Start a New Discussion

Start a New Discussion

Reply
fredjchavez
Aspirant
Aspirant
‎2011-08-17 05:52 PM
‎2011-08-17 05:52 PM

dgn3500

recently installed this adsl router and it works like a champ.

My issue is as follows:

I have static IP from my ISP
I have inside ip of 192.168.1.1
I have other servers on the inside and the firewall rules (port 25 to my email server for example) work fine (no port forwards)

I have vpn server listening in on 192.168.1.4 on udp 1194. I am unable to connect to the vpn server from outside of my network.

Am I supposed to use firewall rule for 1194 udp or a forwarding rule or both?

The vpn is up and I can connect to it from inside my network but the packets arent flowing whenever I am outside of my network. The configuration worked previously with an older linksys router.

I have tried opening up the scope to ALL udp packets and various combinations of firewall settings and port forwarding to my vpn server. I am running tcpdump on my vpn server and nothing ever comes into it so I believe the router is not forward/accepting packets.

Please advise. Thanks.

Freddy
Message 1 of 7
0 Kudos
Reply
jmizoguchi
Virtuoso
Virtuoso
‎2011-08-17 06:10 PM
‎2011-08-17 06:10 PM

Re: dgn3500

firewall rules/forwarding is same place

you will need to create rules to proper ports pointed LAN server
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 2 of 7
0 Kudos
Reply
fredjchavez
Aspirant
Aspirant
‎2011-08-17 07:10 PM
‎2011-08-17 07:10 PM

Re: dgn3500

Let me clarify.

On my netgear, I have a "firewall rules", and immediately below that link is "port forwarding". They display different information. I have defined rules to forward to my email server via "firewall rules" to my imap server, etc. These work fine.

What I am saying is using a similar process to defining rules to my openvpn box is resulting in timeouts (no passing traffic to port 1194).

I have set inbound rules for port 1194 so many times I lost count. I even tried setting my .4 box as the DMZ. Something is funky with the port forwarding as the system does not even log that anything is taking place.

Regards

Freddy
Message 3 of 7
0 Kudos
Reply
jmizoguchi
Virtuoso
Virtuoso
‎2011-08-17 07:14 PM
‎2011-08-17 07:14 PM

Re: dgn3500

don't use DMZ and forwarding at same time as well. use one feature at a time to single IP
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 4 of 7
0 Kudos
Reply
fredjchavez
Aspirant
Aspirant
‎2011-08-17 07:59 PM
‎2011-08-17 07:59 PM

Re: dgn3500

I would like to know why some of my ports are forwarding just fine but the UDP 1194 is not. I even went so far as to check IPCHAINS and they look correct.

Any other thoughts or is it hosed and I need to factory reset?
Message 5 of 7
0 Kudos
Reply
fredjchavez
Aspirant
Aspirant
‎2011-08-17 09:06 PM
‎2011-08-17 09:06 PM

Re: dgn3500

I thought it might be best to show my config for ipchains:


# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 2 -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT esp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:500
DROP tcp -- anywhere anywhere tcp dpts:20:21
ACCEPT tcp -- anywhere 70-36-xxx-xxx.dsl.static.sonic.nettcp dpt:7547
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DOS tcp -- anywhere anywhere tcp flagsSmiley FrustratedYN,RST,ACK/SYN
DOS udp -- anywhere anywhere
DOS icmp -- anywhere anywhere icmp echo-request
PROXY all -- anywhere anywhere
LOCAL_SERVICE all -- anywhere anywhere
FTP_SHARES all -- anywhere anywhere
HTTPS_SHARES all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
OUT_FILTER all -- anywhere anywhere
CFILTER all -- anywhere anywhere
FW_BASIC all -- anywhere anywhere
PORT_FORWARD all -- anywhere anywhere
DOS tcp -- anywhere anywhere tcp flagsSmiley FrustratedYN,RST,ACK/SYN
DOS udp -- anywhere anywhere
DOS icmp -- anywhere anywhere icmp echo-request
IN_FILTER all -- anywhere anywhere
MINIUPNPD all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain BLOCK (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `[BLOCK] '
REJECT tcp -- anywhere anywhere tcp dpt:80 reject-with http-block

Chain CFILTER (1 references)
target prot opt source destination
HTTP tcp -- anywhere anywhere tcp dpt:80 flags:FIN,SYN,RST,PSH,ACK,URG/PSH,ACK STRING match "GET" ALGO name bm TO 65535
HTTP tcp -- anywhere anywhere tcp dpt:80 flags:FIN,SYN,RST,PSH,ACK,URG/PSH,ACK STRING match "POST" ALGO name bm TO 65535
HTTP tcp -- anywhere anywhere tcp dpt:80 flags:FIN,SYN,RST,PSH,ACK,URG/PSH,ACK STRING match "HEAD" ALGO name bm TO 65535

Chain DOS (6 references)
target prot opt source destination

Chain FTP_SHARES (1 references)
target prot opt source destination

Chain FW_BASIC (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flagsSmiley FrustratedYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere MARK match 0x2511
ACCEPT all -- anywhere anywhere

Chain HTTP (3 references)
target prot opt source destination

Chain HTTPS_SHARES (1 references)
target prot opt source destination

Chain IN_FILTER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.1.4 tcp dpt:1194
ACCEPT udp -- anywhere 192.168.1.4 udp dpt:1194
ACCEPT tcp -- anywhere 192.168.1.246 tcp dpt:25
ACCEPT tcp -- anywhere 192.168.1.244 tcp dpt:443
ACCEPT tcp -- anywhere 192.168.1.244 tcp dpt:993

Chain LOCAL_SERVICE (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere MARK match 0x2511
ACCEPT tcp -- anywhere www.routerlogin.comtcp dpt:80
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere www.routerlogin.comtcp dpt:23

Chain MINIUPNPD (1 references)
target prot opt source destination

Chain OUT_FILTER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain PORT_FORWARD (1 references)
target prot opt source destination

Chain PROXY (1 references)
target prot opt source destination

Chain SCAN (0 references)
target prot opt source destination
#
Message 6 of 7
0 Kudos
Reply
jmizoguchi
Virtuoso
Virtuoso
‎2011-08-17 09:12 PM
‎2011-08-17 09:12 PM

Re: dgn3500

it's hard to say but if you have not load latest firmware, I would try that tooSmiley Happy
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 7 of 7
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 6 replies
  • ‎2011-08-17 05:52 PM
  • 3144 views
  • 0 kudos
  • 2 in conversation
Announcements