D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: ipe on March 24, 2010, 08:12:43 PM

Title: Can we have 2 lan net in DFL210
Post by: ipe on March 24, 2010, 08:12:43 PM

One more question .. is there a way or posibilities that we can add another lan network in DFL 210

Title: Re: Can we have 2 lan net in DFL210
Post by: danilovav on March 24, 2010, 09:25:06 PM

1. Objects > Address book > InterfaceAddresses, add
lan_2_ip - new DFL's IP address (ex, 192.168.2.1)
lan_2_net - new net (ex, 192.168.2.0/24)

2. Interfaces > ARP
Add ARP publish on LAN interface with lan_2_ip

3. Routing > Routing tables > main, add routes
lan_2_ip core 0
lan_2_net lan 0

So, now DFL knows new IP address and network.

4. Objects > Address book > InterfaceAddresses
Add group lan_nets = lan_net + lan_2_net


If you want to allow traffic between your netorks, add rule
Allow lan/lan_nets lan/lan_nets all_services


If you want allow accessing to Internet for new networ, change lan_to_wan rules - replace lan_net in source network to lan_nets.

Title: Re: Can we have 2 lan net in DFL210
Post by: ipe on March 24, 2010, 11:43:43 PM

Thanks Sir danilovav for the help .. it did  solve my prob ..  but one more que...  we have pc which is under a firewall client.. the firewall is blocking her internet connection ... please need your help...

Title: Re: Can we have 2 lan net in DFL210
Post by: danilovav on March 25, 2010, 07:48:15 AM

PC - inside your network or outside?

Title: Re: Can we have 2 lan net in DFL210
Post by: ipe on March 25, 2010, 04:42:20 PM

Its inside Sir

Title: Re: Can we have 2 lan net in DFL210
Post by: danilovav on March 26, 2010, 12:19:19 AM

Please describe more detail...

Title: Re: Can we have 2 lan net in DFL210
Post by: icepickuk on April 26, 2010, 07:11:52 AM

Hi there

I've tried to follow this setup for my DFL 800 but without luck.

- Created test_ip (192.168.5.1); created test_lan (192.168.5.0/24) in the interfaceaddresses.
- I've added the ARP to publish the 2nd IP of 192.168.5.1 on LAN interface for the DFL (do I need to specify MAC or leave it default?)
- I've created the routing entries:
iface: core; network:test_ip; G/w:none; Local IP Address:none; Metric:0
iface: lan; network:test_net; g/w:none; local IP Address:none; Metric:0

-Created grp_test_nets = lan_net+test_net

I've added a rule to allow traffic between networks
Allow lan/grp_test_nets lan/grp_test_nets all services

I'm not sure if I have an issue with the Routes and/or Rules, but I can:
ping from 192.168.0.5 (test pc) -> 192.168.5.1 & 192.168.5.3 (test pc)
ping from192.168.5.3 -> 192.168.0.5 fails.

Any suggestions would be greatly appreciated.

Title: Re: Can we have 2 lan net in DFL210
Post by: Fatman on April 26, 2010, 08:29:30 AM

Routes which need to egress the DFL should never have a metric of 0, match the metric on your test_net route to the metric on your existing  lan_net route (prolly 100).

Title: Re: Can we have 2 lan net in DFL210
Post by: icepickuk on April 26, 2010, 09:10:42 AM

Woops should've recognised that.

Changed the test_net route metric to 100 to match the lan_net route. 
Unfortunately still not having luck with traffic from the 5.x subnet back to the 0.x.

I've tried enabling the logging on the fw rules (as previously mentioned: Allow; LAN/test_grp_nets LAN/test_grp_nets All Services),

But that's not showing the ICMP continual ping I'm trying from 5.3 -> 0.5

Title: Re: Can we have 2 lan net in DFL210
Post by: Fatman on April 26, 2010, 11:31:38 AM

Check your PC firewalls, check your DFL logs, and if all else fails take some captures to show if the packets are making it to their destination and if they are being responded to.