Setup the FSG behind a Router - OpenFSG.pdf
(
220 KB
)
Pobierz
http://www.openfsg.com/index.php/Setup_the_FSG_behind_a_Router
24 captures
4 Nov 2006 - 26 May 2012
Go
FEB
MAY
JUN
26
2009
2012
2013
�½��
⍰
Log in
❎
f
�½��
Search
Page
Discussion
Read
View source View history
▾
About this capture
Go
Setup the FSG behind a Router
Setting up the FSG behind a router is a very common configuration. This configuration would be useful to you if you have a router that already has computers hooked up to it or
connected wirelessly.
Note:
Setting up the FSG without the second lan cable prevents computers connected to the router from accessing printers on the FSG:
USB Printer through the WAN
Contents
1 Connection Diagram
2 Connection with 1 or 2 cables
2.1 Connection without second lan cable
2.2 Connection with second lan cable
3 Software Settings
3.1 Router
3.1.1 Open Router Firewall
3.1.1.1 Option 1: DMZ
3.1.1.2 Option 2: Opening Ports at Router
3.1.1.3 Example: open port 21
3.2 FSG
3.2.1 WAN Config
3.2.2 LAN Config
3.2.3 DHCP Server
3.2.4 Services
Navigation
Main Page
Community portal
Current events
Recent changes
Random page
Help
Forum
Toolbox
What links here
Related changes
Special pages
Printable version
Permanent link
Connection Diagram
____________
Router
|
WAN port---|<-----> Outside Connection
|
LAN ports--|<----> Computer 1
|-|<----> Computer 2
|-|<------------------------>
|-|<------------------------>
|
|
Wireless
|< . . . > Laptop
------------
(DSL or Cable modem)
______________
|
FSG
|
|--WAN port | (this first cable is needed)
|--LAN port | (this second cable is optional)
|
|
| LAN ports--| <----> Computer 3
| LAN ports--| <----> Computer 4
--------------
Connection with 1 or 2 cables
You can connect Router to FSG with 1 or 2 cables.
The first cable (Router LAN port <---> FSG WAN port) is needed.
The second cable (Router LAN port <---> FSG LAN port) is optional.
Depending on if you use this second cable or not, diferent computers will have access to diferent places. Here is the explanation.
Connection without second lan cable
Using this configuration gives two levels of control and three levels of access:
access from "inside". For computer 3 none of the services need to be accessed through the WAN port.
access through the WAN port (FSG option).
access from the internet (Router option to open ports).
If you close access through the WAN port for a service, only computer 3 can access this service.
Opening access through the WAN port, but having no port on the router pointing to this service, gives the internal computers (computer 1, 2, and 3) access to this service, but not from
the internet.
Opening access through the WAN port of the FSG, opening a port on the router and redirecting it to the FSG on the service's port makes the service available to any computer on the
internet.
Note. I am not sure how this works in combination with a VPN. anyone?
Connection with second lan cable
access from "inside" means now all computers connected directly to the router and fsg-lan have full access to services at the fsg-lan ports
access from the internet (Router option to open ports: port forewarding) need enabled services at fsg-wan port.
Software Settings
Router
Make sure the DHCP range leaves some room for static IPs
Example:
Starting Address: 192.168.1.100 Max DHCP Users: 50
Open Router Firewall
Is ussual that the router has an internal firewall to block communication between external net (Internet) and the equipment connected to the router. Is a good idea to have this firewall
'on', but then you must do some sets to have the FSG running properly.
Option 1: DMZ
CAUTION :
DON'T USE THIS
DMZ
SOLUTION.
You can use this option to
make a test
only if you think you have a problem related to the firewall Router. But this solution leaves the FSG dangerously
nude
to the world.
If you want to use this option, get into Router configuration page, enable the
DMZ,
and add the address of the FSG to the
DMZ
list:
i.e.:'
Public IP address:
your public IP
Client PC IP address:
192.168.1.2
Option 2: Opening Ports at Router
The good solution is to open to the adress that FSG has, the necessary "doors" (and only the necessary "doors")in that firewall for the services that you want to be 'seen' from the
outside. These "doors" are TCP and UDP ports. Here is a list of ports that are used typically for each service:
CIFS (Samba)
TCP 139 and TCP 445
UDP 135, 137 and 138
FTP --> TCP 21
SSH --> TCP 22
web
(http) --> TCP 80
(https) --> TCP 443
FSG info page--> TCP 8080
email
(POP3) --> TCP 110
(SMTP) --> TCP 25
(IMAP4) --> TCP 143
VPN server:
PPTP --> TCP 1723
L2TP --> UDP 1701
L2TP and IPSec --> UDP 500
SQL server --> TCP 3306
Subversion --> 3690
Torrent client of FSG --> TCP 2706.
REMEMBER: open only the ports you know you need to use.
Hackers are all aroud..!
Example: open port 21
This is the configuration you need to change on a 3Com Router: Get into the Router configuration page. Then, in the option
Firewall/Virtual Server
add the next:
Lan IP Adress
192.168.1.2
| Protocol Type |
|
TCP
|
Lan Port | Public Port
21
|
21
|
|
Enable
Enable
FSG
WAN Config
Set the following options on the Page
Connection Type:
"fixed ip address *"
IP address:
192.168.1.2 (Something not in the DHCP range of the above router)
Subnetwork Mask:
255.255.255.0
Default Gateway:
192.168.1.1 (IP Adresss of the above router)
DNS Servers:
192.168.1.1 (Same as the Default Gateway)
Note: If your firmware version is less than 3.1.29 you will need to update it first, otherwise you will receive a message: 'Error: Cannot write configuration file'.
LAN Config
Set the following options on the Page
IP Address:
192.168.2.1 (Something with at least one of the middle two numbers different than the above routers IP address)
Subnet Mask:
255.255.255.0
Remark that all computers using one of the LAN ports of the FSG must have an IP address in the subnet of the LAN config. In the above example the IP address must start with
192.168.2. If the subnet mask was 255.255.0.0 it was sufficient to start with 192.168.
If the IP address is not part of the subnet as specified, some or all functions will not work.
DHCP Server
Set the following options on the Page
Start DHCP Server:
checked
Gateway:
192.168.2.1 (Same as the IP Address on the LAN config page)
DNS Server:
192.168.1.1 (Same as DNS Server on the WAN config page)
Subnetwork Mask:
255.255.255.0
IP Address Range:
192.168.2.100 - 192.168.2.200
Services
Check the "Open XX through the WAN" for each of the services you want to be able to access via any computer connected to the above Router. You'll probably want "Windows File
Sharing (CIFS/SMB)" open on the WAN at the very least.
Note:
If you want to access the Configuration pages via any of the computers connected to the router, you'll have to check "Access for configuration pages from the outside." on the
HTTP service config page.
Category: HowTos
This page was last modified on 10 September 2011, at 13:27.
This page has been accessed 30,785 times.
Privacy policy About OpenFSG Disclaimers
Plik z chomika:
kwahoo
Inne pliki z tego folderu:
update-4.4.5.bin
(20739 KB)
180px-FSG_UART-Connectors.jpg
(8 KB)
Downloads - OpenFSG.pdf
(207 KB)
FSG_front_page_howto.pdf
(116 KB)
HowTo_Userless_folder.pdf
(198 KB)
Inne foldery tego chomika:
Dell Axim X50
GocleverTabR721_nandroid
HP_2520-24G-PoE_Switch-J9299A
MXQ_S805-AndroidTV
Zgłoś jeśli
naruszono regulamin