D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: sigma on February 17, 2011, 07:27:51 AM

Title: remote access from one ip
Post by: sigma on February 17, 2011, 07:27:51 AM

Sorry for my english,
I have now set the rules so that from any internet ip connecting via PCAnywhere.

 Current Configuration
 rule sat.

source interface ---wan
source network----- all-nets
destination interface----  core
destination network----- wan-ip
sat--------------------ip_Local_host

Rule allow
source interface ---wan
source network----- all-nets
destination interface----  core
destination network----- wan-ip

I Need to allow access only to a wan ip 80.25.XX.77

Please help

Title: Re: remote access from one ip
Post by: silver_surfer30 on February 17, 2011, 09:34:20 AM

instead of all-nets for the source network just select the remote IP you want to allow.

Title: Re: remote access from one ip
Post by: sigma on February 17, 2011, 11:47:17 PM

with this configuration does not work any ip
  --- 80.25.XX.77 ip_remote object.

source interface ---wan
source network----- ip_remote
destination interface----  core
destination network----- wan-ip
sat--------------------ip_Local_host

Rule allow
source interface ---wan
source network----- ip_remote
destination interface----  core
destination network----- wan-ip

my scenario
router Zyxel--------dfl-200-----hub

I can have the router problem?
thanks

Title: Re: remote access from one ip
Post by: silver_surfer30 on February 19, 2011, 01:13:37 AM

What you can try is to see if you have a dmz option on the Zyxel. If so then apply it to DFL wan IP. and try my suggestion.
If no then you need to do the restriction on the zyxel config.

Title: Re: remote access from one ip
Post by: juanjo on February 19, 2011, 04:23:46 AM

I think that you are using Zyxel as NAT device. Do you have ADSL router Zyxel working as NAT?. I suppose that you have configured the firewall interfaces (wan and lan) as transparent mode.

If you are using a Zyxel router for internet connection then you must open the TCP ports used by PCAnyWhere in the Zyxel router and redirect them to the "ip_local_host".

1.- Configure tcp ports redirection in the Zyxel to the "ip_local_host"
2.- Configure only one "ALLOW" rule in the firewall: service=PcAnyWhere ports, source interface=wan, source network=ip_remote, destination interface=lan, destination network=ip_local_host.

Regards

Title: Re: remote access from one ip
Post by: sigma on February 22, 2011, 11:01:17 AM

gracias Juanjo
the current configuration.
the router is configured nat
 also configured in multiport
 Do I have to change the configuration?

Title: Re: remote access from one ip
Post by: juanjo on February 22, 2011, 11:58:57 AM

Quote from: sigma on February 22, 2011, 11:01:17 AM

gracias Juanjo
the current configuration.
the router is configured nat
 also configured in multiport
 Do I have to change the configuration?

Efectivamente sigma

1.- Configure LAN and WAN interfaces in transparent mode.
2.- Follow the stemps in my last post

1.- Configure tcp ports redirection in the Zyxel to the "ip_local_host"
2.- Configure only one "ALLOW" rule in the firewall: service=PcAnyWhere ports, source interface=wan, source network=ip_remote, destination interface=lan, destination network=ip_local_host.

Regards

Title: Re: remote access from one ip
Post by: sigma on February 25, 2011, 08:14:04 AM

Spanish English translated by google
Thanks again.

I'll explain as I finish the installation.

To configure the ports zyxel 3389 (PcAnywhere) redirect them to pc_local_host
Configure the firewall dfl-210 in a transparent manner, with the above rules and allow Saved sat, and before removing the SAT rule, I warn all users of the network to any computer on the internal network can connect to terminal server a server with locally.
Seeing what was coming up and ran off the firewall access Terminal Server.
I decided to leave it as it was, without a transparent and I have another dfl-210 that proved in my office more relaxed.

"The firewall acts between the local network itself?

Can you think of solutions?



Spanish
Gracias de nuevo.

Te explico como termino la instalacion.

Configure el zyxel para que los puertos 3389 (Pcanywhere) los redirija al pc_local_host
Configure el Firewall dfl-210 en modo transparente, con las reglas anteriores guardadas de sat y allow, y antes de eliminar la regla SAT, me avisan todos los usuarios de la red que ningun ordenador en la red interna se puede conectar con terminal server a un servidor que tienen en local.
Viendo lo que se venia encima desconecte el firewall y funcionaron los accesos de Terminal Server.
Decidi dejarlo como estaba, sin modo transparente y tengo otro dfl-210 que probare  en mi oficina mas tranquilo.

¿El cortafuegos actua entre  la propia red local?

¿se te ocurre soluciones?

Title: Re: remote access from one ip
Post by: sigma on March 04, 2011, 09:20:25 AM

Juanjo


thank´s thank´s thank´s
is working as your explanation, in transparent mode.thank you very much