D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: ivorgg on September 30, 2010, 02:40:28 AM

Title: Port 500 DFL800
Post by: ivorgg on September 30, 2010, 02:40:28 AM

Hello Forum,

I write this message because I have a problem with this port: 500

First of all, I would like to explain the configuration and after I show the problem.

I have a router with a static ip and there are some ports(500,3333,9812....) redirect to DFL80O.
                            Public ip -> Private ip(ip wan1 DFL 192.168.1.2)

There are some server and I use different ports to access each server.
                            port 3333 -> serverA (lan)
                            port 500 -> serverB (lan)
                            port 9812 -> serverC (lan)

Then in my DFL I have configured two rule (SAT and Allow) for each port. This rules is used to redirect the port between Wan1 to Lan.
                          private ip WAN1 -> lan ip

With the port 3333, from Internet I can access to the serverA without problem.

The problem appears when I try to connect with the server B, We can see this message in the log:

Date     Severity     Category/ID     Rule     Proto     Src/DstIf     Src/DstIP     Src/DstPort     Event/Action
2010-09-30 11:35:16    Notice    RULE 6000060    LocalUndelivered    UDP    wan1    212.204.99.245
192.168.1.2    500 500    unhandled_local drop

My DFL block the port 500!!! We have configured this port like the others ports.

I hope someone can help me!!

I am waiting for your advice

Thanks in advanced

Title: Re: Port 500 DFL800
Post by: silver_surfer30 on October 10, 2010, 07:41:27 PM

Am I right by thinking that port 500 is UDP port for IPsec. So in my understanding as far as the Firewall will capture all incoming paket for port 500 n his vpn engine, so you can not use it for your server.

What I suggest is to modify our server's port and that should fix the issue.

Title: Re: Port 500 DFL800
Post by: ivorgg on October 14, 2010, 03:26:06 AM

Hello silver_surfer30,

Thanks for your comment, I had thought the same (change the port) but It is not possible because the server is from another company and I can´t change anything.


This company has a static public ip which is used to access the server.

How I can configure the firewall to permit the acces of this ip addres into my lan(server)??
I have tried some rules but it dosnt work.

Thanks for your help.

Title: Re: Port 500 DFL800
Post by: silver_surfer30 on October 18, 2010, 01:14:10 AM

What I can think of is to uncheck the box 'IPsec before rule" in the interfaces/ipsec/advanced settings and see how it works. That should do the trick.

The issue will be regarding IPsec tunneling then.