D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: iyannick on December 02, 2011, 08:56:16 PM

Title: DFL-860 1 Wan IP and a different block of ip on a different subnet
Post by: iyannick on December 02, 2011, 08:56:16 PM

First thanks for me helping me!

The iSP provide a cable modem with IP 24.24.24.21 and a subnet of 255.255.255.24 to use.
The DFL needs to be configured with the 24.24.24.21 address to work.

We also have a different range of IP'S provided by them 208.235.134.22 subnet 255.255.255.224

The lan is configured with 192.168.0.x Addresses

We want our 4 servers with 208.134.x accessible on the lan and on the internet.


Any advise ?


Thanks

Title: Re: DFL-860 1 Wan IP and a different block of ip on a different subnet
Post by: danilovav on December 03, 2011, 08:59:24 AM

You can place your subnet and servers into DMZ
If your subtet is routed over one of your IP, skip transparent mode, if you use ISP gateway - make transparent mode between WAN and DMZ.
You can control inbound/outbound traffic for this servers and allow necessary traffic with LAN.

Title: Re: DFL-860 1 Wan IP and a different block of ip on a different subnet
Post by: iyannick on December 06, 2011, 10:12:10 AM

Thanks for the help!

I created an object called dmz_gw and added the GW provided by my ISP.

The ISP said that only the GW and subnet must be entered on the router for the extra ip block to work...they do the routing between the extra block and the ip of the modem.

Like i said, i added a dmz_gw entry and i entered the dmz_gw on the dmz interface and it didn't work...
I will try again when the office are closed tonight.


Thanks

Title: Re: DFL-860 1 Wan IP and a different block of ip on a different subnet
Post by: danilovav on December 06, 2011, 12:34:03 PM

In case of routed subnet... You don't need dmz_gw at all, because used your wan_ip and wan_gw.

1) Objects > Address book > InterfaceAddresses
Set dmznet to your additional subnet in CIDR format
Set dmz_ip to one of IPs from your additional subnet (ex, first)

2) Interfaces > Ethernet > dmz
Use only dmz_ip and dmznet for IP and network, keep gateway blank
Keep "add route" checkboxes

3) Rules > IP rules
Add necessary Allow rules between wan and dmz

Title: Re: DFL-860 1 Wan IP and a different block of ip on a different subnet
Post by: iyannick on December 06, 2011, 12:46:08 PM

i will try that in 2 hours when the office are close.

What bugs me with that DFL thing is that it is not the same logic as it used to be with my old cisco or a linksys. I used to only set the GW and the subnet of my IP block on the dmz port... nothing else!

Will try your suggestion later today ;-)


Thanks bro!


Yannick

Title: Re: DFL-860 1 Wan IP and a different block of ip on a different subnet
Post by: danilovav on December 07, 2011, 06:54:24 PM

Dont tell "bugs". Your old linksys just was very simple, that's all. By this linksys device you can't do even 10% what DFL can  8)
And dont tell "cisco", real Cisco routers are more and more complicated than DFL. Try to find 1721 and configure it :D