Orbi WiFi 7 RBE973
Reply

Re: FVS318N Can’t Port Forward

lippy
Aspirant

FVS318N Can’t Port Forward

Okay. I’m throwing the uncle card.

I can’t get the FVS318N to port forward. I’m trying to forward port 1723 (PPtP) for VPN into our server. I get out, I hit the server, but it is being blocked on the return by the FVS318N. A port scan shows the same. I can change the port from “Stealth” to “Closed”, when I port scan and can’t get any further.

Client (Dell D830; XP, Static IP) --> Switch (HP 1810G) --> FVS318N --> Modem (Motorola SB5101) --> IP Provider (DHCP; no ports blocked)

1. Security > Services > Custom Service Table: create custom TCP service for PPtP on port 1723

2. Security > Firewall > LAN WAN Rules: Create custom Inbound Service Rule.

- Tried both the preconfigured PPtP service in the FVS318N and the manually created custom service;
- Tried both the static IP client address and the router address in the "Send to LAN Server";
- The LAN device addresses have been reconfigured to 192.168.124.1 +;
- Tried bypassing the switch, with direct Ethernet into the FVS318N (rule out the hop from the switch);
- The Client has Zone Alarm as anti-virus with firewall. Tried to open a port in the firewall; likewise, shutdown Zone Alarm (rule out the AV/Firewall software);
- Tried a port scan from another client running Vista with the same results (rule out the AV/Firewall software and O.S. and machine);

What am I missing?
Message 1 of 21
jmizoguchi
Virtuoso

Re: FVS318N Can’t Port Forward

Why use pptp, You should consider using SSL-VPN
Message 2 of 21
adit
Mentor

Re: FVS318N Can’t Port Forward

Does the FVS have a public IP on it's WAN?
Message 3 of 21
lippy
Aspirant

Re: FVS318N Can’t Port Forward

adit wrote:
Does the FVS have a public IP on it's WAN?


Adit, thanks for replying.

I’m *assuming* “public IP on WAN” refers to the Inbound Service field (WAN Destination to IP Address)?

And I’m also assuming that should be populated by the IP Provider’s IP address that can be found here:
Network Configuration >> Broadband ISP Settings >> Broadband Status ?

or the server's IP address that's trying to get in?
Message 4 of 21
jmizoguchi
Virtuoso

Re: FVS318N Can’t Port Forward

I’m *assuming* “public IP on WAN” refers to the Inbound Service field (WAN Destination to IP Address)


inbound is for the remote WAN IP that is coming from

actual WAN of the router ... I think you have since 5120 is just a basic cable modem
Message 5 of 21
lippy
Aspirant

Re: FVS318N Can’t Port Forward

jmizoguchi wrote:
inbound is for the remote WAN IP that is coming from

actual WAN of the router ... I think you have since 5120 is just a basic cable modem


June, Thanks for replying.

So for the the Inbound Service rule, in the WAN Destination IP Address, this should be set to the "Broadband"? Or the IP Address of the FVS318N?
Message 6 of 21
jmizoguchi
Virtuoso

Re: FVS318N Can’t Port Forward

lippy wrote:
June, Thanks for replying.

So for the the Inbound Service rule, in the WAN Destination IP Address, this should be set to the "Broadband"? Or the IP Address of the FVS318N?


REMOTE public IP that is coming from.

NOT broadband or FVS.

REMOTE... OTHER than your local network IP.. if you are doing from HOME, you need HOME PUBLIC IP.. = if you don't have static IP with your ISP then you can not use it respectively since IP can change depending on ISP at home.


WAN destination is feature to secure the IP (REMOTE) so that ONLY remote IP can use this ...
Message 7 of 21
lippy
Aspirant

Re: FVS318N Can’t Port Forward

June, thanks for the answer, and I understand.

I want to backup to a more basic level: Port Forwarding.

I followed the instructions posted here:
http://kbserver.netgear.com/kb_web_files/N101145.asp
with the second set of instructions (FVS318v3); that set of instructions is closer than the others.

I created a inbound rule from the standard rules for FTP (port 21). In the 'Send to LAN' I have put the IP address of my static-IP client (192.168.124.175).

When I perform a port scan through ShiedsUP!, I can see the port change from 'Stealth' to 'Closed'. I can never get it to 'Open'.

What am I missing?
Message 8 of 21
jmizoguchi
Virtuoso

Re: FVS318N Can’t Port Forward

some ISP blocks common ports like ftp so make sure you check it out
Message 9 of 21
TGlagowski
Aspirant

Re: FVS318N Can’t Port Forward

I too am having the same problem...
I upgraded from an FVS-318 (non wireless, circa 2003) to an FVS-318N (brand new) and setup the port forwarding.
ShieldsUp web site shows port 80 OPEN.
The server to which I am forwarding the port (manual config LAN IP) is not processing the message...
Previously, the same server, same server address, same ISP, was working with the old FVS-318 router with the HTTP service configured.
I must be missing some little thing in how to configure the FVS-318N.
Yes, I am sure the ISP does not block the port 80 packet.
Yes, the server machine is correctly configured.
Terry 🙂
Message 10 of 21
jmizoguchi
Virtuoso

Re: FVS318N Can’t Port Forward

So from remote location you are not able to reach the server?
Message 11 of 21
TGlagowski
Aspirant

Re: FVS318N Can’t Port Forward

DUNNO if I can actually access it from a remote location I am not at one, I am at my local site.
I can access the HTTP server using the local LAN address AOK.
I can access the HTTP server using the NETBIOS name AOK.
I can PING the WEB URL using the router or the Windows command line client, NS lookup says the Dynamic DNS is routing me to the WAN IP that my ISP has given me via DHCP.
My FVS318 (non wireless router) worked AOK, but the new FVS318N (wireless router) does NOT seem to be letting me access the server by using the WEB URL.
Do you have an explanation or a setting that will fix this?
Terry 🙂
Message 12 of 21
TGlagowski
Aspirant

Re: FVS318N Can’t Port Forward

More Information...
My wife connected using here iPhone NOT on the LAN but using cell wireless...
I got the following response when trying to reach the WEB URL...
Error 502 bad gateway response error - a bad response was received from another proxy server or the destination origin server...
This did NOT happen when I was using the FVS318 (non-wireless router).
???
Terry 🙂
Message 13 of 21
jmizoguchi
Virtuoso

Re: FVS318N Can’t Port Forward

That means loop back issues that router can not handle if you can use private ip but not with actual domain

If remote user can access http then loop back issues

Most prosafe supports but looks like it is not on this model
Message 14 of 21
TGlagowski
Aspirant

Re: FVS318N Can’t Port Forward

I hope I didn't just waste $150 for this new FVS318N router when the old FVS318 was working... I wanted a more up to date piece of equipment that is 10 years newer, perhaps with more advanced capabilities, AND better wireless than the old WG602.

Let me go over the specifics to make sure you and I are on exactly the same page.
My DynDNS URL is www.glagowski.org (glagowski.DynDns.org)
Currently as of right now, the ISP DHCP is 99.37.18.144.
On the LAN side, I'm using 192.168.9.* subnet, the router is 192.168.9.1
The HTTP server \\CONTEST is 192.168.9.6 manually set IP but on WLAN not LAN, and definitely NOT on the DMZ port #8.

From another computer on the same LAN:
In MSIE, if I issue http://CONTEST the WEB Server works.
In MSIE, if I issue http://192.168.9.6 the WEB Server works.
In console if I issue ping www.glagowski.org I get a response.
If I issue ping 99.37.18.144 I get a response.
If I issue NSLOOKUP www.glagowski.org I get the correct IP.
This indicates my Dynamic DNS is working correctly...

However, in MSIE if I issue http://www.glagowski.org I get the following:
"The server at www.glagowski.org is taking too long to respond"
Note, this MSIE is located on the same LAN as the server.

From iPhone I get the 502 error...

Everything worked AOK with the older FVS318 (non wireless) when I setup the port service for HTTP (port 80) from the WAN to the LAN 192.168.9.6 NAT translation...
I gotta think that there is some other little magic secret in the FVS318N settings that I don't have set right, not that the FVS318N is incapable of this very basic function...
Terry 🙂
Message 15 of 21
TGlagowski
Aspirant

Re: FVS318N Can’t Port Forward

Well...
It's working AOK now...
I connected the server using ethernet wired connection to ethernet port #3 on the router and disabled the wireless adapter on the server and enabled the wired adapter on the server and setup the IP addresses accordingly.
I then went directly to the DynDns web site and manually updated the ISP DHCP IP so that NSLOOKUP gets the current IP at the router.
Everything now works to use the external URL to access the WEB server using NAT...
I DON'T know what was wrong, or what I did to fix it...
Could it be that the FVS318N doesn't like doing NAT to wireless devices?
I'll do another experiment tomorrow to verify that is the problem or not...
Thanks for your replies even if they didn't solve the problem...
Terry 🙂
Message 16 of 21
adit
Mentor

Re: FVS318N Can’t Port Forward

It could have had the wrong default gateway programmed. It could have also been a problem if you had 2 NIC's enabled with which both had default gateway settings programmed.
Message 17 of 21
TGlagowski
Aspirant

Re: FVS318N Can’t Port Forward

As a follow up on the FVS318N port forwarding issue...
This evening when I got home from work, I setup the WEB server on a WLAN adapter instead of a wired LAN adapter and the port forwarding still worked.
SO... its a mystery as to why I had so much trouble getting a basically straightforward feature working in the first place, but all is well...

It seems like the FVS318N is operating a little faster than the old FVS318 did.
I would expect SOME kind of improvements for 10 years advancement in technology!

Now... moving on to setting the security a little better for this LAN system!
Thanks for all who replied - Terry : )
Message 18 of 21
jmizoguchi
Virtuoso

Re: FVS318N Can’t Port Forward

Sometime patient off and not rush it:)

Enjoy
Message 19 of 21
LisaNels
Aspirant

Re: FVS318N Can’t Port Forward

I'm having the same type of issues.... I had a working linksys router configured to pass only ports 5060, and 10000-20000 to my pbx. Simple, worked great.

This fvs318n is not working at all, I've tried just those ports, and then also tried ANY. I've been fighting this since 4.0 firmware... it's too unstable to put in a business environment.

Having a inbound rule to pass ANY to my PBX should not only allow my pbx to connect to the trunks, but also open up my server to attacks... I'd settle for that if I could at least get it half-way working...
:mad:
Message 20 of 21
adit
Mentor

Re: FVS318N Can’t Port Forward

LisaNels wrote:
I'm having the same type of issues.... I had a working linksys router configured to pass only ports 5060, and 10000-20000 to my pbx. Simple, worked great. This fvs318n is not working at all, I've tried just those ports, and then also tried ANY. I've been fighting this since 4.0 firmware... it's too unstable to put in a business environment. Having a inbound rule to pass ANY to my PBX should not only allow my pbx to connect to the trunks, but also open up my server to attacks... I'd settle for that if I could at least get it half-way working... :mad:
An Inbound ANY Rule to your PBX opens all ports to Internet.
Message 21 of 21
Discussion stats
  • 20 replies
  • 35628 views
  • 0 kudos
  • 5 in conversation
Announcements