Solved

How can I setup a Netgear FVS114 to work with a web server

Posted on 2009-04-07
4
603 Views
Last Modified: 2013-11-16
Hi

WAN
I have a static ip address and a 10mb line coming into a Netgear FVS114 Firewall/Switch.

LAN
On the LAN side I have:

1. A linux server that I would like to use as a web server (Port 2)
2. A desktop windows computer (Port 1)

Goals:

1. Allow/direct all ssh + ftp + http + https requests to port 2 (ie Linux)
2. Open all ports in/out to port 1 (ie windows XP)

Is that possible and if so how?

Kind Regards,

Adrian Smith
0
Comment
Question by:lwfuk
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:bart1975
ID: 24089618
Hi Adrian,

This isnt that difficult
Firstly Make sure that both the machines have a static ip address
Then you just log in to the router, Under (well on a fwg114 anyways) Security you will see a rules
just select the service that you require for example ssh from the drop down list
choose "always allow" from the action drop down
under send to lan server enter the ip address of your linux box and click apply
repeat this for the other services.

I am sure you dont want to allow all ports to the xp machine incoming as it wouldnt be wise but if you really want to do this just drop the ip address of your xp machine in the dmz

I hope that this helps
0
 

Author Comment

by:lwfuk
ID: 24090042
Hi Bart

Thank you very much! It is easy but it wouldn't have been without you though.

Just a few more things before I tick the box and close this down.

1. The default rule says "block always" incoming traffic. How does a web request or an email get back to my PC. I know it does because it's works?

2. If I add another rule saying allow ftp on ip port 21 won't the rule above and the new rule conflict?

3. I am using SSH across the LAN. That is between ethernet ports 1 and 2. I will never access either machine from outside. Are LAN-to-LAN connections unrestricted or do I need to add rules?

Kind Regards,

Adrian Smith
London
0
 
LVL 3

Accepted Solution

by:
bart1975 earned 500 total points
ID: 24090175
Hi Adrian

1. The email or webpage gets back to your pc because the pc initiated the connection, the router knows when you request a webpage to expect a reply and lets it through. say you access a webpage, your computer initiates a connection out on port 80, the webserver at the other side sees the request on port 80 coming in but replys on a different port number so that it can keep track of the many requests coming in. On your computer just type "netstat -an" in a command prompt to see all the connections your computer is using, you will be surprised. The main think go take away is that if its initiated by your computer then you dont need a rule on the firewall unless you set up outgoing rules which is usually not required.

2. if you create a rule on port 21 pointing to your linux box for example, its meens that all traffic coming in externally on port 21 will be redirected you your linux box. however if you use your xp machine to ftp something from the internet, you connect out on 21 and the returning port will be different again so it wont conflict at all.

3. Lan side connections are completly unrestricted. so anything on the lan can talk to anything else on the lan completly unrestricted.

If you need any clarification please dont hesitate to ask.

Shane
Derby
0
 

Author Closing Comment

by:lwfuk
ID: 31567669
You're a great teacher Bart and you have saved me lots of pain.

Have a nice day.

Kind Regards,

Adrian
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now