How can I setup a Netgear FVS114 to work with a web server


I have a static ip address and a 10mb line coming into a Netgear FVS114 Firewall/Switch.

On the LAN side I have:

1. A linux server that I would like to use as a web server (Port 2)
2. A desktop windows computer (Port 1)


1. Allow/direct all ssh + ftp + http + https requests to port 2 (ie Linux)
2. Open all ports in/out to port 1 (ie windows XP)

Is that possible and if so how?

Kind Regards,

Adrian Smith
Who is Participating?
Hi Adrian

1. The email or webpage gets back to your pc because the pc initiated the connection, the router knows when you request a webpage to expect a reply and lets it through. say you access a webpage, your computer initiates a connection out on port 80, the webserver at the other side sees the request on port 80 coming in but replys on a different port number so that it can keep track of the many requests coming in. On your computer just type "netstat -an" in a command prompt to see all the connections your computer is using, you will be surprised. The main think go take away is that if its initiated by your computer then you dont need a rule on the firewall unless you set up outgoing rules which is usually not required.

2. if you create a rule on port 21 pointing to your linux box for example, its meens that all traffic coming in externally on port 21 will be redirected you your linux box. however if you use your xp machine to ftp something from the internet, you connect out on 21 and the returning port will be different again so it wont conflict at all.

3. Lan side connections are completly unrestricted. so anything on the lan can talk to anything else on the lan completly unrestricted.

If you need any clarification please dont hesitate to ask.

Hi Adrian,

This isnt that difficult
Firstly Make sure that both the machines have a static ip address
Then you just log in to the router, Under (well on a fwg114 anyways) Security you will see a rules
just select the service that you require for example ssh from the drop down list
choose "always allow" from the action drop down
under send to lan server enter the ip address of your linux box and click apply
repeat this for the other services.

I am sure you dont want to allow all ports to the xp machine incoming as it wouldnt be wise but if you really want to do this just drop the ip address of your xp machine in the dmz

I hope that this helps
lwfukAuthor Commented:
Hi Bart

Thank you very much! It is easy but it wouldn't have been without you though.

Just a few more things before I tick the box and close this down.

1. The default rule says "block always" incoming traffic. How does a web request or an email get back to my PC. I know it does because it's works?

2. If I add another rule saying allow ftp on ip port 21 won't the rule above and the new rule conflict?

3. I am using SSH across the LAN. That is between ethernet ports 1 and 2. I will never access either machine from outside. Are LAN-to-LAN connections unrestricted or do I need to add rules?

Kind Regards,

Adrian Smith
lwfukAuthor Commented:
You're a great teacher Bart and you have saved me lots of pain.

Have a nice day.

Kind Regards,

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.