dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2215
share rss forum feed

hardstyler

join:2013-02-17
italy

set a web+ftp home server with netgear dgn2200 and USG 100

Hi all!

I want to public to the internet a web + ftp server, all running in the same machine that now is a performance pc, in the future will be a qnap nas ts-220. I don't need extreme performance so my ISP gives me only 12 Mb down and 0,8 Mb up. I will use the nas as download station, ftp server and a web server when I'll public a personal site.

this is the config:

-modem/router adsl2+ that connects to the internet. ISP gives me dynamic ip! it has 192.168.0.1 ip and I think it cannot be changed.
-a firewall hardware zyxel usg 100 with all active UTM services. it has default ip 192.168.1.1. the netgear in the "attached devices" see the zyxel as 192.168.0.2, the same ip zyxel says to the wan1 port.
-a pc or, in the future, a nas that now has automatically assigned ip 192.168.1.34.

I must use a free or paied service as dyndns or something else. If the solution to retrieve everytime the dynamic ip is to set the ddns only in the router/modem netgear then it can only use dyndns.org or .com or .it with the dns of the associated ddns service. For example: if I set a dyndns.it account in the netgear I must set also the dns provided by dyndns.it because if I set google dns or something else the service cannot work.

At the moment I tested only with a filezilla server running on the pc directly connected to the netgear, no zyxel in this test.
The config is:

netgear with ddns service provided by dyndns.it, activated with the username and password, in the wan I setup the dmz as 192.168.0.2, in the adsl settings setup the dyndns.it IPs. in the services of the netgear also provided a custom service with ports from 60000 to 60050 and created two rules one for outbound and one for inbound where I let data pass from the wan to the server in the lan 192.168.0.2.
filezilla running on the pc with windows 7 x64 with lan ip 192.168.0.2 mask 255.255.255.0 as th3 netgear and gateway of course the netgear 192.168.0.1. dns servers same as provided by dyndns.it. filezilla configured with only one anonym user without password for testing, default listening port is 60000, passive mode active with range 60000-60050 and for retrieving IP I set default, no Dyndns.it host cause it will not work.

So configured it works fine!

problem is when I connect the zyxel between the netgear and the server.

how change the default ip of zyxel? in configuration - ethernet - lan port is correct to set there the default and static ip to 192.168.0.3? there are many options! same as dmz you can set there the static ip and what ip?

also when you want to public a server zyxel don't say nothing about port-forwarding. it says only create two address objects one with ip of the netgear and one with the ip of the dmz port then create a rule in the firewall section where you set wan to dmz and destination and origin ip selecting the two address objects previously created then you are ok...no, really no! and the ip of the firewall rules in the netgear? which ip do you must set? 192.168.0.2? or 192.168.0.5 if you set it up in the dmz port of the zyxel? no, it is a conflict so you must set another ip.

could someone help me to set correctly the server to be visible in the internet with the netgear + zyxel usg 100?

much appreciated!!!


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
IF you have two routers then you get into double NAT. This makes it difficult to get servers working but not impossible.

Suggest is to see if the ADSL modem router can simply be a modem. In other words does it have a pass though or bridge mode where it passes the public IP its getting without any routing

In this way the USG will be acting as the only router and a much easier situation to deal with.

If not, then you will have to know how to enter in the modem router and configure it.

Before doing anything on the USG I would turn off all UTM services until the rest is setup properly.

Your configuration and description is very confusing.
You should use diagrams.

What is the netgear?? A switch, a router? is it before or after the USG?
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

hardstyler

join:2013-02-17
italy

1 edit
ISP that provides me dynamic IP --> netgear dgn2200 that is a modem router with firewall, nat and dhcp server activated --> Zyxel USG 100 that is a hardware firewall --> 2 PC (in the LAN ZONE) + NAS QNAP TS 121 (in the DMZ zone) that would like to host a website, a forum and webdav

for details of netgear dgn2200 modem router here: »www.downloads.netgear.com/files/···0_DS.pdf and »www.downloads.netgear.com/files/···eb11.pdf

-ISP provides me (to the netgear dgn2200) a dynamic ip

-netgear dgn2200 has ip default 192.168.0.1 and on a lan port I have connected the WAN port of the Zyxel USG 100, that port has 192.168.0.2 IP and so the netgear can see the zyxel because it has a menù that lists the "attached devices" and yes the netgear says that I have connected the Zyxel WAN port

-Zyxel USG 100 that have in:

WAN1 interface 192.168.0.2 connected the netgear

LAN1 interface (192.168.1.1) that is cabled with a powerline that serves 2 PC: 192.168.1.33/34 and both have static ip address on the OS (Windows 7 x64) and also in the Zyxel where I setup fix IP and fix MAC address for both PC and in zyxel lan1 interface is active the dhcp server but with a pool of only 2 IP).

DMZ interface (192.168.0.5) where is connected the NAS QNAP TS-121 with static ip 192.168.0.6 and gateway 192.168.0.5 and dns 192.168.0.5 and IP/MAC binding activate in the Zyxel for this nas 192.168.0.6

I want to public services hosted in the nas, what I must do?

Yesterday, after months of tests casually when I wrote in the browser the address of the nas that is provided by free ddns qnap service qnap cloud I was redirected immediately to the login of the netgear, obviously, because in that moment I have not setup any of the port forwarding rules for that services but after applied them it do not want to work and this time no netgear login webpage! I played too many with the zyxel so is possible some settings was not activated in that moment but after some minutes then the mistake could be for sure in some place in the zyxel but I have never found it so I need a guide to set it up and is for sure ok by someone that use it with success.

if I connect the nas directly to the netgear that has also upnp active (as the nas) all services work perfectly.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

1 edit
reply to hardstyler
You have to figure out if the netgear has a passthrough mode (acting as a modem only). That would be the best situation.
Modem
ADSL Firmware Version. The version of the firmware.
Modem Status. The connection status of the modem.
DownStream Connection Speed. The modem receives data from the DSL line at this speed.
UpStream Connection Speed. The modem transmits data to the DSL line at this speed.
VPI. The Virtual Path Identifier setting.
VCI. The Virtual Channel Identifier setting.

I could not find any mention of a pass through mode? :-(

Perhaps the best that can be done is use the DMZ zone in the netgear and put in the IP address assigned to the USG router. Everything will be forwarded to the USG.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to hardstyler
As already said, but the you need to put the Netgear into modem only (bridging) mode -> User Manual »www.downloads.netgear.com/files/···ug12.pdf page 99 Change Device mode -> modem only (you will loose internet connection and possibly access to the Netgear when you hit apply)
Once you do that terminate you ISP PPPoE connection on your USG. Create wan1_ppp interface use your ISP username/password (you will regain internet connection, you won't need access to the Netgear. It's possible to get access while in bridge mode but that's for another thread).

Once you have that all you need to setup is NAT -> Virtual server on USG for services you want to enable to internet (i.e. ftp).


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Drats I missed that page, good pickup.
I am wondering if he may have to create vlans for any of those thingamabobbers
VPI and VCI??


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
You didn't miss it. This is for manual for v3 (the OP did not specify what version he has). There are how--tos on internet for other versions to but it's through CLI.

As for VPI/VCI whatever is the modem using now. He's from Italy and I'm not sure what the telecom there is using (but the ISP can provide the info if it can't be read from the current settings).

hardstyler

join:2013-02-17
italy
reply to hardstyler
yes, i'm with you with the "bridge mode" cause solves in part the double nat problem.

My netgear is dgn2200 v1 and not v3 so it has not that option router/modem or modem only but I can workaround it by using modified firmware on netgear: anyone know the "modfs project" for some netgear devices? I use it so I'll give another try with modem only mode that can be activated by the modfs, that is a simple firmware extension in a usb drive connected to the device.

But in my case I don't know how the zyxel works if I set my dgn2200v1 with that modem only mode, I'm not really sure it is the same option in the v3 netgear device.

Nice idea setting up the ISP in one zyxel profile, I'll try that as soon as possible!!! thank you!

hardstyler

join:2013-02-17
italy
reply to hardstyler
finally done it, with new firmware released for the netgear and yes it has the modem only mode or bridge mode....

set up the wan1_ppp with pppoe and the isp credentials. now I can browse the internet with the usg through the netgear in modem mode only.

A question: I have only one isp but always in the past I need to activate the "enable default SNAT" and checked the "system default wan trunk", is it necessary for me? if not when I deactive cannot gain access to internet.

I do not need load balancing and I have not set up any rule in BWM....

another question: I set up a my personal certificate in the past and no problem. When I set up the isp configuration, wan1_ppp atc.... now every time I open the Mozilla Firefox browser I have a certificate popup that ask me to confirm that certificate and no way to accept it automatically...same thing if I close firefox and at the reopen....ask again. solutions?