NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FVS318N not port forwarding, nothing being allowed inbound.
I have purchased an configured a FVS318N as the firewall to our failover Internet connection but I am having problems getting anything in from the outside world. I have configured many FVS338 firewalls so I am quite familiar with setting up inbound rules.
I originally mirrored our current FVS338 configuration but as of now all I have is 2 HTTPS rules, one goes to our Sonicwall SSL VPN and another goes to our server for webmail.
At first I thought it was the DG834 router but if I look at the logs of the FVS318N I can see that the traffic is getting past the router and is hitting the firewall as an Accepted Packet.
Here is an example of the log:
Mon Nov 19 16:28:14 2012(GMT+0000) [FVS318N][Kernel][KERNEL] WAN_LAN[ACCEPT]IN=eth1 OUT=bdg1 SRC=109.158.121.186 DST=192.168.0.252 LEN=48 TOS=0x00 PREC=0x80 TTL=113 ID=51806 DF PROTO=TCP SPT=2622 DPT=443 WINDOW=16384 RES=0x00 SYN URGP=0
According to this it is accepting the packet but the browser just gives the usual Cannot display webpage.
I have tried all different ports, as well as 'any', as well as different web browsers, this shows that I am clutching at straws with this.
It had the latest firmware but I have downgraded 4.1.1-14 just to see if this was the issue as well.
Can anybody shed any light as to why I cannot get this to port forward and allow traffic into my LAN.
Many Thanks
Neal.
I originally mirrored our current FVS338 configuration but as of now all I have is 2 HTTPS rules, one goes to our Sonicwall SSL VPN and another goes to our server for webmail.
At first I thought it was the DG834 router but if I look at the logs of the FVS318N I can see that the traffic is getting past the router and is hitting the firewall as an Accepted Packet.
Here is an example of the log:
Mon Nov 19 16:28:14 2012(GMT+0000) [FVS318N][Kernel][KERNEL] WAN_LAN[ACCEPT]IN=eth1 OUT=bdg1 SRC=109.158.121.186 DST=192.168.0.252 LEN=48 TOS=0x00 PREC=0x80 TTL=113 ID=51806 DF PROTO=TCP SPT=2622 DPT=443 WINDOW=16384 RES=0x00 SYN URGP=0
According to this it is accepting the packet but the browser just gives the usual Cannot display webpage.
I have tried all different ports, as well as 'any', as well as different web browsers, this shows that I am clutching at straws with this.
It had the latest firmware but I have downgraded 4.1.1-14 just to see if this was the issue as well.
Can anybody shed any light as to why I cannot get this to port forward and allow traffic into my LAN.
Many Thanks
Neal.
15 Replies
- Hi jmizoguchi
I have tried using both rules on their own and it is still the same.
Thanks
Neal. - What is the LAN IP of the router? What is the default gateway on device .252?
- Hi Adit
Looks like you hit the nail on the head, I had not taken into account that under a real life scenario of us losing the main Internet connection all Gateways would be changed by default to the failover connection. This is where it pays to have a dual WAN device that keeps the same LAN IP but automatically fails over the WAN connection. I now feel I complete idiot as this is basic rule of thumb networking.
Many Thanks for the help, same to you jmizoguchi your input was much appreciated.
We can now lay this one to rest.
Kind Regards
Neal. - I am having a similar problem with a brand new FVS-318N
I setup port forwarding for HTTP service default port 80 to a fixed IP on the LAN.
This worked just fine previously with an older FVS-318 (2003).
Setup as Follows in FVS-318N, Security, LAN WAN Rules:
Outbound ALWAYS ALLOW
Inbound
HTTP Always Allow, 192.168.9.6, LAN users (blank), WAN users (any) destination broadband, bandwidth profile NONE, log NEVER.
This is the ONLY service configured at this time. TGlagowski wrote: I am having a similar problem with a brand new FVS-318N
I setup port forwarding for HTTP service default port 80 to a fixed IP on the LAN.
This worked just fine previously with an older FVS-318 (2003).
Setup as Follows in FVS-318N, Security, LAN WAN Rules:
Outbound ALWAYS ALLOW
Inbound
HTTP Always Allow, 192.168.9.6, LAN users (blank), WAN users (any) destination broadband, bandwidth profile NONE, log NEVER.
This is the ONLY service configured at this time.
try to keep it to single thread. :)
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
