Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 697
  • Last Modified:

Port-forwarding through two routers...

I have my ADSL modem (Zyxel 660, 192.168.0.1). Connected to it is my wireless router (Netgear 624), 192.168.10.1. Connected to that are all my computers (4).

My Questions are:

How do I set up fort forwarding (ftp, http, rdt, vpn etc...). do I forward from my modem to my computer address (e.g. 192.168.10.5), or from Zyxel to Netgear, and then from Netgear to computer?

Are there different ways of setting it up? If yes, what are the differences.



On another note, I also have a Symantec Firewall/VPN 100. I haven't done any plumbing on that one, but if I did, considering the above, would it go between the routers (otherwise, if it is after the netgear one, the wireless option will be "Firewall-less"...?

0
mpaert
Asked:
mpaert
  • 6
  • 4
  • 2
1 Solution
 
joe1968Commented:
The safer choice of the two you mentioned is to have the Zyxel port forward to the Netgear and then the Netgear port forward to your computers. That way, if someone was able to hack into the Zyxel, you would still have the Netgear acting as a second firewall.

Perhaps a better option for you is to set up a DMZ (demilitarized zone) where you place a publicly accessible server in between two firewalls and you keep your internal PCs behind the two firewalls.

So, assuming only one of your 4 computers needs to be accessible through the Internet. You would have the Zyxel be directly connected to the internet. Then, your server connected to the Zyxel router and port forwarding enabled. The Netgear is then connected to another port on the Zyxel router and your remaining three computers connected to the Netgear router. Port forwarding on your Netgear would be disabled so that access from the Internet cannot reach yor inner three computers.


Internet  <----> Zyxel Router Port 1 <-----> Server PC
                                           Port 2 <--------------------------->  Netgear Router <----> Internal PCs
                                                     

Hope that makes sense.
0
 
mpaertAuthor Commented:
fair enough, but currently, the netgear has a different subnet as the zyxel. woudn't this mean that the server can't see the internal PCs? My Server will have FTP, HTTP, VPN and RDT set up, as well as running a DVR security system - thus needing access to the other computers on the different subnet (for VPN and RDT). As far as I know, the netgear doesn't seem to work when setting it to match the zyxels' local ip.

Also, should the symantec firewall come into place somewhere here? I've got it at the moment, and coudl get it for near to nothing... worth having (i don't have any software firewalls running...)
0
 
joe1968Commented:
Yes, it will mean your server can't see your internal PCs which should be a good thing. You don't want someone hacking into your server and getting access into your internal network that way. You can, of course, still access your server from your internal computers to make changes and updates.

If you still want VPN and RDT access to your internal computers, you can do the double port forward as mentioned first for just those ports.

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SeeDavidCommented:
Best idea would be to disable the wireless routers routing function, set it up on the same subnet as your ADSL Modem Router (ie 192.168.0.x)  and use the ADSL Modem Router's port forwarding features.

So your setup should be. Zyxel on IP 192.168.0.1 , Netgear on 192.168.0.2 acting as a wireless Switch (Routing disabled) and  Zyxel port forwarding


Another alternative would be to use the zyxel as an ADSL Modem (disabling router functions) and plugging it to the WAN port on the Netgear and setting up routing, portforwarding, dhcp etc. on the Netgear

0
 
mpaertAuthor Commented:
Joe 1968:

I guess it's a very good thing (security-wise) to have the server "detached" from the home network, but if i'd use VPN and RDT, wouldn't that mean that these services could only access shares that the server has access in the first place? (server has no access to shares [different subnet = VPN & RDT no access to shares/"network"]

SeeDavid:

I like that setup. Can all routers' functions be set to bridging? Would the plumbing on that be the same as if it was a router, as in; would the netgear get the ADSL connection to its WAN port?

I've already tried plan B (Modem not router), but it didn't seem to work. Is it bridging I'd be after?
0
 
SeeDavidCommented:
Since all machines are on the same network, they wont need any bridging.  The plumbing would be the same as if it was a router, though the Zyxel would be connected to the Netgear Router through a normal LAN port, NOT the WAN port
0
 
mpaertAuthor Commented:
Thanks a lot. This is where the gremlins have been hiding... the bl**dy WAN port...

What about the Symantec Firewall 100. Would it go after the modem, and everything attached to it? (I haven't used it - I assume it has no routing capablilties? (acts IP-wise like a hub?) - and does just port blocking?)
0
 
SeeDavidCommented:
I'm not familar with this firewall, but considering it's a hardware firewall, It would essentially turn your one network setup into two. Therefore acting as a bridge between the two networks (the zyxel being one, and the netgear and beyond the other) It would go after the modem like you said, but I am not sure how you would go port forwarding through the firewall and back onto a different network. My advice is to get the first scenario working, then experiment and have some fun!
0
 
mpaertAuthor Commented:
Ok I will.

Am I right in assuming then, that by not setting any port-forwarding on the Zyxel, all ports would arrive on the firewall and there port-forwarding can occour there???



[Zyxel Modem]--------[Symantec Firewall 100]-----------------------------------------------------------------
                                     (port forwarding)                   |                      |                     |                   |
                                                                                 |                      |                     |                   |
                                                                                 |                      |                     |                   |
                                                                         [Netgear]              [Server]           [PC1]            [PC2]
                                                                       (Routing off)
                                                                                 |
                                                                             [WiFi]

 
0
 
mpaertAuthor Commented:
I forgot to ask... In the above scenario, using the Netgear router (LAN to LAN) work, by just bypassing the WAN port, or would I have to configure the Router through its GUI?
0
 
SeeDavidCommented:
Not by default. Not unless you put the firewall IP address as the DMZ on the zyxel, then it would.

The Netgear router wouldn't need any configuration changes , the routing/nat functions would just be unused. Just remember the DHCP functions of the zyxel modem would need to get through the firewall. IMHO this is a bit of overkill, since the zyxel router is acting as a firewall anyway, and the extra hardware is really not needed. Sell it on ebay and buy a netgear adsl/wif108/all in one router/switch. Simple and secure.
0
 
mpaertAuthor Commented:
Thanks.

Indeed this would be a textbook setup...

...but often reality governs that one component needs replacing, thus making upgrades on multi-function-doodaas impossible. I actually have a "spare" old Netgear "adsl/wifi11/all in one router/switch collecting dust somewhere around here... (offers welcome) but since I needed faster wireless, it slowly got made redundant (until even the adsl function wasn't fast enough, as I'm now on ADSL2).

Tadaa
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now