Solved

Help connecting externally to domain

Posted on 2009-05-07
18
328 Views
Last Modified: 2012-05-06
I setup and sbs 2008 domain, but I am having trouble connecting from the outside. I forwarded all the necessary ports. The firewall is a Netgear FVG318 Prosafe. I have configured PIX before, and I know that you have to create access list that says external IP translates to internal IP. EG 66.65.123.45 = 192.168.1.1. Can someone tell me where in the netgear I can do that. I just did some digging around and found this page, (see screenshot). If this is the page, can someone provide an example of a setting.
ScreenShot125.jpg
0
Comment
Question by:xzay1967
  • 10
  • 7
18 Comments
 
LVL 20

Assisted Solution

by:DVation191
DVation191 earned 100 total points
ID: 24326085
No, you don't want to create a static route.

From the manual:
http://kb.netgear.com/app/answers/detail/a_id/2098
Section 4-6 Port Forwarding

Forward ports in the "Add LAN WAN Inbound Service" section

Or support pages:
http://kbserver.netgear.com/kb_web_files/n101145.asp
http://kb.netgear.com/app/answers/detail/a_id/1166/session/L2F2LzEvc2lkL21ybGNLY3hq

0
 

Author Comment

by:xzay1967
ID: 24326377
I had the ports forwarded already. But I think that there has to be somewhere that the router\
firewall has to know what external IP translates to what internal IP, ie 65.65.130.50 would point to 192.168.16.3. Right now the only way I am able to hit from the outside is using the default gateway that ATT gave me. I have block of IP that I was given. I assigned one of the static IP to the server so that users can connect to RWW, or use OWA. I attached a screenshot of my port forwarding setup.
inbound-setup.jpg
0
 
LVL 3

Expert Comment

by:srepphan
ID: 24329531
Are you using NAT?
0
 

Author Comment

by:xzay1967
ID: 24329736
I thought NAT was used by default. Unless I am missing something, please help me. I think I need to do static routing (Static NAT) so that the internal will know about the external. Am I correct in that assumption? All assistance is appreciated. That is as much I know or don't know. I just need to know if based on the screenshots I provided, if that is enough to accomplish what I need.
0
 
LVL 3

Expert Comment

by:srepphan
ID: 24329763
Yes, static NAT is what you want with multiple IPs on the outside interface.
0
 

Author Comment

by:xzay1967
ID: 24330006
Can you provide an example please based on the sections from the attached screenshot.
scenario: 95.95.65.130 I want to point to 192.168.16.3 Also, is that the correct place to do the setting?
ScreenShot125.jpg
0
 
LVL 3

Accepted Solution

by:
srepphan earned 400 total points
ID: 24330174
I have skimmed the manual and I don't believe that this router supports Static NAT. That usually requires a more feature-rich (read: expensive) router. I AM NOT 100% SURE ON THIS. But most smaller inexpensive routers only support one external IP address. Maybe someone else out there will know more about this particular router/firewall and will be able to provide more insight.

How many IPs did your ISP assign to you? You should have been given a network address (i.e. 64.64.10.136) and a subnet mask (i.e. 255.255.255.248) which would give you 6 IP addresses (i.e. 64.64.10.137-64.64.10.142)
0
 

Author Comment

by:xzay1967
ID: 24330328
I was given 5, but only need to use one.
0
 
LVL 3

Expert Comment

by:srepphan
ID: 24330436
Well then I don't quite understand what you are trying to do. I thought you wanted to link one external IP to one internal IP. If you just want to link one external IP to multiple internal IPs on different ports, you will use port forwarding.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:xzay1967
ID: 24330439
you are correct in your assumption about the IP's I got. The subnet mask you assumed, is in fact correct to the very octet. Based on the screen shot I provided, this is not possible to do? I sure wish someone with strong netgear experience would chime in.
0
 

Author Comment

by:xzay1967
ID: 24330484
Yes I want to link one external IP to one Internal IP. This is for my SBS 2008 server, so it needs ti handle email: 25, RWW: 987, SSL: 443, VPN: 1723, so I have all the ports forwarded as seen in screen shot.
inbound-setup.jpg
0
 
LVL 3

Expert Comment

by:srepphan
ID: 24330507
That looks like that will work.
I checked some other sources and I am told that the Netgear FVG318 will NOT work with more than one external IP.
0
 

Author Comment

by:xzay1967
ID: 24330632
Ok, are you saying that setting up the port forwarding is all I need to do? But how does the router know what external IP to translate to what internal IP? Please forgive me questions, I just want this to work. If the router can only do one external IP, then that is ok, because I only want to use one. Right now I can connect to the sever from the server, but only if I use my "Main" external IP, which is actually my broadcast IP. Since that is the case, can I set that IP as the external IP for my mail server when I configure my A and MX records with my site host?
0
 
LVL 3

Expert Comment

by:srepphan
ID: 24330658
I get your problem now. You set your routers external IP to be the one IP that you want to communicate with, any other IPs (aside from the broadcast IP) will not be handled by the router. Then you want your MX record to point to that same external IP. But with this configuration, you are wasting the other IP addresses.
0
 

Author Comment

by:xzay1967
ID: 24330889
well in the Netgear offers two options to setup your internet, static or ppoe. I chose the option for ppoe because this is with ATT, and they require a username and password.. The netgear then went out and pulled the external IP of 99.56.30.150, but according to the ATT that should be the default gateway. My useable block is 145-150,  My actuall static IP should be 99.56.30.145 as stated by and given to me by ATT. Basically I think the router should have pulled the 145 instead of the 150.
0
 

Author Comment

by:xzay1967
ID: 24330966
oops, the usable block is 145-149
0
 

Author Comment

by:xzay1967
ID: 24331240
OK, I found out why I am having the issue. I called ATT, and they explained that because I am using the netgear to the authentication, I am going to be able to use one static IP. They explained that I need to move the ppoe back to the 2wire so that it can do the authentication, then I would have my IP issue resolved. Oddly, it was an ATT 2wire specialist that helped me set it up. So now I have to reconfigure the 2wire out of bridge mode. I will keep this open until the weekend, by then all should be gravy. Thanks a lot guys.
0
 
LVL 3

Expert Comment

by:srepphan
ID: 24335103
Glad to help, I hope that solves your problem.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now