D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: trold1964 on January 08, 2010, 05:57:18 AM

Title: How do I get my server to run on the DMZ port on my DFL-210
Post by: trold1964 on January 08, 2010, 05:57:18 AM

Hello

I can not get my server to run on the DMZ port

Server is SME Server
I have before had it work when I had a Router Dlink DIR-685 and can also get to work when I run it on DFL-210 LAN port but would like it to run on the DMZ port.

Server setup

I run the server only
Server IP 172.17.0.10
 Server gw 172.17.0.1

DFL-210 setup

dmz_ip    172.17.0.1         IPAddress of interface dmz
dmznet    172.17.0.0/24  The network on interface dmz

server_ip 172.17.0.10

lan_ip    192.168.1.1        IPAddress of interface lan
lannet    192.168.1.0/24 The network on interface lan
     
wan_br    0.0.0.0              Broadcast address for interface wan.
wan_dns1  0.0.0.0           Primary DNS server for interface wan.
wan_dns2  0.0.0.0           Secondary DNS server for interface wan.
wan_gw    0.0.0.0            Default gateway for interface wan.
wan_ip    0.0.0.0             IPAddress of interface wan
wannet    0.0.0.0/0

I think I need to do IP Rules

wan_to_dmz
dmz_to_wan

for local
lan_to DMZ
dmz_to_lan

I need ssh access to server both locally and remote

If I could get an example of something I would even be able to access the others I need.

Hope to get some help.

Title: Re: How do I get my server to run on the DMZ port on my DFL-210
Post by: Fatman on January 08, 2010, 08:46:24 AM

sounds like you have your head on straight, for your IP rules see below.

wan_to_dmz - See the basic port forward FAQ, this is no different than normal.
dmz_to_wan - copy the lan_to_wan folder for immediate success.

on your local rules I am going to write something that just does wide open routing, and you can make it secure later.

lan_to DMZ - Source: LAN / LAN_Net Destination: DMZ / DMZ_Net Service: all-services Action: Allow
dmz_to_lan - Source: DMZ / DMZ_Net Destination: LAN / LAN_Net Service: all-services Action: Allow

Title: Re: How do I get my server to run on the DMZ port on my DFL-210
Post by: trold1964 on January 09, 2010, 09:06:22 PM

Hey Fatman

I have done as you wrote.
I can go to a local server https://172.17.0.10/server-manager
Server now has network access

Problem
I can not go into the server locally with SmartFTP Client SFTP over SSH or PuTTY SSH
I have touched on my server and give me remote access to (my server is with me)
I can not create a network folder on my computer to server

In Services I have made a Service Group called smeserver Selected ssh and ssh-in
It is meaningful to me later in Group smeserver bring forward all the port I should use.

In IP Rules lan_to_dmz
Name: ssh
Action: SAT
Services: smeserver

Source Destination
LAN DMZ
all-nets dmznet

General SAT
Destination IP 172.17.0.10 (name smeserver = 172.17.0.10)

Name: ssh
Action: SAT
Services: smeserver

Source Destination
LAN DMZ
all-nets dmznet

The same I have done with dmz_to_lan
Source Destination
DMZ LAN
dmznet all-nets


I just can not access the two programs SmartFTP Client SFTP over SSH or PuTTY SSH

Title: Re: How do I get my server to run on the DMZ port on my DFL-210
Post by: Fatman on January 12, 2010, 09:43:24 AM

The allow all rules are better suited to this than your more specific rules for the time being.  Please remove your more specific rules.

Now, when you are testing SSH, what addresses are you using as your destination?  Do you have your LAN interface listed in the source field of your port forward if you are using your WAN IP during testing?