Problems opening ports 25 443 110 and 80 in netgear firewall

Hi guys! Im back again. We just switched ISP's from AT&t to FirstCommunications. I set up a netgear prosafe firewall fvs336gv2 and I'm not so sure how to open the basic ports needed for Exchange 2010 (25, 110, 443, and 80) I played around trying to open them but I'm not sure if I did it correctly. In the LAN WAN rules section I added the inbound services for these ports. Also, in the port triggering section I added the rules for these ports as well. ALSO, in the SSL VPN section I forwarded in this section these ports too. I'm able to send emails out but I can't receive any. I check if the ports are open in canyouseeme.org and they are not. Please help me out! I know I'm doing something wrong in the configuration of the firewall but I just don't know what. When I had AT&T everything was fine!!! I checked the wireless router we had between AT&T's cisco router and our switches to copy the settings for the ports but they were forwarding the same ports I'm trying with the netgear firewall. I don't know what to do!!


Thank you!
hugonietoAsked:
Who is Participating?
 
Exchange_GeekConnect With a Mentor Commented:
That is the speciality of ISP, they love to block everything for you - without understanding your needs - I've faced similar situation before with one of my clients.

So, I'd agree on the same part - get on call with them and get details from them rather than assuming stuff. We're all of the same consent that ISP has to open ports from their end to allow the traffic to flow in.

Regards,
Exchange_Geek
0
 
Exchange_GeekCommented:
Possibly this solution would work for you

http://community.spiceworks.com/topic/153830-netgear-prosafe-vpn-firewall-fvs336gv2-port-forwarding

Regards,
Exchange_Geek
0
 
jonyeltonCommented:
well, clearly the issue is in the rules you set up.  You said in the LAN WAN rules, but these should be WAN LAN rules (outside to inside).  Check to see if you put in on the wrong side.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
hugonietoAuthor Commented:
Thanks  Exchange_Geek! I will check it out right now.

jonyelton, thanks! I checked but I don't see any option for WAN LAN... I have one option for DMZ WAN rules but I don't have any DMZ network set up.
0
 
jonyeltonCommented:
Here is a link to the manual, starts on page 49 for port forwarding.  It would be helpful if you can post some screenshots of your firewall screens.  Maybe it's a simple mistake in the IP addresses.

http://www.downloads.netgear.com/files/FVS336Gv2_RM_14_April10v.pdf
0
 
hugonietoAuthor Commented:
Here are one screen shot of the section LAN WAN rules and one of the section triggering. In the LAN WAN section I disabled the outbound rules because I don't think that's necessary and even though I enable them I still have the issue.
firewall.png
triggering.png
0
 
jonyeltonCommented:
I don't see any reason for port triggering?  I would disable those, I don't think it's serving any purpose for you.  For kicks and giggles, try again after you disable the triggering.

Let's eliminate the computer and make sure it's the firewall.  On a local computer, telnet to your server over port 25, does it connect?  At a command prompr, do telnet 192.168.1.187 25

If it fails, then check the local windows firewall on your server.  

A casual glance shows that your IP rules look good.  If we confirm it's the firewall using the telnet above, I think your best bet is to call netgear if it's a new firewall.
0
 
jonyeltonCommented:
One more thing you can try, is to post the logs files in case it shows the denies, or a real time monitor showing the deny.  The screen shots show that it's being logged, so it might reveal something.
0
 
Exchange_GeekCommented:
I'd agree with @jonyelton. Reading logs would remove all the assumptions and can present a real time picture of the situation.

BTW @hugonieto did you happen to read the link i sent, was it useful to you?

Happy Weekend

Regards,
Exchange_Geek
0
 
hugonietoAuthor Commented:
Thank you guys for the help!!

@Exchange_Geek  i did read the link.... I read about everything about the opening the ports and I did just like it said in there but no luck! However, I was looking for a manual like that one and I couldn't find it so thanks a lot!

@jonyelton I telnet the server with the port 25 and I got a response like this one: 220 servername Microsoft ESMTP Mail service ready at sat, 11 august 2012 07:20:45-0500

I guess this means that port 25 or any other port is having a connection between any client and server. Also, the only logs I could find on the firewall are these ones. These are under firewall longs and emails. I don't think this is right because of these dates!! 1969 Dec 31????


1969 Dec 31 18:00:27 [FVS336GV2] [root] [SYSTEM START-UP] System Started
1969 Dec 31 18:00:31 [FVS336GV2] [wand] [FW] Firewall Restarted
1969 Dec 31 18:00:38 [FVS336GV2] [wand] [IPSEC] IPSEC Restarted
1969 Dec 31 18:00:52 [FVS336GV2] [wand] [FW] Firewall Restarted
                - Last output repeated twice -
1969 Dec 31 18:01:18 [FVS336GV2] [wand] [IPSEC] IPSEC Restarted
1969 Dec 31 18:01:52 [FVS336GV2] [wand] [FW] Firewall Restarted
1969 Dec 31 18:01:58 [FVS336GV2] [wand] [IPSEC] IPSEC Restarted
0
 
hugonietoAuthor Commented:
Hi guys! an update on my issue. I disconnected the firewall and reconnected the router we had between AT&T and our network with this new ISP. I added the new WAN IP to this router and everything else stayed the same. I still don't have the ports open and still I can't receive emails but I'm able to send out. Also, now I can acces access to OWA inside of my network with the external link which I couldn't do with the firewall. However, when I try to access it outside of my network I can't. I guess this leaves out the option of the firewall been bad. If it is happing with the old router as well then is not the firewall the issue. Do you think it might be the ISP?
0
 
David Johnson, CD, MVPOwnerCommented:
That is my first question: what ports do the isp allow.. you say everything worked with AT&T but don't work with new provider.. then it is the provider that is blocking those ports.

You shouldn't have had to change ANYTHING at your end other than configuring your external IP address in DNS.  No router/firewall changes unless you had fixed ip address's on the WAN side.
0
 
hugonietoAuthor Commented:
Thanks ve3ofa: I don't know what ports FirstCommunication allow to be open. I'm trying to get in touch with them but I haven't be able to do it because is the weekend I guess. Stupid question! is there a way to know without contacting them? Everything was working fine with AT&T but when switching to FirstCommunications we stopped receiving emails and stop having access to OWA. I agree with you, I think it is the ISP as well but how come that they block most of the ports??? I use http://www.mxtoolbox.com to check our domain elhogardelnino.org and there I do a SMTP test and it doesn't pass it because port 25 is blocked and when I scan for ports as well all ports scanned are blocked!!!! I don't understand why they would block most of the ports!!
0
 
David Johnson, CD, MVPOwnerCommented:
That is the price one pays without investigating things first..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.