D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: nienberg on January 16, 2010, 09:45:32 PM

Title: Feature Request for Guest Zone
Post by: nienberg on January 16, 2010, 09:45:32 PM

I purchased a DIR-655 because of the Guest wireless feature.  I need to allow guest wireless internet access without allowing access to the wired network.  It works fine except for one important problem.  Users of the Guest wireless cannot access virtual servers hosted on the router.  In other words, my guest users cannot access the public WAN address of my router, even though any other user on the internet can.

I went back and forth with tech support about this but I don't think I succeeded in convincing them that this is a firmware bug.  Finally I submitted it as a Feature Request and they suggested also posting it here.  So here it is in a nutshell:

Allow users on the DIR-655 Guest wireless to connect to the public WAN address of the router.  Currently this is blocked, even though the public WAN address is freely open to anyone from the internet.  This means that Guest wireless users cannot access the router's own Virtual Servers.  The Primary wireless does not have this restriction.

Thanks,
Mark

Title: Re: Feature Request for Guest Zone
Post by: lizzi555 on January 17, 2010, 01:47:26 AM

This is because DIR uses VLANs to restrict access of the guest network to the home network.

As a request from your guest network to a virtual server in your home network does not leave the router (the guest VLAN tries to reach an address of your home VLAN), it is forbidden.

This is the so called NAT loopback if you try to reach your own WAN IP.

Title: Re: Feature Request for Guest Zone
Post by: EddieZ on January 17, 2010, 08:48:52 AM

Yep, that's correct, a second VLAN is used for guest access. Would be a bit contradictory if allowing access this way was allowed (U-turn). So no firmware bug.

Title: Re: Feature Request for Guest Zone
Post by: nienberg on January 17, 2010, 08:56:43 AM

I don't see the contradiction, since the Virtual servers are accessible to the public internet.

But anyway, since I don't need the primary wireless, would it be possible to use it instead of the Guest wireless, but block access to all machines on the local wired network, with the exception of the ones hosting public services?

Thanks,

Title: Re: Feature Request for Guest Zone
Post by: EddieZ on January 17, 2010, 02:05:02 PM

Yes, but internally they still redirect to internal IP's by the router. If access would be granted, this would be a severe security issue. Maybe higher class routers will llet you configure this.
And when you set your access permissions on the LAN devices no one wil have access to the actual systems/files. Unless someone tries some brute force password cracking.

Title: Re: Feature Request for Guest Zone
Post by: nienberg on January 17, 2010, 05:28:03 PM

Guess I need to go router shopping again.  I wish the D-link literature describing the Guest wireless feature had explained this limitation.

Thanks for your help,
Mark

Title: Re: Feature Request for Guest Zone
Post by: EddieZ on January 18, 2010, 10:32:56 AM

teh book describing all tech details is about the size of a phonebook. Before you buy another router, check the brands forum or tech helpdesk first. Good luck.