D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: aboyd on March 17, 2011, 05:32:18 AM

Title: DFL-210 Connection to file server over PPTP
Post by: aboyd on March 17, 2011, 05:32:18 AM

I have read through all the manuals and posts on this forum but am still unable to solve this problem even after spending several days trying.

My PPTP connection works perfectly for connecting through to the internet. But I am unable to detect/connect over PPTP to my lan and file server.

My lan:
lannet    192.168.1.0/24
lan_dhcpserver_dns1    172.16.0.1         
lan_dhcpserver_gw    192.168.1.1         
lan_dhcpserver_netmask    255.255.255.0         
lan_dhcpserver_range    192.168.1.40-192.168.1.80

File server IP 192.168.1.42

PPTP:
PPTP-server-dns    172.16.0.1         
PPTP-server-IP-address    10.1.1.1         
PPTP-server-IP-range    10.1.1.2-10.1.1.100

Computer IP that I would like to connect to lan file server 10.1.1.2

Rules:
allow_standard             NAT             lan     lannet     wan     all-nets     all_tcpudp
HTTP_Allow             Allow     lan     lannet     wan     all-nets     all_services
HTTP_Allow_Inboud     Allow     wan     all-nets     lan     lannet     all_services
PPTP_Allow             Allow     AB1     PPTP-server-IP-range     lan     lannet     all_services
PPTP_HTTP_Allow     Allow     AB1     PPTP-server-IP-range     any     int_net     all_services
PPTP_HTTP_Allow_Inbound     Allow     lan     lannet     AB1     PPTP-server-IP-range     all_services
PPTP_allow_standard     NAT     AB1     PPTP-server-IP-range     wan     all-nets     all_services

Any tips or suggestions would be very much appreciated! :)

Title: Re: DFL-210 Connection to file server over PPTP
Post by: silver_surfer30 on March 19, 2011, 10:24:26 AM

Hi,

Can you give more informations about the configuration of the wan interface ?
Are you in transparent mode ?

What is the purpose of this  rules below ?
HTTP_Allow             Allow     lan     lannet     wan     all-nets     all_services
HTTP_Allow_Inboud     Allow     wan     all-nets     lan     lannet     all_services
PPTP_HTTP_Allow     Allow     AB1     PPTP-server-IP-range     any     int_net     all_services
PPTP_HTTP_Allow_Inbound     Allow     lan     lannet     AB1     PPTP-server-IP-range     all_services

These rules might be the root issue of your configuration.

But to be sure I need the configuration type of your wan interface.

Title: Re: DFL-210 Connection to file server over PPTP
Post by: aboyd on March 21, 2011, 06:52:57 AM

Thank you silver_surfer30, I have tried to provide more information below.

Can you give more informations about the configuration of the wan interface ?
Wan
IP address: 0.0.0.0    
Network: 0.0.0.0/0   
Default Gateway: 0.0.0.0    
Receive Multicast Traffic: Yes   
Enable DHCP Client: Yes (Default)

AB1 PPTP VPN
Inner IP Address: PPTP-server-IP-address
Tunnel Protocol: PPTP
Outer Interface Filter:   wan
Server IP: wan_ip

Are you in transparent mode ?
No.

What is the purpose of this  rules below ?

Local Traffic
Lan to Wan traffic. HTTP_Allow/Allow/lan/lannet/wan/all-nets/all_services
Wan to Lan traffic. HTTP_Allow_Inboud/Allow/wan/all-nets/lan/lannet/all_services

AB1 PPTP VPN
VPN to lan traffic. PPTP_Allow/NAT/AB1/PPTP-server-IP-range/lan/lannet/all_services
VPN to any traffic. PPTP_HTTP_Allow/Allow/AB1/PPTP-server-IP-range/any/int_net/all_services
Lan to VPN traffic. PPTP_HTTP_Allow_Inbound/NAT/lan/lannet/AB1/PPTP-server-IP-range/all_services
VPN tp Wan traffic. PPTP_allow_standard/NAT/AB1/PPTP-server-IP-range/wan/all-nets/all_services

Address Book
dmz_ip    172.17.100.254
dmznet    172.17.100.0/24
lan_ip    192.168.1.1
lannet    192.168.1.0/24
PPTP-server-dns    172.16.0.1         
PPTP-server-IP-address    10.1.1.1         
PPTP-server-IP-range    10.1.1.2-10.1.1.100         
VPN_to_LAN    lannet, pptp_pool         
wan_br    0.0.0.0
wan_dns1    0.0.0.0
wan_dns2    0.0.0.0
wan_gw    0.0.0.0
wan_ip    0.0.0.0
wannet    0.0.0.0/0

Title: Re: DFL-210 Connection to file server over PPTP
Post by: silver_surfer30 on March 23, 2011, 05:58:04 AM

many thanks for this informations.

The reason i'm asking for transparent mode is that you do not perform nat to access the internet.
The other reason for not performing nat will be that you mayhave some static routes.

the local trafic seems to me that the wan and the lan are in the same subnet. this type of rule implies that tranparent mode is enable between wan and lan.

the normal configuration will have been to nat trafic from lan to wan.
the wan to lan trafic will have needed a sat a nat or allow rule.



regarding the pptp trafic.

Normal configuration will be as follow.
to allow trafic from client to lan will be : pptp interface/ pptp-pool - allow - the service - lan/lannet
to allow client to access the internet through DFL the rule would be like:

pptp interface/pptp-pool - nat - the service - wan/allnets

I don't understand the reason to create a rule to allow the trafic from lan to pptp as the connection is initialised by the client and the client only wil request to the lan.

Can you check on the status of dfl to verify the IP of wan interface ?
CAn you check on routing/routing table/main and verify that no switch route is configure ?