Port forwarding & security level
eda1
Enthusiast - Level 3

 I've set up port forwarding for various services (mIRC, ftp, etc) on my Versalink gateway (Westell 327W router/modem). Ports are OK. Still, I can't access these when my firewall is set to "Typical Security" - I have to go down to Minimum for anything to get through. Is this the way it's supposed to work? I thought that port forwarding opened my selected ports in the firewall without compromising security otherwise. If I have to choose min. security, what's the point of port forwarding? Thanks for any feedback - ed

0 Likes
Re: Port forwarding & security level
viafax999
Community Leader
Community Leader

No that's not the way it's meant to work.  You should be able to leav the security as typical and port forwarding will work.

How did you set up the port forwarding rules?  at the protocols selection did you select user defined or a protocol e.g. FTP.  If the latter all you should need to do to complete it is to enter the IP address of your FTP server in the local host field.
0 Likes
Re: Port forwarding & security level
eda1
Enthusiast - Level 3

Yes, I've done it by the book for most services - just chose the one in question from the dropdown list. The resulting added services appear OK, with correct ports listed.

0 Likes
Re: Port forwarding & security level
viafax999
Community Leader
Community Leader

what does your port forwarding rule look like?

For FTP it should say TCPAny - > 21 and in the local host field abobe you should have something that looks like 192.168.1.x where x is a value that indicates the server

Did you look at your log on the router to see what it says?

0 Likes
Re: Port forwarding & security level
eda1
Enthusiast - Level 3

>>>

what does your port forwarding rule look like?

For FTP it should say TCPAny - > 21 and in the local host field abobe you should have something that looks like 192.168.1.x where x is a value that indicates the server

Did you look at your log on the router to see what it says?

<<<

The rules are fine; I've got TCP ->21 & ->20 ( I set up separate rules for outgoing & incoming FTP). I've got 192.168.1.47 . The logs allow the ports at minimum security; but at typical they don't even show the connection being attempted within a reasonable time. What I've found while messing around is that at min. security FTP & mIRC connections go fast, whiile at typical they do go, but excruciatingly slowly. FTP will finally do its thing, but of course mIRC times out before the firewall can catch up. ???

the rule

0 Likes
Re: Port forwarding & security level
viafax999
Community Leader
Community Leader

When you try accessing the server does anything odd show up in the security log under firewall settings?

0 Likes
Re: Port forwarding & security level
dslr595148
Community Leader
Community Leader

In the OPs thread with the same name in the DSL area, I answered the question about


@eda wrote:

What's the point of port forwarding?


--

Thread ID/Link:

http://forums.verizon.com/t5/High-Speed-Internet-DSL-and-Dial/port-forwarding-amp-security-level/td-...

0 Likes
Re: Port forwarding & security level
eda1
Enthusiast - Level 3

@viafax999 wrote:

When you try accessing the server does anything odd show up in the security log under firewall settings?


Thanks for the suggestion, and sorry for the late reply. The firewall sec.log shows nothing amiss. I have noticed a new thing, though: When I disable the Vista firewall, all services I've set up save one get through the 327W firewall fine. The exception is mIRC, whether it's set up as either Dynamic or as port forwarding. It sets up evidently correctly as UDP, global and local ports 6667. I conclude that the 327W is not the problem for most services, and will look into the mIRC problem & review the local firewall settings later. Does anyone have an opinion regarding relying on the 327W firewall alone?

0 Likes
Re: Port forwarding & security level
viafax999
Community Leader
Community Leader

you could just exclude those ports on the vista fw.

0 Likes
Re: Port forwarding & security level
eda1
Enthusiast - Level 3

@viafax999 wrote:

you could just exclude those ports on the vista fw.


I'm sorry, I don't understand. Why would excluding (=blocking?) a port work? If I uncheck mIRC, as I think you're suggesting, no connection is made. For the devil of it I did try to enable port 6667 as well as enabling mIRC, That didn't help, and nor did enabling either of these alone.

0 Likes