Solved

How can I setup a Netgear FVS114 to work with a web server

Posted on 2009-04-07
4
625 Views
Last Modified: 2013-11-16
Hi

WAN
I have a static ip address and a 10mb line coming into a Netgear FVS114 Firewall/Switch.

LAN
On the LAN side I have:

1. A linux server that I would like to use as a web server (Port 2)
2. A desktop windows computer (Port 1)

Goals:

1. Allow/direct all ssh + ftp + http + https requests to port 2 (ie Linux)
2. Open all ports in/out to port 1 (ie windows XP)

Is that possible and if so how?

Kind Regards,

Adrian Smith
0
Comment
Question by:lwfuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:bart1975
ID: 24089618
Hi Adrian,

This isnt that difficult
Firstly Make sure that both the machines have a static ip address
Then you just log in to the router, Under (well on a fwg114 anyways) Security you will see a rules
just select the service that you require for example ssh from the drop down list
choose "always allow" from the action drop down
under send to lan server enter the ip address of your linux box and click apply
repeat this for the other services.

I am sure you dont want to allow all ports to the xp machine incoming as it wouldnt be wise but if you really want to do this just drop the ip address of your xp machine in the dmz

I hope that this helps
0
 

Author Comment

by:lwfuk
ID: 24090042
Hi Bart

Thank you very much! It is easy but it wouldn't have been without you though.

Just a few more things before I tick the box and close this down.

1. The default rule says "block always" incoming traffic. How does a web request or an email get back to my PC. I know it does because it's works?

2. If I add another rule saying allow ftp on ip port 21 won't the rule above and the new rule conflict?

3. I am using SSH across the LAN. That is between ethernet ports 1 and 2. I will never access either machine from outside. Are LAN-to-LAN connections unrestricted or do I need to add rules?

Kind Regards,

Adrian Smith
London
0
 
LVL 3

Accepted Solution

by:
bart1975 earned 500 total points
ID: 24090175
Hi Adrian

1. The email or webpage gets back to your pc because the pc initiated the connection, the router knows when you request a webpage to expect a reply and lets it through. say you access a webpage, your computer initiates a connection out on port 80, the webserver at the other side sees the request on port 80 coming in but replys on a different port number so that it can keep track of the many requests coming in. On your computer just type "netstat -an" in a command prompt to see all the connections your computer is using, you will be surprised. The main think go take away is that if its initiated by your computer then you dont need a rule on the firewall unless you set up outgoing rules which is usually not required.

2. if you create a rule on port 21 pointing to your linux box for example, its meens that all traffic coming in externally on port 21 will be redirected you your linux box. however if you use your xp machine to ftp something from the internet, you connect out on 21 and the returning port will be different again so it wont conflict at all.

3. Lan side connections are completly unrestricted. so anything on the lan can talk to anything else on the lan completly unrestricted.

If you need any clarification please dont hesitate to ask.

Shane
Derby
0
 

Author Closing Comment

by:lwfuk
ID: 31567669
You're a great teacher Bart and you have saved me lots of pain.

Have a nice day.

Kind Regards,

Adrian
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Clarification about access via WAN 6 45
MAC address learning of Riverbed 4 81
replacing 2811 to ISR 4331 2 49
Use multiple VLANs on the same interface on a Cisco 877 4 59
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question