How can I setup a Netgear FVS114 to work with a web server

Posted on 2009-04-07
Medium Priority
Last Modified: 2013-11-16

I have a static ip address and a 10mb line coming into a Netgear FVS114 Firewall/Switch.

On the LAN side I have:

1. A linux server that I would like to use as a web server (Port 2)
2. A desktop windows computer (Port 1)


1. Allow/direct all ssh + ftp + http + https requests to port 2 (ie Linux)
2. Open all ports in/out to port 1 (ie windows XP)

Is that possible and if so how?

Kind Regards,

Adrian Smith
Question by:lwfuk
  • 2
  • 2

Expert Comment

ID: 24089618
Hi Adrian,

This isnt that difficult
Firstly Make sure that both the machines have a static ip address
Then you just log in to the router, Under (well on a fwg114 anyways) Security you will see a rules
just select the service that you require for example ssh from the drop down list
choose "always allow" from the action drop down
under send to lan server enter the ip address of your linux box and click apply
repeat this for the other services.

I am sure you dont want to allow all ports to the xp machine incoming as it wouldnt be wise but if you really want to do this just drop the ip address of your xp machine in the dmz

I hope that this helps

Author Comment

ID: 24090042
Hi Bart

Thank you very much! It is easy but it wouldn't have been without you though.

Just a few more things before I tick the box and close this down.

1. The default rule says "block always" incoming traffic. How does a web request or an email get back to my PC. I know it does because it's works?

2. If I add another rule saying allow ftp on ip port 21 won't the rule above and the new rule conflict?

3. I am using SSH across the LAN. That is between ethernet ports 1 and 2. I will never access either machine from outside. Are LAN-to-LAN connections unrestricted or do I need to add rules?

Kind Regards,

Adrian Smith

Accepted Solution

bart1975 earned 2000 total points
ID: 24090175
Hi Adrian

1. The email or webpage gets back to your pc because the pc initiated the connection, the router knows when you request a webpage to expect a reply and lets it through. say you access a webpage, your computer initiates a connection out on port 80, the webserver at the other side sees the request on port 80 coming in but replys on a different port number so that it can keep track of the many requests coming in. On your computer just type "netstat -an" in a command prompt to see all the connections your computer is using, you will be surprised. The main think go take away is that if its initiated by your computer then you dont need a rule on the firewall unless you set up outgoing rules which is usually not required.

2. if you create a rule on port 21 pointing to your linux box for example, its meens that all traffic coming in externally on port 21 will be redirected you your linux box. however if you use your xp machine to ftp something from the internet, you connect out on 21 and the returning port will be different again so it wont conflict at all.

3. Lan side connections are completly unrestricted. so anything on the lan can talk to anything else on the lan completly unrestricted.

If you need any clarification please dont hesitate to ask.


Author Closing Comment

ID: 31567669
You're a great teacher Bart and you have saved me lots of pain.

Have a nice day.

Kind Regards,


Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question