D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: noereg on May 27, 2011, 01:29:03 AM

Title: how to access desktop at different subnet behind a firewall dfl 210
Post by: noereg on May 27, 2011, 01:29:03 AM

Hi. I have a server which has private ip 165.158.157.12 connected to LAN_ip of firewall 165.158.157.4 with subnet 165.158.157.0/24. Another network is connecting to lan of this firewall via Lan_ip_172 with ip address 172.24.11.101 subnet 172.24.0.0/16.  The 172.24.xxx.xxx network needs to get data from the 165.158.157.12 server via opclink and vice versa. How do we do this? i have done adding the lan_ip_172 to the firewall by adding this ip address and subnet as well as proper routes and ip rules already. Please help.

Title: Re: how to access desktop at different subnet behind a firewall dfl 210
Post by: noereg on May 30, 2011, 08:15:55 PM

i have just tried using SAT rule with destination network 172.24.11.101 then at SAT tab I set destination IP to 165.158.157.12 which is the ip of my server and then with corresponding Allow rule.  Still not able to connect... anyone?

Title: Re: how to access desktop at different subnet behind a firewall dfl 210
Post by: noereg on May 31, 2011, 06:28:53 PM

To be specific, here are my configurations:

Publish ARP of lan_172_ip to Lan

added route at main:
core lan_ip_172  0
lan   lannet_172  100

then the ip rules are:
allow    lan/lanet             lan/lannet_172       all_services
allow    lan/lannet_172     lan/lannet             all_services
SAT     lan/lannet_172     core/lan_ip_172     all _services   dest ip: 165.158.157.12
allow    lan/lannet_172     core/lan_ip_172     all services


did i miss anything?

Title: Re: how to access desktop at different subnet behind a firewall dfl 210
Post by: silver_surfer30 on June 01, 2011, 02:01:23 AM

rather use the forwardfast action in you rule
one for the outgoing packet and one for the incoming packet.
need to add the following route :
interface : lan
network : the remote lan or the remote pc
gateway : the gateway ip of remote network

try this

Title: Re: how to access desktop at different subnet behind a firewall dfl 210
Post by: noereg on June 01, 2011, 07:42:27 PM

hello silver_surfer  :D

before your kind response i have solved the problem. and for the sake of documentation here are the things i did:

1. transferred lan connection of 172.xxx.xxx.xxx to wan_2_ip instead of lan_172_ip.
2. created another object, wan_2_ip
3. ARP publish this wan_2_ip to wan
3. made route to this new entry:   core   wan_2_ip    metric:0
                                               wan   172.24.0.0/16    metric:100
4. made SAT rule  with dest IP going to my private server IP: 165.158.xxx.xxx
5. made corresponding Allow rule

I tried calling technical support in our area via dlink singapore but got lost in translation  ???. the Dlink-USA website has a FAQ which gave me the idea about multiple IPs for wan. so now i have both 192.168.xxx.xxx and 172.24.xxx.xxx series as my public ips. and my citect server is now the single computer connected at the protected side of the firewall, being now communicated outside wan at different subnets..

anyway, thanks silver_surfer... ;D

Title: Re: how to access desktop at different subnet behind a firewall dfl 210
Post by: noereg on June 09, 2011, 08:51:22 PM

hi. a new problem occurred. although i was able to connect to my citect server using two different subnets at the wan side, i noticed that the 172.24.xxx.xxx sporadically disconnects, and would take to re-initialize OPClink just to connect again, then for about 20 minutes or so, the disconnection happens again. Any idea, anyone?