NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
fvs318n - Internet working only for wifi users
Hi there, Afters some attempts trying to get everything to work with my new fvs318n vpn firewall I do find a very odd internet access problem. For some reason my wireless devices do not have any...
Btw., our problem is not particulary with WLAN users vs. LAN users, I tracked my webbrowsing-problem down to a problem with DNS lookups through the FVS318N:
If I use the FVS318N as DNS, normal lookups are no problem, at least since I switched on it's DNS proxy feature.
But, sometimes I need to do a DNS query directly from a host in the LAN to our own DNS servers in the wild, to test their configuration and monitor them.
For example I do something like this:
dig @dns.mycompany.foo somenewdomain.bar NS
If I use the IPv6 connection provided by my SIXXS tunnel everything works fine. Due to the tunneling, from the FVS318N's point of view this is just some application traffic on some high port.
But, if I use IPv4, about 50% of the queries fail with "destination unreachable" within ~2ms. The short period of time, 2 ms, proofs that the "destination unreachable" must originate from the FVS318N, because there is no way the connection could get to the next hop in this short time.
To clarify the "about 50%":
Usually it works for a few queries (or minutes?), then it stops working for a few queries or minutes, some time later it works again, and so on.
Everything else works fine.
When I leave the FVS318N out of the chain and use my provider's cable modem directly, the DNS queries work well all the time.
The FVS318N is configured IPv4 only and the only firewall rules are some incoming port forwardings on ports other than 53 (like 443, 22, ...).
I suspect that some of the hidden internal firewall rules of the FVS318N just over-do their job in trying to prevent some kind of DOS attack.
Regards Christoph
If I use the FVS318N as DNS, normal lookups are no problem, at least since I switched on it's DNS proxy feature.
But, sometimes I need to do a DNS query directly from a host in the LAN to our own DNS servers in the wild, to test their configuration and monitor them.
For example I do something like this:
dig @dns.mycompany.foo somenewdomain.bar NS
If I use the IPv6 connection provided by my SIXXS tunnel everything works fine. Due to the tunneling, from the FVS318N's point of view this is just some application traffic on some high port.
But, if I use IPv4, about 50% of the queries fail with "destination unreachable" within ~2ms. The short period of time, 2 ms, proofs that the "destination unreachable" must originate from the FVS318N, because there is no way the connection could get to the next hop in this short time.
To clarify the "about 50%":
Usually it works for a few queries (or minutes?), then it stops working for a few queries or minutes, some time later it works again, and so on.
Everything else works fine.
When I leave the FVS318N out of the chain and use my provider's cable modem directly, the DNS queries work well all the time.
The FVS318N is configured IPv4 only and the only firewall rules are some incoming port forwardings on ports other than 53 (like 443, 22, ...).
I suspect that some of the hidden internal firewall rules of the FVS318N just over-do their job in trying to prevent some kind of DOS attack.
Regards Christoph
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
