?
Solved

Problems opening ports 25 443 110 and 80 in netgear firewall

Posted on 2012-08-10
14
Medium Priority
?
2,192 Views
Last Modified: 2012-08-13
Hi guys! Im back again. We just switched ISP's from AT&t to FirstCommunications. I set up a netgear prosafe firewall fvs336gv2 and I'm not so sure how to open the basic ports needed for Exchange 2010 (25, 110, 443, and 80) I played around trying to open them but I'm not sure if I did it correctly. In the LAN WAN rules section I added the inbound services for these ports. Also, in the port triggering section I added the rules for these ports as well. ALSO, in the SSL VPN section I forwarded in this section these ports too. I'm able to send emails out but I can't receive any. I check if the ports are open in canyouseeme.org and they are not. Please help me out! I know I'm doing something wrong in the configuration of the firewall but I just don't know what. When I had AT&T everything was fine!!! I checked the wireless router we had between AT&T's cisco router and our switches to copy the settings for the ports but they were forwarding the same ports I'm trying with the netgear firewall. I don't know what to do!!


Thank you!
0
Comment
Question by:hugonieto
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38282789
Possibly this solution would work for you

http://community.spiceworks.com/topic/153830-netgear-prosafe-vpn-firewall-fvs336gv2-port-forwarding

Regards,
Exchange_Geek
0
 
LVL 6

Expert Comment

by:jonyelton
ID: 38282790
well, clearly the issue is in the rules you set up.  You said in the LAN WAN rules, but these should be WAN LAN rules (outside to inside).  Check to see if you put in on the wrong side.
0
 

Author Comment

by:hugonieto
ID: 38282799
Thanks  Exchange_Geek! I will check it out right now.

jonyelton, thanks! I checked but I don't see any option for WAN LAN... I have one option for DMZ WAN rules but I don't have any DMZ network set up.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 6

Expert Comment

by:jonyelton
ID: 38282805
Here is a link to the manual, starts on page 49 for port forwarding.  It would be helpful if you can post some screenshots of your firewall screens.  Maybe it's a simple mistake in the IP addresses.

http://www.downloads.netgear.com/files/FVS336Gv2_RM_14_April10v.pdf
0
 

Author Comment

by:hugonieto
ID: 38282827
Here are one screen shot of the section LAN WAN rules and one of the section triggering. In the LAN WAN section I disabled the outbound rules because I don't think that's necessary and even though I enable them I still have the issue.
firewall.png
triggering.png
0
 
LVL 6

Expert Comment

by:jonyelton
ID: 38282870
I don't see any reason for port triggering?  I would disable those, I don't think it's serving any purpose for you.  For kicks and giggles, try again after you disable the triggering.

Let's eliminate the computer and make sure it's the firewall.  On a local computer, telnet to your server over port 25, does it connect?  At a command prompr, do telnet 192.168.1.187 25

If it fails, then check the local windows firewall on your server.  

A casual glance shows that your IP rules look good.  If we confirm it's the firewall using the telnet above, I think your best bet is to call netgear if it's a new firewall.
0
 
LVL 6

Expert Comment

by:jonyelton
ID: 38282874
One more thing you can try, is to post the logs files in case it shows the denies, or a real time monitor showing the deny.  The screen shots show that it's being logged, so it might reveal something.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38283136
I'd agree with @jonyelton. Reading logs would remove all the assumptions and can present a real time picture of the situation.

BTW @hugonieto did you happen to read the link i sent, was it useful to you?

Happy Weekend

Regards,
Exchange_Geek
0
 

Author Comment

by:hugonieto
ID: 38283586
Thank you guys for the help!!

@Exchange_Geek  i did read the link.... I read about everything about the opening the ports and I did just like it said in there but no luck! However, I was looking for a manual like that one and I couldn't find it so thanks a lot!

@jonyelton I telnet the server with the port 25 and I got a response like this one: 220 servername Microsoft ESMTP Mail service ready at sat, 11 august 2012 07:20:45-0500

I guess this means that port 25 or any other port is having a connection between any client and server. Also, the only logs I could find on the firewall are these ones. These are under firewall longs and emails. I don't think this is right because of these dates!! 1969 Dec 31????


1969 Dec 31 18:00:27 [FVS336GV2] [root] [SYSTEM START-UP] System Started
1969 Dec 31 18:00:31 [FVS336GV2] [wand] [FW] Firewall Restarted
1969 Dec 31 18:00:38 [FVS336GV2] [wand] [IPSEC] IPSEC Restarted
1969 Dec 31 18:00:52 [FVS336GV2] [wand] [FW] Firewall Restarted
                - Last output repeated twice -
1969 Dec 31 18:01:18 [FVS336GV2] [wand] [IPSEC] IPSEC Restarted
1969 Dec 31 18:01:52 [FVS336GV2] [wand] [FW] Firewall Restarted
1969 Dec 31 18:01:58 [FVS336GV2] [wand] [IPSEC] IPSEC Restarted
0
 

Author Comment

by:hugonieto
ID: 38283805
Hi guys! an update on my issue. I disconnected the firewall and reconnected the router we had between AT&T and our network with this new ISP. I added the new WAN IP to this router and everything else stayed the same. I still don't have the ports open and still I can't receive emails but I'm able to send out. Also, now I can acces access to OWA inside of my network with the external link which I couldn't do with the firewall. However, when I try to access it outside of my network I can't. I guess this leaves out the option of the firewall been bad. If it is happing with the old router as well then is not the firewall the issue. Do you think it might be the ISP?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38284383
That is my first question: what ports do the isp allow.. you say everything worked with AT&T but don't work with new provider.. then it is the provider that is blocking those ports.

You shouldn't have had to change ANYTHING at your end other than configuring your external IP address in DNS.  No router/firewall changes unless you had fixed ip address's on the WAN side.
0
 

Author Comment

by:hugonieto
ID: 38284744
Thanks ve3ofa: I don't know what ports FirstCommunication allow to be open. I'm trying to get in touch with them but I haven't be able to do it because is the weekend I guess. Stupid question! is there a way to know without contacting them? Everything was working fine with AT&T but when switching to FirstCommunications we stopped receiving emails and stop having access to OWA. I agree with you, I think it is the ISP as well but how come that they block most of the ports??? I use http://www.mxtoolbox.com to check our domain elhogardelnino.org and there I do a SMTP test and it doesn't pass it because port 25 is blocked and when I scan for ports as well all ports scanned are blocked!!!! I don't understand why they would block most of the ports!!
0
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 2000 total points
ID: 38284771
That is the speciality of ISP, they love to block everything for you - without understanding your needs - I've faced similar situation before with one of my clients.

So, I'd agree on the same part - get on call with them and get details from them rather than assuming stuff. We're all of the same consent that ISP has to open ports from their end to allow the traffic to flow in.

Regards,
Exchange_Geek
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38290297
That is the price one pays without investigating things first..
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question