Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can I setup a Netgear FVS114 to work with a web server

Posted on 2009-04-07
4
Medium Priority
?
643 Views
Last Modified: 2013-11-16
Hi

WAN
I have a static ip address and a 10mb line coming into a Netgear FVS114 Firewall/Switch.

LAN
On the LAN side I have:

1. A linux server that I would like to use as a web server (Port 2)
2. A desktop windows computer (Port 1)

Goals:

1. Allow/direct all ssh + ftp + http + https requests to port 2 (ie Linux)
2. Open all ports in/out to port 1 (ie windows XP)

Is that possible and if so how?

Kind Regards,

Adrian Smith
0
Comment
Question by:lwfuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:bart1975
ID: 24089618
Hi Adrian,

This isnt that difficult
Firstly Make sure that both the machines have a static ip address
Then you just log in to the router, Under (well on a fwg114 anyways) Security you will see a rules
just select the service that you require for example ssh from the drop down list
choose "always allow" from the action drop down
under send to lan server enter the ip address of your linux box and click apply
repeat this for the other services.

I am sure you dont want to allow all ports to the xp machine incoming as it wouldnt be wise but if you really want to do this just drop the ip address of your xp machine in the dmz

I hope that this helps
0
 

Author Comment

by:lwfuk
ID: 24090042
Hi Bart

Thank you very much! It is easy but it wouldn't have been without you though.

Just a few more things before I tick the box and close this down.

1. The default rule says "block always" incoming traffic. How does a web request or an email get back to my PC. I know it does because it's works?

2. If I add another rule saying allow ftp on ip port 21 won't the rule above and the new rule conflict?

3. I am using SSH across the LAN. That is between ethernet ports 1 and 2. I will never access either machine from outside. Are LAN-to-LAN connections unrestricted or do I need to add rules?

Kind Regards,

Adrian Smith
London
0
 
LVL 3

Accepted Solution

by:
bart1975 earned 2000 total points
ID: 24090175
Hi Adrian

1. The email or webpage gets back to your pc because the pc initiated the connection, the router knows when you request a webpage to expect a reply and lets it through. say you access a webpage, your computer initiates a connection out on port 80, the webserver at the other side sees the request on port 80 coming in but replys on a different port number so that it can keep track of the many requests coming in. On your computer just type "netstat -an" in a command prompt to see all the connections your computer is using, you will be surprised. The main think go take away is that if its initiated by your computer then you dont need a rule on the firewall unless you set up outgoing rules which is usually not required.

2. if you create a rule on port 21 pointing to your linux box for example, its meens that all traffic coming in externally on port 21 will be redirected you your linux box. however if you use your xp machine to ftp something from the internet, you connect out on 21 and the returning port will be different again so it wont conflict at all.

3. Lan side connections are completly unrestricted. so anything on the lan can talk to anything else on the lan completly unrestricted.

If you need any clarification please dont hesitate to ask.

Shane
Derby
0
 

Author Closing Comment

by:lwfuk
ID: 31567669
You're a great teacher Bart and you have saved me lots of pain.

Have a nice day.

Kind Regards,

Adrian
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question