NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
How to configure FVS318N to transmit NAT'ed LAN IP in FTP tranfers in stead of Firewalls WAN-IP.
I'm having this problem. Remote site is connected to the internet in a fixet, multiple IP-adress MPLS setup. The LAN side is presently protected by a Zyxel Zywall, but for a variety of reasons I...
Hi Samir
Apologies for my delayed response.
I'll try to test the setup you are suggesting the next time I'm at the location, but since it's in east Greenland there are no planned trips - I only go there when absolutely necessary.
I will need to close my post here for now, and I'd like to thank all of you for your help.
When I initially opened the case I thought I had just missed to set a checkmark somewhere, and that I could sort of just "copy-paste" the rules etc. from the Zyxel to the netgear.
Cheers
Hmmm, you may be right, but if so I don't understand a thing.
I've set the necessary incoming rules (they work) and I've tried with and without any outgoing rules. I realize I may just lack the understadning of the various terms used in the NETGEAR documentation, but I would think that I do understand enough to set it up to meet my needs.
I use passive - both as the default, and forced, and from a number of different ftp clients (FileZilla, ncftpput, MS ftp, perl ftp and an unknown native and they behave the same. The file is transferred, but the ACK for completion never reaches the transmitting unit.
I like your statement that you prefer Zyxel to NETGEAR, but I was inclined to belive that the (old) Zyxel was somewhat defective and causing a variety of errors (still do) but for the time being I'll stick with the Zyxel. This also to the fact the swapping firewalls on the ISP equipment confuses the ARP tables, so that when I returned the Zyxel to operation it woulnd work until I had the ISP clear the ARP table - I some scary moments there :smileyfrustrated:
Thanks for chipping in.
Br
Ole
If there's no server on the netgear lan, there's no need for any rules for ftp to work (unless you have a double nat, but it doesn't sound like you do). I think the incoming rule may actually be the issue. Could you try removing it and see what happens? In fact, just connect the netgear behind the zyxel--even though it's a double nat scenario, if you're using passive mode it shouldn't be an issue.
"If there's no server on the netgear lan, there's no need for any rules for ftp to work (unless you have a double nat, but it doesn't sound like you do)."
That's what I was thinking - no outgoing rules needed. (yes, no double NAT)
I need incoming rules to filter unwanted traffic, right?
My initial configuration was any-any for outgoing, plus the desired incoming rules in order to filter unwanted traffic and setup NAT.
"I think the incoming rule may actually be the issue. Could you try removing it and see what happens?"
No, can't do that - the unit is at the remote (very remote) location, and I don't want to risk intrusion, in a situation where I'm not present at the site.
"In fact, just connect the netgear behind the zyxel--even though it's a double nat scenario, if you're using passive mode it shouldn't be an issue."
Can't do that either, the netgear is configured with a fixed WAN-IP (same as the Zyxel, obviously) so I don't see that can be done?
This is the setup:
Rules
WAN-IP
Thank you for the diagrams as it makes it very clear. I wish others could do that in their threads!
So normally (and probably your current setup), the zyxel is in place of the netgear in the diagram showing the computer on the lan, correct? If so, you can plug a [i]default configuration[/i] 318n wan port into the lan port of the zyxel and then the computer on the lan into the lan port on the 318n. By default, the 318n will allow traffic to pass to the zyxel which will in turn pass it on to the Internet. This should work without an issue.
All those rules and services may be the issue. By default, the netgear will pass ZERO traffic to your lan, so you're actually punching holes in the firewall rather than securing the device.
If you have remote management configured on the netgear and someone there who could physically make the cable changes, you can easily test without physically being there.
SamirD wrote:
Thank you for the diagrams as it makes it very clear. I wish others could do that in their threads!
Yep, a picture is always good
So normally (and probably your current setup), the zyxel is in place of the netgear in the diagram showing the computer on the lan, correct? If so, you can plug a *default configuration* 318n wan port into the lan port of the zyxel and then the computer on the lan into the lan port on the 318n. By default, the 318n will allow traffic to pass to the zyxel which will in turn pass it on to the Internet. This should work without an issue.
I hear what you are saying, but this make the 318 a simple hub, right?
All those rules and services may be the issue. By default, the netgear will pass ZERO traffic to your lan, so you're actually punching holes in the firewall rather than securing the device.
Yeah, well, that was the intention, allow access for legal external IP adresses, and preventing unwanted.
If you have remote management configured on the netgear and someone there who could physically make the cable changes, you can easily test without physically being there.
I did that too, before I threw the towel, but after the futile attemtps to make the 318 forward the LAN/NAT/WAN-IP of the transmitting unit, I re-inserted the Zyxel.
The local hands are not able to fiddle with the 318, and since it's voluntary aid I don't want to exhaust my goodwill on an activity that will take a rather long time (already have) with little chance of success.
I may even consider getting another make unit for installation at the site.
Thanks for your contributions :smileyhappy:
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
