Re: Port Forwarding with FVS336G Dual Firewall

CDEFrance · ‎2012-12-29

I have the FVS336Gv2 Dual Firewall and I am trying to set up basic port forwarding to allow access to our web server from the other side of the wall (ie through the Internet). Once I can get access to the web server to work I'll apply the same rules for IP cameras and other devices. I've never had a problem doing this through other NetGear routers and firewalls. But I can't get this to work on this one.

I have created the new Service as type TCP, from port 7777 to port 7777 and called it Web-Home (names and port numbers are ficticious) with QoS Priority set to Normal-Service

I created the Inbound Service in the Firewall section for this specific service with ALLOW always as the action, Send to LAN Server - Single Address with the internal LAN IP address at 192.168.0.253 and translate to port number as 80 with WAN Destination IP Address as WAN2 and Bandwidth Profile as NONE.

Obviously I can reach our web server from any browser on our side of the LAN at http://192.168.0.253:80 but from the Internet, using our fixed IP address, it never reaches anything.

I've been looking at this too many times and I'm obviously missing something obvious. But I'm stuck.

Thanks.

jmizoguchi · ‎2012-12-29

Did you change the web server to use port 7777?

Because if you did http://192.168.0.253:80 should not work locally with 80

CDEFrance · ‎2012-12-29

Thank you for your prompt reply.

As I've set the Firewall to translate to port 80 the web server should not need to be looking at port 7777.

The port number declared here 7777 is not the actual number I'm using anyway.

The Firewall should be translating http://externalfixedipaddress:7777 to http://192.168.0.253:80 and the web server wouldn't know the difference.

Thanks

jmizoguchi · ‎2012-12-29

Wrong setup

Port translation should be 7777 and not 80

Use http service

You got flipped

adit · ‎2012-12-29

You both are wrong. You can't ping a port. Forward ICMP (Type 😎 to the server LAN IP.

CDEFrance · ‎2012-12-29

I have set the Translate to Port Number to all 3 possibilities:
Set to 7777
Set to 80
Turned off
None of these changes anything and they still do not work.

I do not want to use the HTTP service as that only covers one web site. I have several and they each need a specific port. Once this works.

To give a working example: if I was using a standard NetGear router I would select Port Forwarding, create a service name, set the start port and end port to be one value and set the server IP address as the local LAN IP address of the machine to forward to. Then from the Internet I would use http://externalip:XXXX where XXXX is the port number. This has always worked for our IP cameras and our various web sites without my having to change the internal port value on the internal web server or on the IP cameras...

PS: I am not trying to PING anything here. This is TCP access through web browsers.

I'm sure I'm missing something here as it should not be this complicated. That's why I provided concrete examples. This has worked for me on every Netgear router for years... up to this one.

Stuck and frustrated...

jmizoguchi · ‎2012-12-29

If you want to use http://public IP:777 points to internal IP: 80

then choose service type HTTP and port translation 7777

jmizoguchi · ‎2012-12-29

To give a working example: if I was using a standard NetGear router I would select Port Forwarding, create a service name, set the start port and end port to be one value and set the server IP address as the local LAN IP address of the machine to forward to. Then from the Internet I would use http://externalip:XXXX where XXXX is the port number. This has always worked for our IP cameras and our various web sites without my having to change the internal port value on the internal web server or on the IP cameras...

if you are ONLY using port 80 then you do NOT need to use port translation

if you are masking the actual server port 80 from WAN then specify the your desire port number under port translation ex 7777 --->80

jmizoguchi · ‎2012-12-29

PS: I am not trying to PING anything here. This is TCP access through web browsers.

You both are wrong. You can't ping a port.

Forward ICMP (Type 😎 to the server LAN IP.

You are correct CDEFRANCE, you aren not discussing ping at at ll

jmizoguchi · ‎2012-12-29

This has always worked for our IP cameras and our various web sites without my having to change the internal port value on the internal web server or on the IP cameras...

You are trying basically

Public IP:7000 --> Lan IP:80
Public IP:7001 --> Lan IP:80
Public IP:7002 --> Lan IP:80
Public IP:7003 --> Lan IP:80

CDEFrance · ‎2012-12-29

None of this is working. So I'm going to use concrete examples.

Let's pretend our external IP address is 22.22.22.22

I want to do the following from the outside

http://22.22.22.22:7777 and that takes me to my web server on http://192.168.0.253 with the standard port 80. That can therefore be http://192.168.0.253 or http://192.168.0.253:80. But it should not be http://192.168.0.253:7777

http://22.22.22.22:7777 should be forwarded to http://192.168.0.253:80
http://22.22.22.22:7778 should be forwarded to http://192.168.0.252:80
http://22.22.22.22:7779 should be forwarded to http://192.168.0.251:80

On LAN IP .253 I've got one web site, on LAN IP .252 I've got a different web site on the same physical server and on LAN IP .251 I've got an IP camera with a built-in web browser polling port 80.

In Security - Services on the FVS336G I create a new service for each one of these:
HOMEWEB TCP Port 7777 7777
DEVWEB TCP Port 7778 7778
OFFCAM TCP Port 7779 7779

In Security Firewall I create a new rule for each of these services:
Service Name as above
ALLOW Always
Send to LAN Server : Single Address
Start (only) the Local IP address as above
Translate to Port Number ticked on and set to 80
WAN Destination : WAN2
...

Locking at the list of Inbound Services this looks exactly as it should:
HOMEWEB 192.168.0.253:80
DEVWEB 192.168.0.252:80
OFFCAM 192.168.0.251:80

As mentioned before I have tried playing around with that Translate To Port field by turning it off, setting it to the same value as the incoming port and setting it to 80. No effect.

It must be something else, somewhere else?

I don't understand why the concept behind port forwarding would be so very different on this Firewall in comparison to all of the other Netgear routers I've worked with like the RP614 or the WGR614...

CDEFrance · ‎2012-12-29

jmizoguchi wrote:
You are trying basically

Public IP:7000 --> Lan IP:80
Public IP:7001 --> Lan IP:80
Public IP:7002 --> Lan IP:80
Public IP:7003 --> Lan IP:80

As per my message I am trying
PublicIP:7000 --> IP.253:80
PublicIP:7001 --> IP.252:80
PublicIP:7002 --> IP.251:80
PublicIP:7003 --> IP.250:80

Each unique incoming port corresponds to a unique local IP address.

CDEFrance · ‎2012-12-29

jmizoguchi wrote:
You are trying basically

Public IP:7000 --> Lan IP:80
Public IP:7001 --> Lan IP:80
Public IP:7002 --> Lan IP:80
Public IP:7003 --> Lan IP:80

As I've said I'm trying basically:

PublicIP:7000 --> Lan 0.253:80
PublicIP:7001 --> Lan 0.252:80
PublicIP:7002 --> Lan 0.251:80
PublicIP:7003 --> Lan 0.250:80

Each incoming port is forwarded to a unique internal LAN IP address

Daedalus01 · ‎2012-12-31

Seems like a moot question but, what kind of server is it? (Server 03, 08, Linux?) Is there a software firewall blocking external connections.