Home » Netgear Manuals » Network Security & Firewall Devices » Netgear FVS318N » Manual Viewer

Netgear FVS318N FVS318 Reference Manual - Page 52

Enabling Access to Local Servers Through a FVS318, How to Con Port Forwarding to Local Servers

Add to My Manuals
Save this manual to your list of manuals

Page 52 highlights

Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Incoming traffic from the Internet is normally discarded by the Firewall unless the traffic is a response to one of your local computers or a service that you have configured in the Ports menu. Instead of discarding this traffic, you can have it forwarded to one computer on your network. This computer is called the Default DMZ Server. To assign a computer or server to be a Default DMZ server: 1. Click Default DMZ Server. 2. Type the IP address for that server. 3. Click Apply. Enabling Access to Local Servers Through a FVS318 Although the Firewall causes your entire local network to appear as a single machine to the Internet, you can make local servers for different services (for example, FTP or HTTP) visible and available to the Internet. This is done using the Ports menu. When a remote computer on the Internet wants to access a service at your IP address, the requested service is identified by a port number in the incoming IP packets. For example, a packet that is sent to the external IP address of your Firewall and destined for port number 80 is an HTTP (Web server) request. Many service port numbers are already defined in a Services list in the Ports menu, although you are not limited to these choices. See IETF RFC1700, "Assigned Numbers," for port numbers for common protocols. Use the Ports menu to configure the Firewall to forward incoming traffic to IP addresses on your local network based on the port number. Note: Some residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to the Acceptable Use Policy of your ISP. Remember that port forwarding opens holes in your firewall. Only enable those ports that are necessary for your network. How to Configure Port Forwarding to Local Servers 1. Log in to the Firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the Firewall. 5-2 Advanced WAN and LAN Configuration M-10146-01

Section	Page
Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall	1
Contents	5
Chapter 1 About This Manual	13
Audience	13
Scope	13
Typographical Conventions	14
Special Message Formats	14
How to Use the HTML Version of this Manual	15
How to Print this Manual	16
Chapter 2 Introduction	17
About the FVS318	17
Key Features	17
Virtual Private Networking (VPN)	17
A Powerful, True Firewall	18
Content Filtering	18
Configurable Auto Uplink™ Ethernet Connection	18
Protocol Support	19
Easy Installation and Management	20
What’s in the Box?	21
The Firewall’s Front Panel	21
The Firewall’s Rear Panel	22
Chapter 3 Connecting the Firewall to the Internet	23
What You Will Need Before You Begin	23
LAN Hardware Requirements	23
Computer Requirements	23
Cable or DSL Modem Requirement	23
LAN Configuration Requirements	24
Internet Configuration Requirements	24
Where Do I Get the Internet Configuration Parameters?	24
Worksheet for Recording Your Internet Connection Information	25
How to Connect the FVS318 VPN Firewall	26
Wizard-Detected PPPoE Option	31
Wizard-Detected Dynamic IP Option	32
Wizard-Detected Fixed IP (Static) Option	33
Testing Your Internet Connection	34
How to Manually Configure Your Internet Connection	35
Chapter 4 Protecting Your Network	39
Protecting Access to Your FVS318 VPN Firewall	39
How to Change the Built-In Password	39
How to Change the Administrator Login Timeout	40
Using Basic Firewall Services	40
How to Block Keywords and Sites	41
How to Block or Allow Services	43
How to Add to the List of Services	45
Setting Times and Scheduling Firewall Services	48
How to Set Your Time Zone	48
How to Schedule Firewall Services	49
Chapter 5 Advanced WAN and LAN Configuration	51
Configuring Advanced WAN Settings	51
Setting Up A Default DMZ Server	51
Enabling Access to Local Servers Through a FVS318	52
How to Configure Port Forwarding to Local Servers	52
Respond to Ping on Internet WAN Port	53
How to Support Internet Services, Applications, or Games	53
How to Clear a Port Assignment	54
Local Web and FTP Server Example	54
How to Set Up Computers for Half Life, KALI or Quake III	54
Working with LAN IP Settings	55
What Does UPnP Support Do for Me?	55
How to Enable UPnP	56
Understanding LAN TCP/IP Setup Parameters	57
Setting the MTU Size	58
Using the Router as a DHCP Server	58
How to Specify Reserved IP Addresses	59
How to Configure LAN TCP/IP Settings	60
How to Configure Dynamic DNS	61
Using Static Routes	62
Static Route Example	62
How to Configure Static Routes	63
Chapter 6 Virtual Private Networking	65
Overview of VPN Configuration	65
Understanding How FVS318 VPN Tunnels Are Configured	66
Configuring VPN Network Connection Parameters	67
Configuring a SA Using IKE Main Mode	69
Configuring a SA Using IKE Aggressive Mode	70
Configuring a SA Using Manual Key Management	71
Planning a VPN	73
How to Configure a Network to Network VPN Tunnel	75
How to Configure a Remote PC to Network VPN	80
Monitoring the PC VPN Connection Using SafeNet Tools	90
How to Configure Manual Keys as an Alternative to IKE	92
How to Delete a Security Association	94
Blank VPN Tunnel Configuration Worksheets	95
Chapter 7 Managing Your Network	97
Network Management Information	97
Viewing Router Status and Usage Statistics	97
Viewing Attached Devices	100
Viewing, Selecting, and Saving Logged Information	101
Selecting What Information to Log	102
Saving Log Files on a Server	103
Examples of log messages	103
Activation and Administration	103
Dropped Packets	103
Enabling Security Event E-mail Notification	104
Backing Up, Restoring, or Erasing Your Settings	105
How to Back Up the Configuration to a File	105
How to Restore a Configuration from a File	106
How to Erase the Configuration	107
Running Diagnostic Utilities and Rebooting the Router	107
How to Enable Remote Management	108
How to Upgrade the Router’s Firmware	109
Chapter 8 Troubleshooting	111
Basic Functions	111
Power LED Not On	112
Test LED Never Turns On or Test LED Stays On	112
Local or Internet Port Link LEDs Not On	112
Troubleshooting the Web Configuration Interface	113
Troubleshooting the ISP Connection	114
Troubleshooting a TCP/IP Network Using a Ping Utility	115
Testing the LAN Path to Your Firewall	116
Testing the Path from Your PC to a Remote Device	116
Restoring the Default Configuration and Password	117
Problems with Date and Time	118
Appendix A Technical Specifications	119
Technical Specifications	119
Appendix B Networks, Routing, and Firewall Basics	121
Related Publications	121
Basic Router Concepts	121
What is a Router?	121
Routing Information Protocol	122
IP Addresses and the Internet	122
Netmask	124
Subnet Addressing	124
Private IP Addresses	127
Single IP Address Operation Using NAT	128
MAC Addresses and Address Resolution Protocol	129
Related Documents	129
Domain Name Server	129
IP Configuration by DHCP	130
Internet Security and Firewalls	130
What is a Firewall?	131
Stateful Packet Inspection	131
Denial of Service Attack	131
Ethernet Cabling	131
Category 5 Cable Quality	132
Inside Twisted Pair Cables	133
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	134
Appendix C Preparing Your Network	137
Preparing Your Computers for TCP/IP Networking	137
Configuring Windows 95, 98, and Me for TCP/IP Networking	138
Install or Verify Windows Networking Components	138
Enabling DHCP to Automatically Configure TCP/IP Settings	140
Selecting Windows’ Internet Access Method	142
Verifying TCP/IP Properties	142
Configuring Windows NT4, 2000 or XP for IP Networking	143
Install or Verify Windows Networking Components	143
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4	144
DHCP Configuration of TCP/IP in Windows XP	144
DHCP Configuration of TCP/IP in Windows 2000	146
DHCP Configuration of TCP/IP in Windows NT4	149
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	150
Configuring the Macintosh for TCP/IP Networking	151
MacOS 8.6 or 9.x	151
MacOS X	152
Verifying TCP/IP Properties for Macintosh Computers	153
Verifying the Readiness of Your Internet Account	154
Are Login Protocols Used?	154
What Is Your Configuration Information?	154
Obtaining ISP Configuration Information for Windows Computers	155
Obtaining ISP Configuration Information for Macintosh Computers	156
Restarting the Network	157
Appendix D Virtual Private Networking	159
What is a VPN?	159
What Is IPSec and How Does It Work?	160
IPSec Security Features	160
IPSec Components	160
Encapsulating Security Payload (ESP)	161
Authentication Header (AH)	162
IKE Security Association	162
Mode	163
Key Management	164
Understand the Process Before You Begin	164
VPN Process Overview	165
Network Interfaces and Addresses	165
Interface Addressing	165
Firewalls	166
Setting Up a VPN Tunnel Between Gateways	166
VPNC IKE Security Parameters	168
VPNC IKE Phase I Parameters	168
VPNC IKE Phase II Parameters	169
Testing and Troubleshooting	169
Additional Reading	169
Appendix E NETGEAR VPN Configuration of FVS318 or FVM318 to FVL328	171
Configuration Profile	171
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	172
Step-By-Step Configuration of FVL328 Gateway B	175
Test the VPN Connection	179
Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to Cisco IOS	181
Configuration Profile	181
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	182
Step-By-Step Configuration of Cisco IOS Gateway B	185
Test the VPN Connection	188
Appendix G NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328	191
Configuration Profile	191
The Use of a Fully Qualified Domain Name (FQDN)	192
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	193
Step-By-Step Configuration of FVL328 Gateway B	197
Test the VPN Connection	202
Glossary	203
Numeric	203
A	203
B	204
C	205
D	206
E	207
F	207
G	208
H	208
I	208
L	210
M	210
N	211
O	212
P	212
Q	214
R	214
S	214
T	215
U	215
V	216
W	216

Match case Limit results 1 per page

Reference Manual for the Model FVS318 Broadband

ProSafe VPN Firewall

5-2

Advanced WAN and LAN Configuration

M-10146-01

Incoming traffic from the Internet is normally discarded by the Firewall unless the traffic is a

response to one of your local computers or a service that you have configured in the Ports menu.

Instead of discarding this traffic, you can have it forwarded to one computer on your network. This

computer is called the Default DMZ Server.

To assign a computer or server to be a Default DMZ server:

Click Default DMZ Server.

Type the IP address for that server.

Click Apply.

Enabling Access to Local Servers Through a FVS318

Although the Firewall causes your entire local network to appear as a single machine to the

Internet, you can make local servers for different services (for example, FTP or HTTP) visible and

available to the Internet. This is done using the Ports menu.

When a remote computer on the Internet wants to access a service at your IP address, the requested

service is identified by a port number in the incoming IP packets. For example, a packet that is sent

to the external IP address of your Firewall and destined for port number 80 is an HTTP (Web

server) request. Many service port numbers are already defined in a Services list in the Ports menu,

although you are not limited to these choices. See IETF RFC1700, “Assigned Numbers,” for port

numbers for common protocols. Use the Ports menu to configure the Firewall to forward incoming

traffic to IP addresses on your local network based on the port number.

Remember that port forwarding opens holes in your firewall. Only enable those ports that are

necessary for your network.

How to Configure Port Forwarding to Local Servers

http://192.168.0.1

with its default User

Name of

admin

, default password of

password

, or using whatever User Name, Password and

LAN address you have chosen for the Firewall.

Note:

Some residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may periodically

check for servers and may suspend your account if it discovers any active services at

your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.