Router to Router (bridging or routing)

[msgm]

I have a linksys DSL router (BEFSR11). It works just fine EXCEPT it only allows a maximum of 10 ports forwarded to local servers. I called netgear...same thing-10max- SMC has one that does 20 but essentially it's 10 bcuz, unlike netgear where you can use a single line to fwd both TCP & UDP packets, SMC allows 1 protocol per port forwarded. What a dilemma. So I have a flowpoint 2200 router. I am thinking of one of several things
1. could I incorporate that in to my network, fwd all ports to the FLowpoint from the Linksys and then use the Flowpoint to fwd to my local servers. Has anyone done this or has any ideas if it's feasible?

2. bridge linksys and the Flowpoint but use the flowpoint as my gateway and have unlimited ports forwarded. Any ideas if this is possible and how to accomplish?

3. router to router using the flowpoint as my gateway. Any ideas if feasible and how to accomplish?

OR if anyone knows a SOHO ADSL router (PPPOE) that has no limit to the number of ports fwd to local servers.

Thanks for your assistance.

[V_LESTAT]

no,
this is gunna sound really whacky but ill be honest i run 2 different set ups, one running a router and another running 2 nics and XP firewall, running thru a hub.
guess which one has unlimited port forwarding and better protection?
XP firewall you guessed. man im telling you, i have had SO MUCH more luck, and better security than i ever did with the router.

think about it, you might like it if you set it up and run it for a few days.
i was VERY reluctant to try the xp firewall, but thru tests dont by myself and a networking nut friend of mine, xp firewall is one of the best damn firewall ive seen yet. and it aint eating up recources either.
i know ill get alot of flack for that. but, give it a try you might like it.

*in case you didnt know you run the 2nd nic to your hub along with the other pc's(except the first nic) and the the cable or dsl modem to the first nic, enable ICS and the firewall on the 1st nic and everything on your network is behind the firewall. the firewall allows you to designate unlimited ports for any computer on your network. while keeping your internal network available to all pc's internally.

ive tested my router with a port "watcher" and it allows sooo many ports thru that it is supposed to be blocking. mainly a few ports that are KNOWN SUB7 trojan ports.
xp's not stealth but just about as close as your gunna get when you close it all up tight. meaning no port intrusions, no ping, no nothing.

[msgm]

I do not have or use XP. I think Win2K has the same firewall or control over ports and protocols that XP has. I have never had to use it but perhaps I should give it a try. Thanks for your info. I never thought about a non-router solution.

[YeOldeStonecat]

2K doesn't have the same firewall, but lets re-examine the router approach. First...what ports are you trying to forward...for what apps? Can look at forwarding "ranges" of ports.

[msgm]

here is an example...

20,21 - ftp server
25 - smtp server
110 - pop3 server
7100, 1677 - groupwise
5631,5631 - PCAnywhere
80 - web
81 - web
another 8 (cant remember the ports) - Netware 6
multimedia streaming server - several more
Antivirus server - PDS port, RTVSCAN ports (at least 2)
Fax server - at least 1 or 2

all are separate PCs

the linksys router is out as a solution.. using XP seems like a solution, but I'm sure there's an easy way to use the 2 routers.

[V_LESTAT]

msgm -

20,21 - ftp server - yeah need to forward
25 - smtp server - no need to forward, router or firewall will automatically let it thru as far as i know. :\
110 - pop3 server - same here, no forward needed
7100, 1677 - groupwise - group wise, hhmm have no idea what it is, but those are non standard ports so yeah forward them
5631,5631 - PCAnywhere - pc anywhere imho - its junk causes too many windows crashes.
80 - web - no need to forward
81 - web - no need to forward
another 8 (cant remember the ports) - Netware 6 - wow why are you running novel ? imho its another garbage networking protocal. any novel tech who has worked with other networks will tell you the same
multimedia streaming server - several more - yeah need to forward those
Antivirus server - PDS port, RTVSCAN ports (at least 2) - same there
Fax server - at least 1 or 2 and fax.. hhmm i would say forward but cant say, if your using standard fax ports im not sure if firewall/router will allow those thru if they arent forwarded.


over all a router is a nice easy hardware solution to the always buggy and recourse using firewalls. plug your systems in, let dhcp take over, and your in.
alot of routers have virtual server set-ups. when you run out of ports this will allow you to designate what IP and what pot, all it is is port forwarding but designated to a particular IP in the network.

since your not using XP, im not sure which firewall to use, ive used and liked Norton firewall, a bit of a recource user but not much.
another one which follows suit with its name is Tiny Personnal firewall, its very lean and ive used it also. its a nice little firewall. and has recieved very high marks in the security and ease of use department. i believe its still free also but may have a pro version with added features that you pay for.

[YeOldeStonecat]

OK, first....you only need to open/forward ports if you want to run services that people can get to from the public.

NAT routers will let all traffic OUT that originates from within..since it's from a trusted source. You don't need to open/foreward ports for stuff like Anti-virus, if you don't know what Groupwise even is..why are you going to open ports?

FTP...sure, forward port 21
Web...only if you're running a web server that you wish the public to gain access to.
PcAnywhere...love that program, have hundreds of installations running (I manage many networks/clients with it), dunno why VLestat keeps getting crashes, but oh well, you only need to forward ports if you want to access a machine on your network from out on the internet somewhere. And BTW the default ports are 5631 and 5632. But what you do, is simply do a range..therefore only using one line, not two, on your routers port forwarding....so set range 5631-5632.
Fax Server ???

I think you need to take a look at what you're doing first....remember, just about all applications work from within your network with opening any ports on your router. You don't need to open up port 80 for your LAN to surf the web, or for your FTP client to work from your LAN, or for PcAnywhere to work from your LAN.

You're making things way more complicated than they need to be.

[msgm]

YeOleStoneCat,
thanks for your advice. I'm not acting weird or being smart when I say that...I know what I'm doing as far as ports that need to be opened..etc (PCA 5631,5631 was a typo...and I use it to manage all my clients remotely with no freezing also..I can not imagine why the other member has that problem).. these services are needed from the WAN side which is the only reason to open ports. I've not ever had to deal with insufficient port forwarding ever because Netopia, Cisco and Flowpoint do not have a 10 port limit. So far, dumping the router and trying the XP as the router/firewall solution seems like a possibility..that means I'll have to buy XP..didn't ever plan to buy it... I was hoping that (since I have a couple of Flowpoint routers already) there would be some way to add the Flowpoint to my LAN and use it to foward ports since no limit exists (not 10...possibly 256..not that I'd need that many) I can not use the FlowPoint outright because it's SDSL equipment but I'm sure there's some way to plug it in my LAN and use its feature. I just don't know how and was hoping that someone here had done something similar or had some ideas on it.

[V_LESTAT]

p;d cat,
i never said i get crashes i wouldnt use that hunk of junk pc anywhere if i ahd to, ive done enough tech calls on it though. and for me when installing a network program that can and has in the past fried VIDEO drivers, its junk. yeah video drivers and if you have used it the way you say you do, then you know exactly what problem im talking about with pc anywhere.

ok i do disagree 110% about what yousaid with NAT routers , NAT routers in no way shape or form allow access to everything that requests or is using an outgoing port. what msg is talking about is installing programs that need specific ports, and there is no way around it, you HAVE to forward those ports. once the port is forwarded, then its clear, but NAT does not dictate an outgoing request opens the port, YES I KNOW it does for certain things, but ftp weg server novell, and the other things he listed, he MUST forward those ports or the router will block them.
now i only speak from experience, and but my experience has not included $1000 major network routers. but still i would imaging they work the same.

[YeOldeStonecat]

Originally posted by V_LESTAT
p;d cat,
i never said i get crashes i wouldnt use that hunk of junk pc anywhere if i ahd to, ive done enough tech calls on it though. and for me when installing a network program that can and has in the past fried VIDEO drivers, its junk. yeah video drivers and if you have used it the way you say you do, then you know exactly what problem im talking about with pc anywhere.

Haven't seen issues with PCA and video drivers since back in the Windows 95 days with ATI Mach64 vid cards. I've been putting PcAnywhere on since version 5.0....that's the DOS version. The number of PcAnywhere installations I've done it realistically in the thousands...my prior job it went of every network I setup and shipped. If you have that many crashes, then your computers have deeper issues. Maybe it's just be, I try to keep my clients computers somewhat healthy and up to date with windows updates and drivers...so I don't see as many issues as others would on screwy computers.

"and if you have used it the way you say you do"

"ok i do disagree 110% about what yousaid with NAT routers "

I'm sure you do because you didn't understand what I said about NAT...or how it works.
Any request made internally is let out...because it's from a trusted source. NAT is in a way just a dumb firewall...it's not blocking outward traffic. I'm not saying ports are open and held open because of internal requests. A web browser wants to work on port 80...that doesn't mean port 80 is held open. My point was he doesn't have to open/forward port 80 for any computer on the network to go out and surf the web. Just like PcAnywhere...I wanted to be sure he wasn't thinking that running a PcA remote client behind the router would need ports 5631/5632 open...because again..the NAT will let any traffic out. It's only host mode that you need accessible from the public side that you need to open/forward ports to. What made me think he was thinking this way, was mentioning of anti-virus ports, fax server ports, etc. I got the impression he was looking at every possible port use of all software on this network, and thinking it needed to be opened/forwarded.

msgm....Netopia..there ya go. Had an R910 for quite a while...one awesome router! Realize that home market routers are designed for the average home and SOHO user....think about what they're marketed for. If you need "that many" ports open/forwarded...then you should step up to a more full blown SOHO or commercial grade router...(you already mention Netopia).

You list:
20,21 - ftp server
25 - smtp server
110 - pop3 server
7100, 1677 - groupwise
5631,5631 - PCAnywhere
80 - web
81 - web
another 8 (cant remember the ports) - Netware 6
multimedia streaming server - several more
Antivirus server - PDS port, RTVSCAN ports (at least 2)
Fax server - at least 1 or 2

OK, I'm assuming you are runnin FTP server, and a mail server. But what mail server are you running?
Groupwise...I don't really deal with Novell, but that's a collaboration and support package.
Anti-virus and fax....I'm not seeing how those ports need to be opened/forwarded and accessible from the public side...those two really throw me off.

Also, taking a look at the sum of all the services listed above...(notably mail server, Groupwise, multimedia streaming)....I'd gather that's a rather large setup, and ponder why a Linksys router is in the mix...I'd say the Linksys (as much as I like the little guys for....their intended market) is in over it's head...time to step up and put a more robust router in there..start looking at Cisco, Netopia, Sonicwall, etc.

[msgm]

Seems as though a more advanced router is the way to go. Thanks guys for all your contribution.

[YeOldeStonecat]

What is the setup? Company network? Never really got the details of what this network is.

[msgm]

It's my own company's network. Whatever I run for clients..I run on my servers.

[V_LESTAT]

StoneCat -

now you explained yourself.

you initial statement of "NAT routers will let all traffic OUT that originates from within..since it's from a trusted source. You don't need to open/foreward ports for stuff like Anti-virus, if you don't know what Groupwise even is..why are you going to open ports?"

made it appear to someone who didnt know any better that NAT would allow anything outgoing to recieve an incoming answer or request. i know it says OUT, but to read it it also appears that you were also implying that an incoming request or reply to those programs would also be recieved.

just didnt want msgm to think that was the case, thats all.