D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: loicFr on November 10, 2011, 10:08:09 AM

Title: DFL-1600 dual WAN and two servers configuration problem
Post by: loicFr on November 10, 2011, 10:08:09 AM

Hi everyone,
After spending one day on trying everything I could, I figured I would have nothing to lose to ask for help ^^

The problem is simple:
I have two ISPs, each providing multiple public IPs. (let's say xx.xx.xx.0/24 and yy.yy.yy.0/24)
I have two servers on the DMZ network (dd.dd.dd.0/24) and I would like to be able to reach those two servers from both public IPs.

Right now, it only works with WAN1 and WAN2 doesn't even answer a ping.

I am open to any thought or solution!  ???  ???

Thanks a lot,

Loic  :)


Here is a quick diagram because it's always clearer this way:

(http://loic.ortola.free.fr/fw/000.PNG)

Now, my actual FW configuration:

(http://loic.ortola.free.fr/fw/001.PNG)

(http://loic.ortola.free.fr/fw/002.PNG)

(http://loic.ortola.free.fr/fw/003.PNG)

(http://loic.ortola.free.fr/fw/004.PNG)

(http://loic.ortola.free.fr/fw/005.PNG)

(http://loic.ortola.free.fr/fw/006.PNG)

(http://loic.ortola.free.fr/fw/007.PNG)

(http://loic.ortola.free.fr/fw/008.PNG)

(http://loic.ortola.free.fr/fw/009.PNG)

(http://loic.ortola.free.fr/fw/010.PNG)

Thanks again for your help!

-up

Title: Re: DFL-1600 dual WAN and two servers configuration problem
Post by: danilovav on November 10, 2011, 07:04:55 PM

1) First, you need to process connections from each WAN separately.

Routing > Routing tables
Create new one named wan2
Create route (interface, network, gateway, metric)
wan2 all-nets wan2_gw 100

Routing > Routing rules
wan2/all-nets any/all-nets, forward main, return wan2

I recommend you to do the same for wan1, but it's not mandatoroy

2) As i understand, your DMZ is "gray", right?

3) Rules > wan1_to_dmz, wan2_to_dmz
SAT/Allow rules should be with wan1/all-nets core/wan1_ip networks (for wan2 - replace wan interface)

4) Rules > dmz_to_wan1, dmz_to_wan2
Allow_SMTP rules not working because your traffic passed thru NAT all_tcpudp, so you can remove this rules

5) Rules > Access
I don't see this items are necessary

6) Routing > Routing tables > main
Add routes (interface, network, metric)
core Wan1_VPNServer 0
core Wan1_WebServer 0
core Wan2_VPNServer 0
core Wan2_WebServer 0