------------------------------------
                                     (port forwarding)                   |                      |                     |                   |
                                                                                 |                      |                     |                   |
                                                                                 |                      |                     |                   |
                                                                         [Netgear]              [Server]           [PC1]            [PC2]
                                                                       (Routing off)
                                                                                 |
                                                                             [WiFi]

 
0
 

Author Comment

by:mpaert
ID: 13493528
I forgot to ask... In the above scenario, using the Netgear router (LAN to LAN) work, by just bypassing the WAN port, or would I have to configure the Router through its GUI?
0
 
LVL 2

Expert Comment

by:SeeDavid
ID: 13493704
Not by default. Not unless you put the firewall IP address as the DMZ on the zyxel, then it would.

The Netgear router wouldn't need any configuration changes , the routing/nat functions would just be unused. Just remember the DHCP functions of the zyxel modem would need to get through the firewall. IMHO this is a bit of overkill, since the zyxel router is acting as a firewall anyway, and the extra hardware is really not needed. Sell it on ebay and buy a netgear adsl/wif108/all in one router/switch. Simple and secure.
0
 

Author Comment

by:mpaert
ID: 13493743
Thanks.

Indeed this would be a textbook setup...

...but often reality governs that one component needs replacing, thus making upgrades on multi-function-doodaas impossible. I actually have a "spare" old Netgear "adsl/wifi11/all in one router/switch collecting dust somewhere around here... (offers welcome) but since I needed faster wireless, it slowly got made redundant (until even the adsl function wasn't fast enough, as I'm now on ADSL2).

Tadaa
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question