NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
atiktepika
Jul 04, 2012Aspirant
fvs318n - Internet working only for wifi users
Hi there,
Afters some attempts trying to get everything to work with my new fvs318n vpn firewall I do find a very odd internet access problem.
For some reason my wireless devices do not have any problem connecting to internet but in the other hand all the users that are directly connected to the firewall do not have internet access.
To make things just a bit more funny, all the computers without internet can use all related google services (gmail,searchs,etc ...) but not any other web-site also if you try to ping or do a trace route to any box on the internet it does seem to work correctly.
I do have the latest firmware also have done a hard reset several times, also ensured that there are no firewall rules causing the problem ( I don't have any!).
Any ideas or thoughts about what the problem can be will be really appreciated!
Thanks, Javier. :o
Afters some attempts trying to get everything to work with my new fvs318n vpn firewall I do find a very odd internet access problem.
For some reason my wireless devices do not have any problem connecting to internet but in the other hand all the users that are directly connected to the firewall do not have internet access.
To make things just a bit more funny, all the computers without internet can use all related google services (gmail,searchs,etc ...) but not any other web-site also if you try to ping or do a trace route to any box on the internet it does seem to work correctly.
I do have the latest firmware also have done a hard reset several times, also ensured that there are no firewall rules causing the problem ( I don't have any!).
Any ideas or thoughts about what the problem can be will be really appreciated!
Thanks, Javier. :o
24 Replies
- jmizoguchiVirtuosoboth are on single vlan?
did you use dns proxy ? - atiktepikaAspirantHi there,
I do have the default single vlan settings and when it comes to DNS I did try a few options, first using the "get automatically from ISP", also setting them manually to Google DNS (8.8....).
What really puzzles me is why wifi users can use internet without any problem and visit any web-site and the computers directly connected to the firewall can only use google...
Thanks, Javier. - jmizoguchiVirtuosoUse google DNS on one of the wired pc and what happens
- tropicAspirantI've had similar issues with the FVS318N. Wired machines cannot browse the net whereas wireless clients (on the very same VLAN) have no problems. I think this behavior appeared somewhere around firmware version 4.1.1-8. I've tinkered with static Vs. DHCP-assigned network settings, MTU, various DNS servers, etc. No dice.
You might want to try the following: downgrade to firmware 4.0.1-67, reset to factory defaults, and reconfigure your settings. The GUI is a bit slower, but LAN Groups, Firewall Rules and UPnP work more reliably IMO. - RomanSAspirantI had the same problem with 4.1.1-14 firmware. Downgrade solved problem. :confused:
- itegAspirantI tried downgrading, but after restoring the settings (exported under 4.1.1-14) the FVS381N was practically dead :-(
I do not want to re-enter all my settings (3 VLANs, ~10 MAC addresses for DHCP and WLAN, ...) in this incredibly slow web interface (1-2 minutes per click), so I upgraded to the bad version again and for now just hope we get a fix at some time.
Regards Christoph - itegAspirantBtw., our problem is not particulary with WLAN users vs. LAN users, I tracked my webbrowsing-problem down to a problem with DNS lookups through the FVS318N:
If I use the FVS318N as DNS, normal lookups are no problem, at least since I switched on it's DNS proxy feature.
But, sometimes I need to do a DNS query directly from a host in the LAN to our own DNS servers in the wild, to test their configuration and monitor them.
For example I do something like this:
dig @dns.mycompany.foo somenewdomain.bar NS
If I use the IPv6 connection provided by my SIXXS tunnel everything works fine. Due to the tunneling, from the FVS318N's point of view this is just some application traffic on some high port.
But, if I use IPv4, about 50% of the queries fail with "destination unreachable" within ~2ms. The short period of time, 2 ms, proofs that the "destination unreachable" must originate from the FVS318N, because there is no way the connection could get to the next hop in this short time.
To clarify the "about 50%":
Usually it works for a few queries (or minutes?), then it stops working for a few queries or minutes, some time later it works again, and so on.
Everything else works fine.
When I leave the FVS318N out of the chain and use my provider's cable modem directly, the DNS queries work well all the time.
The FVS318N is configured IPv4 only and the only firewall rules are some incoming port forwardings on ports other than 53 (like 443, 22, ...).
I suspect that some of the hidden internal firewall rules of the FVS318N just over-do their job in trying to prevent some kind of DOS attack.
Regards Christoph - tropicAspirantI've found that restoring config files on Netgear's ProSafe line of firewalls can be problematic, but restoring the config from a recent firmware to an older one often creates problems no matter the vendor. It isn't a bad idea to set to factory defaults and enter your configuration manually.
I have a pretty simple setup (3 VLANs, 2 WAPs, 12 DHCP reservations), and I can get everything working initially with any of the FVS318N firmwares... but a power cycle can kill it. Firewall rules connected to groups stop working correctly, UPnP dies, etc. Like you mentioned, taking an entire minute to enter a single DHCP reservation is really frustrating when troubleshooting.
For me the intermittent DNS issues seem to stem from this: if the firewall itself queries the external name server (DNS proxy checked), there's no problem, whereas a DNS query from a LAN device to an external server never makes the round trip. Even when the firewall is acting up, you can still ping external devices by name or ip address from the firewall's Diagnostic screen. So perhaps you're right when you say the unit's internal firewall logic is screwed. I've been able to avoid some bugginess by not using the Default VLAN... but it's a shame that you cannot delete it completely and free VLAN ID #1 for use with a fresh profile.
Anyway, I've settled on firmware 4.0.1-67 until Netgear provides a decent upgrade. It has its own quirks, but it doesn't fold under heavy BitTorrent use like more recent firmwares. - jaybbbAspirantI had the same issue, according to netgear support there is an issue with the DNS in the firmware. The support sent me the 4.1.1-15 and everything was fixed.
They just published 4.2.0-14 on the official support page so you should give it a try ! or ask netgear support for 4.1.1-15 - itegAspirantUnfortunatley, their Business support website is not functional currently.
"For Business" (and some other support links) point to http://support.netgear.com/for_business/ which just produces 503 errors :confused:
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!