D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: kthiesen on November 09, 2010, 11:49:34 PM
-
Hi
I'm new to DFL-xxx and need some assistance. ???
I have been working with a DFL800 - firmware 2.12.00.44-1874
Apr 27 2007 for 96 hours now, and I can't make it work.
What I want is a simple solution.
WAN IP is Static 109.202.132.22
LAN IP is DHCP in range 192.168.10.3 - 192.168.10.199 with dns relay and GW 192.168.10.1
Need to allow http for browsing - nothing else
I have some resources on IPs above 192.168.10.200 - and don't anticipate any problems with setting them manually, so they have static IP.
I have been able to make dhcp work on lan, but I can't make it give the client a default gateway.
If I set client manually to ip 192.168.1.11, subnet 255.255.255.0, gw 192.168.1.1 I get ping ok from internet and dns servers relayed - but can not se a homepage.
I can't seem to make lan work with other than 192.168.1.0/24, and I really need 192.168.10.0/24....
Please help!
Below is the content of support file:
Greetings
Kristen
Technical Support information
Please verify contents of this file before sending to Technical Support
Created: 2010-11-10 08:47:03
D-Link Firewall 2.12.00.44-1874
Copyright Clavister 1996-2006. All rights reserved
QuickSec SSHIPSECPM version 2.1 library 2.1
Copyright 1997-2003 SafeNet Inc
Build : Apr 27 2007
Uptime : 0 days, 00:48:36
Last shutdown : 2010-11-10 08:19:35: Activating configuration changes
CPU Load : 1%
Connections : 2 out of 25000
Fragments : 0 out of 1024 (0 lingering)
Buffers allocated : 1784
Buffers memory : 1784 x 2572 = 4480 KB
Fragbufs allocated : 32
Fragbufs memory : 32 x 10040 = 313 KB
Out-of-buffers : 0
Using configuration file "core.cfg", ver 8
Crash.dmp was empty
Contents of the License file
----------------------------
Registration key: 6332-6599-4553-9969
Bound to MAC address: 00-1E-58-22-AB-53
Model: DFL-800
Registration date: 2008-04-04 18:32:16
Issued date: 2008-04-04 18:32:16
Last modified: 2008-04-04 18:32:16
New upgrades until: 2010-10-04 00:00:00.000
Ethernet Interfaces: 4
Max Connections: 25000
Max PBR Tables: (unlimited)
Max Routes: (unlimited)
Max Rules: 1000
Max Throughput: 210
Max VPN Tunnels: 300
Max VPN Throughput: 75
Max GRE Tunnels: 200
Max VLANs: 16
Max HA cluster size: 2
User authentication: YES
Max PPP Tunnels: 300
PPP Clients Available: YES
PPP Servers Available: YES
IKE Responders Available: YES
Memory Block Num Bytes Total Setting
------------------- ------ -------- ----------- -------------------
fwloader.cfx 912 KB [Fixed]
Core Size 12148 KB [Fixed]
TCP Windows 256 KB [Auto]
Buffers 1784 2572 4480 KB HighBuffers
ARP Entries 4096 52 208 KB ARPCacheSize
State Hash 131072 4 512 KB [Auto]
State Entries 25000 236 5761 KB MaxConnections
Large reass. bufs 32 10000 312 KB LocalReass_NumLarge
Pseudoreassemblies 1024 156 156 KB PseudoReass_MaxConcurrent
In listing: 24958 KB
Total installed RAM: 128 MB
Free memory : 92 MB
Configuration log:
Attempting to use new configuration data...
License file successfully loaded.
Configuration done
Configuration (v8) verified for bi-directional communication
Iface core
Null (sink)
Receive Mode : Normal
MTU : Unlimited
IP Address : 127.0.0.1
Software Statistics:
Soft received : 0 Soft sent : 0 Send failures : 0
Dropped : 0 IP Input Errs : 0
Driver information / hardware statistics:
None.
Iface wan1
Builtin r8139/8129 - Realtek RTL8139 Fast Ethernet Bus 0 Slot 2 IRQ 0
Media : "100BaseTx"
Link Status : 100 Mbps full Duplex (autonegotiated)
Receive Mode : All Multicast
MTU : 1500
Link Partner : 10BASE-T, 10BASE-T FD, 100BASE-TX, 100BASE-TX FD
IP Address : 192.168.2.34 (DHCP)
Hw Address : 00-1e-58-22-ab-55
PBR Membership: main
Software Statistics:
Soft received : 1357 Soft sent : 55 Send failures : 0
Dropped : 931 IP Input Errs : 0
Driver information / hardware statistics:
IN : packets= 3765 bytes= 351930 errors= 0 dropped= 0
OUT: packets= 1506 bytes= 107138 errors= 0 dropped= 0
Collisions : 0
In : Length Errors : 0
In : Overruns : 0
In : CRC Errors : 0
In : Frame Errors : 0
In : FIFO Overruns : 0
In : Packets Missed : 0
Out: Sends Aborted : 0
Out: Carrier Errors : 0
Out: FIFO Underruns : 0
Out: SQE Errors : 0
Out: Late Collisions : 0
Iface wan2
Builtin r8139/8129 - Realtek RTL8139 Fast Ethernet Bus 0 Slot 1 IRQ 0
Media : "N/A"
Link Status : Unknown (no link detected)
Receive Mode : All Multicast
MTU : 1500
IP Address : 192.168.120.254
Hw Address : 00-1e-58-22-ab-56
PBR Membership: main
Software Statistics:
Soft received : 0 Soft sent : 2 Send failures : 0
Dropped : 0 IP Input Errs : 0
Driver information / hardware statistics:
IN : packets= 0 bytes= 0 errors= 0 dropped= 0
OUT: packets= 20 bytes= 1200 errors= 0 dropped= 0
Collisions : 0
In : Length Errors : 0
In : Overruns : 0
In : CRC Errors : 0
In : Frame Errors : 0
In : FIFO Overruns : 0
In : Packets Missed : 0
Out: Sends Aborted : 0
Out: Carrier Errors : 0
Out: FIFO Underruns : 0
Out: SQE Errors : 0
Out: Late Collisions : 0
Iface dmz
Builtin IXP4NPE - Port 2 IRQ 0
Link Status : No link detected
Receive Mode : All Multicast
MTU : 1500
IP Address : 172.17.100.254
Hw Address : 00-1e-58-22-ab-54
PBR Membership: main
Software Statistics:
Soft received : 0 Soft sent : 2 Send failures : 0
Dropped : 0 IP Input Errs : 0
Driver information / hardware statistics:
IN : packets= 0 bytes= 0 errors= 0
OUT: packets= 20 bytes= 1200 errors= 0
Collisions : 0
In : Length Errors : 0
In : CRC Errors : 0
In : FIFO Overruns : 0
Out: Carrier Errors : 0
Out: FIFO Underruns : 0
Out: Late Collisions : 0
Iface lan
Builtin IXP4NPE - Port 1 IRQ 0
Link Status : 1:100F 2:100F 3:- 4:- 5:- 6:- 7:-
Receive Mode : All Multicast
MTU : 1500
IP Address : 192.168.1.1
Hw Address : 00-1e-58-22-ab-53
PBR Membership: main
Software Statistics:
Soft received : 668 Soft sent : 279 Send failures : 0
Dropped : 248 IP Input Errs : 0
Driver information / hardware statistics:
IN : packets= 4844 bytes= 670915 errors= 0
OUT: packets= 4295 bytes= 2184864 errors= 0
Collisions : 0
In : Length Errors : 0
In : CRC Errors : 0
In : FIFO Overruns : 0
Out: Carrier Errors : 0
Out: FIFO Underruns : 0
Out: Late Collisions : 0
No policy manager created
No policy manager created
No policy manager created
-
Hi Kristen,
the problem is, you have to connect to the firewall again for accepting the changes, but you can't because the LAN address changes meanwhile. So, there are two solutions:
1. On your PC configure a second ip address and gateway for the network card connected to the LAN port. The German FTP-Server from DLink has a video instruction for it. Maybe it can help you, although it's in German: ftp://ftp.dlink.de/dfl/dfl-800/documentation/DFL-800_Howto_de_Video_aenderung-ip.zip (http://ftp://ftp.dlink.de/dfl/dfl-800/documentation/DFL-800_Howto_de_Video_aenderung-ip.zip)
2. First configure another port on the Dlink-Firewall for Remote Management via HTTP. Save the settings, connect your PC to this port and configure your LAN.
Best regards,
Carsten
-
Hi Carsten
Danke, Deutsch ist keine problem - ich bin flersprachic ;D
For the rest of the attendees, this worked out great.
I did as per description in the video, and am now able to enter the admin panel again.
Now I'm just wondering if there is a simple guide to setting up the simple configuration tham I am looking for - even if it is in german, french, english, swedish, norwegian og danish I am able to understand all...
Greetings
Kristen
-
Hi Kristen,
I've just looked at the DLink sample documentation and didn't find anything, unfortunatly. I guess, you know what you have to do and you're just searching the right places for configuration.
These are the steps in short, where you've to go:
1. Objects->Address Book:
Configure wan1_ip, wan1_gateway, wan1_net, dns, lan1_ip, lan1_net, lan1_dhcp_range, private-nets (255.255.255.0)
2. Interfaces -> Ethernet:
Configure wan1 with: wan1_ip, wan1_net, wan1_gateway
Configure lan1 with: lan1_ip, lan1_net, No Gateway
3. System -> DNS:
Configure the DNS to use by the DLink-DFL
4. System -> DHCP:
Configure your DHCP-Server with:
General-Tab: lan1, 0.0.0.0/0, lan1_dhcp_range, private-nets
Options-Tab: lan1_ip and the DNS to publish via DHCP
5. Rules:
Configure at least 2 rules:
DNS: NAT, dns-all, None, lan1, lan1_net, wan1, all-nets
HTTP: NAT, http-all, None, lan1, lan1_net, wan1, all-nets
I hope, I haven't forgot anything. Just try it.
Best regards,
Carsten
PS: I have just had a little break waiting for a program to finish its analysis. ;)
-
Hi Carsten
Thanks, I'll try it out. The DNS part is, I believe, what I have been looking for.
Hope your analysis turned out ok :o
Greetings!
Kristen
-
Hi all
I've got the firewall working fine.
Now I have been trying all saturday to figure out how to make vlan work with dlf-210 and des-1228.
I have tried to follow the d-link docs, and now I'm totally confused.
In order not to bias an answer here is what I'm trying to do:
Two vlans are set up on dfl-210: xxx.xxx.20.xxx and xxx.xxx.24.xxx.
xxx.xxx.20.xxx tagged on port 1-11 on des-1228 and (vid is 20)
xxx.xxx.24.xxx tagged on port 11-20 (vid is 24)
I use port 11 on des-1228 to connect to dfl-210.
I left vid01 (default) untagged on all ports.
The lan on dfl-210 gives dhcp to all ports on des-1228, and I belive that is wrong.
Can you give me a simple description as to how this is supposed to be set up...
Best regards
Kristen
-
Did you turn on asymetric vlan on 1228 ? If so, please disable it.
create the vlans as usual and only tag the connection port between dfl and DES.
As the connection port will belong to both vlan, that port will be tagged.
You need to then create your objects for each vlan (vlan_ip, vlannet, and vlan_dhcp).
create the dhcp for each vlan and that should do it.