D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: cyberdouai on January 26, 2011, 02:57:44 AM

Title: DFL-260 - NAT / SAT with dyndns source.
Post by: cyberdouai on January 26, 2011, 02:57:44 AM

Hello, I'm trying to configure a DFL-260 in order to accept only connexion from an host on dyndns to the port 5060 (sip) of the DFL, which is SATed to the ipbx. In order to do that i've used the dns: ***.dyndns.org but it don't seems to work.

Here's some screenshots :

(http://img510.imageshack.us/img510/6367/53392139.png)

with this service :

(http://img508.imageshack.us/img508/6998/34991714.png)

(http://img20.imageshack.us/img20/2012/68216014.png)


(http://img695.imageshack.us/img695/5169/19121229.png)

I've made the same thing for the NAT rule.

What do i do wrong? Thanks in advance !

(sorry for my english i'm french ;) )


PS : it works when I write directly the IP (without dyndns) in the "tel-bert" address field.

Title: Re: DFL-260 - NAT / SAT with dyndns source.
Post by: cyberdouai on January 27, 2011, 03:01:50 AM

I believed It was solved but not :(

Title: Re: DFL-260 - NAT / SAT with dyndns source.
Post by: juanjo on January 30, 2011, 10:08:22 AM

It's sounds like you have not configured dns address in your dfl-260.
Please, check the next:

1.- Be sure that you have configured dns addres. Check System->DNS->Primary Server and set to Wan_Dns1 or your dns address.
2.- Be sure that you have the same NAT rule just after SAT rule
3.- Be sure that two rules are before any drop rule that drops 5060 port or better, put them before all drop rules.

Regards

Title: Re: DFL-260 - NAT / SAT with dyndns source.
Post by: cyberdouai on February 02, 2011, 05:29:23 AM

First, Thanks for your reply :)

Then, the SAT - NAT rules are the two first rules on the firewall (SAT, then NAT).
The configured dns adresss is the google one : 8.8.8.8

But it still not works :(

But when i write directly the IP into the rule, without the dns, it works ...

Title: Re: DFL-260 - NAT / SAT with dyndns source.
Post by: juanjo on February 02, 2011, 11:59:28 PM

Quote from: cyberdouai on February 02, 2011, 05:29:23 AM

First, Thanks for your reply :)

Then, the SAT - NAT rules are the two first rules on the firewall (SAT, then NAT).
The configured dns adresss is the google one : 8.8.8.8

But it still not works :(

But when i write directly the IP into the rule, without the dns, it works ...

I don't understand.

DNS Address must be DNS of your ISP to resolve "dyndns" FQDN.

Regards

Title: Re: DFL-260 - NAT / SAT with dyndns source.
Post by: cyberdouai on February 03, 2011, 05:24:42 AM

I always use google dns instead of my ISP dns. Everywhere : pc, switch, firewall, modem ... it always work ... i'll try anyway with my isp dns but i think it won't change anything

Title: Re: DFL-260 - NAT / SAT with dyndns source.
Post by: cyberdouai on February 04, 2011, 06:19:51 AM

nothing change when i use my ISP's dns.

Note when i write "dns:CENSORED.dyndns.org" directly in "source network" of my rules, i've got this error :

 - Unknown symbolic netobject name
  NAME sat_5060 SAT wan dns:CENSORED.dyndns.org core wan1_ip Port_506...
                        ^^^^^^^^^^
Am I wrong with the notation?

Title: Re: DFL-260 - NAT / SAT with dyndns source.
Post by: lingnau on September 20, 2011, 05:23:43 PM

I'm not sure if SAT rules allow this sort of objects (dns:host.domain.com).

They work just for VPN and some other features, but not for host adresses. (I've had problems with this once).

Consider using a fixed IP adress for this.

Title: Re: DFL-260 - NAT / SAT with dyndns source.
Post by: danilovav on September 21, 2011, 12:42:56 PM

FQDN is not allowed in IP rules
Use IP range/subnet instead of dyndns name