D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: ilGrifo on June 09, 2009, 05:28:18 AM
-
hi,
I have a network with adsl router on wan and dlf-200 between lan an wan
wan ip is dhcp range by router range 10.0.0.2 to 254 / 24 and lan is 192.168.1.254
there is only rules for authenticate web surfing on http outbound and nothing for pop smtp and dns.
the last rule is allow_standard 192.168.1.0/24 any allservice
but if I download mail with attachmeants the mail client go on time-out, without attachmaents no problems.
when I use only router, bypass the firewall with my notebook all is ok.
ideas ?
-
You are double NAT'ed, I would resolve that first.
-
thank you for reply,
the router is in lease with the adsl line, I can't edit it, is possible to create only a "virtual server" to enable a port forward.
-
That is a rough shake. I would personally fight that.
-
LOL !
i think that is the only one possibility to resolve it . . .
thank's a lot
A.F.
p.s. sorry for my orrible eng. !
-
Best of luck.
Just out of morbid curiosity, I assume English isn't your first language due to your last post, might I ask what is? I have a minor interest in languages.
-
hi,
the router is "alice gate 2" of telecom italia adsl line.
the firmware lock the configuration on "bridge+router" and permit only nat and port forward on private lan ( this case is 10.0.0.1)
I call the callcenter of telecom italia and they confirm the block and isn't possible to unlock.
in a forum there is an How to unlock the router but is illegal and dangerous ( open, cut, bridge with wire ecc . . . )
link: http://www.cervogia.it/mattia/index.php?option=com_content&task=view&id=82&Itemid=1
I think a solution:
if the custemer pay the difference, I change the "alice gate 2" router with another, on the new router use the bridge mode and on dfl 200 wan port use the pppoe configuration, now with this configuration there isn't a double nat.
-
That looks like quite a process, good luck getting a replacement!
-
:'( :'( :'( :'( :'( :'( :'( :'( :'( :'(
I changed the router this morning . . . nothing to do !!!
the problem persist, with or without double NAT the mails with attachment not coming down.
after this bad news I reset the dfl200 to factory default, set wan ip and d.g. and use the default internet rule ( all open to internet ) but nothing.
i re-establish the old 3com firewall ( 10 years old ) with double nat, in one second all mail coming down, very fast.
I try do send / recive mail, shutdown mail client during the download and replay, it works very fine !
that's incredible . . .
-
Truthfully, this is a product we don't support any more, and I am not 100% on the default policies.
Do we have any ALGs or anything like that applied to POP, SMTP, IMAP, or HTTP by default? Which of those services are your using for mail?
-
hi,
too fast !!!
the default rule is wan to lan
any ip -> all service -> to all net
the default protocol for pop3 is port 110 and smtp 25 without any alg or port translation
The dfl 200 use ALG only for HTTP (http-outbound protocol) to enable content filter and I check other two installations of this firewall and there aren't problems, it work very fine.
-
If you have 2 other installations which neither have this problem could you swap units to see if the problem follows the location or the router?
-
and the solution is . . .
changed the dfl-200 with dfl-210 !!!!
and all is OK
now I test the incriminated dfl-200 in my office lan but I think there isn' t a problems.
thanks for all,
Andrea F.