NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FVS318G DMZ and correct rules
Hi there,
I searched through all the postings and couldn't find anything that seemed to fit my simple issue. We have a project where we need to have 3 machines in front of the FVS318G so those 3 machines don't have anything blocking access to the internet (for things like torrents, chats, streaming, etc).
Rather than doing port forwarding thru the firewall, I thought it would be easier to setup the DMZ port.
I did that and connected a switch to the DMZ port. The machines on the DMZ get 192.168.10.x. The machines behind the firewall get 192.168.2.x
For the DMZ I also added the "DMZ WAN Rules" Outbound Services rule of always allow for all services. I did not add any other rules, so no Inbound Rules.
The machines on the DMZ can browse the Internet with no issues, but everything with specific ports, like the torrents, are not working. We did disable the firewall on the machines for testing to confirm that it was not the machine blocking.
So my guess is that I am missing some type of DMZ WAN Inbound Services rule. But those rules seemed to be for having a server or something on the DMZ, which I don't have.
Please tell me what step or rule I am missing. I just want all the machines on the DMZ to be able to do whatever they need to without having to worry about the ports being allowed/forwarded/etc.
thanks
I searched through all the postings and couldn't find anything that seemed to fit my simple issue. We have a project where we need to have 3 machines in front of the FVS318G so those 3 machines don't have anything blocking access to the internet (for things like torrents, chats, streaming, etc).
Rather than doing port forwarding thru the firewall, I thought it would be easier to setup the DMZ port.
I did that and connected a switch to the DMZ port. The machines on the DMZ get 192.168.10.x. The machines behind the firewall get 192.168.2.x
For the DMZ I also added the "DMZ WAN Rules" Outbound Services rule of always allow for all services. I did not add any other rules, so no Inbound Rules.
The machines on the DMZ can browse the Internet with no issues, but everything with specific ports, like the torrents, are not working. We did disable the firewall on the machines for testing to confirm that it was not the machine blocking.
So my guess is that I am missing some type of DMZ WAN Inbound Services rule. But those rules seemed to be for having a server or something on the DMZ, which I don't have.
Please tell me what step or rule I am missing. I just want all the machines on the DMZ to be able to do whatever they need to without having to worry about the ports being allowed/forwarded/etc.
thanks
19 Replies
- Try open whole range of ports for inbound if that makes any changes
- Do I need to enable UPnP?
Seems like that is one method to allow the incoming traffic to get in.
thanks,
dave - You could use that if what you needs does work
I thought Upnp is for primary lan - I will give it a try next week. I agree that UPnP seems to be a method for getting things through the firewill without port mapping, so it may have no effect on the DMZ.
My concern with creating a DMZ WAN Inbound Service Rule is that the interface for setting up the rule asks for a "DMZ Server IP address", which is supposed to be the IP address of the "server" on the DMZ that is accepting the incoming traffic. My only idea was to try putting in the IP address of the DMZ itself (the gateway) 192.168.10.1 - in the inbound you wil not use actual DMZ server IP you use in the dmz setting section, you need to se any IP which will be the DHCP range you choose to use in the DMZ settings
- Nothing worked.
The program Shareaza communicates on port 6346. The connection test that tries to open an incoming TCP and UPD connection on 64.x.x.x:6346 fails. Windows firewall has been disabled, so it has to be the Netgear router blocking the incoming traffic.
I thought the basic definition of a DMZ was that all ports were open.
The setup screen for the ProSafe DMZ WAN Rules contains the following small text at the bottom "Inbound rules configured in the LAN WAN Rules page will take precedence over the Inbound rules configured in the DMZ WAN Rules page.".
Then the help screen for the LAN WAN rules page says "The Default Inbound Policy is to block all inbound traffic to the LAN from the Internet (WAN)".
So if the LAN WAN rules apply first, and the default inbound rule is to block everything, then how does the DMZ ever get any inbound traffic? Shouldn't the DMZ be in front of the LAN WAN rules? Is this a bug in the ProSafe implementation of the DMZ?????????? - No, that only means that if you have 2 rules (LAN/WAN and DMZ/WAN) both forwarding the same port, the LAN/WAN rule is used.
- Thanks that makes more sense. But then if LAN/WAN blocks everything incoming by default, how do I get the unsolicited incoming traffic to the 5 computers hanging off the DMZ?
Should I setup an Inbound LAN/WAN rule to always allow everything and then route the traffic over to the DMZ IP by putting the 192.168.10.1 (DMZ IP address) into the "LAN Server IP address" box of the inbound rule setup?
Our 5 test computers will be using all kinds of random port numbers for testing, so I cannot use port forwarding.
thanks - did you make WAN DMZ , wide open?
- I tried to make an inbound DMZ WAN rule to allow everything and based on your suggestion of
"in the inbound you wil not use actual DMZ server IP you use in the dmz setting section, you need to se any IP which will be the DHCP range you choose to use in the DMZ settings"
I used the IP address 192.168.10.100 for the "DMZ Server IP address" box that the rule asks for. DMZ is 192.168.10.1 and the clients are 192.168.10.100 thru 10.110.
But that did not work. The port still showed as blocked and was not allowed through to the client machines on the DMZ.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
