D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: Ricky_swe on August 11, 2009, 03:03:42 AM
-
Ive got a range of public ip's seems like i can put em all in a range on wan1_ip but i would like to be able to set for example
1 EXT IP to only let SMTP in and out
1 EXT IP using for internal use out surf ftp and so on
1 EXT IP for VPN
Or should i just set em all in a range on wan1_ip and just make alot of rules ?
But i think it would look cleaner if i had diffrent Wan_ip can i set up wan2_ip wan3_ip and point them to wan1net ?
-
Create ARP entries and routes to that IP on the core interface with a metric of 0.
Then you can create your IP Rules as per normal.
If you need more help, just drop the word.
-
Ive got a range of public ip's seems like i can put em all in a range on wan1_ip but i would like to be able to set for example
1 EXT IP to only let SMTP in and out
1 EXT IP using for internal use out surf ftp and so on
1 EXT IP for VPN
Or should i just set em all in a range on wan1_ip and just make alot of rules ?
But i think it would look cleaner if i had diffrent Wan_ip can i set up wan2_ip wan3_ip and point them to wan1net ?
Method I have used is as follows.
These are in the Address Book
WAN_IP_1 203.000.000.000 - Substitute with your Extern IP
WAN_IP_2 203.000.000.000 - Substitute with your Extern IP
WAN_IP_3 203.000.000.000 - Substitute with your Extern IP
Rules Entries.
1 SMTP SAT any all-nets wan1 WAN_IP_1 smtp
2 SMTP_Allow Allow any all-nets wan1 WAN_IP_1 smtp
3 WWW SAT any all-nets wan1 WAN_IP_2 http-all
4 WWW_Allow Allow any all-nets wan1 WAN_IP_2 http-all
** Edit: Let me know how you go with it.
-
Add the routes seen below.
interface network gateway metric
core WAN_IP_1 - 0
core WAN_IP_2 - 0
core WAN_IP_3 - 0
-
Thanks but ive run into basic problem cannot connect to internet so im wiping my conf (Backed up) and doing a fresh simple conf just to se if im able to connect īto IE
-
Ok new config no problem connecting ?
The old config i didnt do basic internet connection i canceld that and did everything manually.
Ok i have to figure this config out.
-
New basic default config and no connections ? strange ive checked and double checked gateways ips DNS still no connection strange.
-
What log entries do you get for the traffic?
-
Seems like the log is empty after shutdown.
I have to go out to my customer to get the log.
Strange behavior on my net i put it in basic conf = no problem surfing
Basic conf customers net = nothing exept i can ping ISP gateway thats all i can do.
I will go out to the customer this week and make a fool out of myself again to try to get this FW working.
Ill be sure to get the logs and if you want something moore its good to know it before i go out to the customer to get logs.
-
I know that no one likes hearing this suggestion, but would it be possible to call in to support while you are on site, if that is our narrow window for troubleshooting the issue with you I would rather you had someone there who could respond in real time.
It sounds to me like knowing what the first thing that causes it to not work should be our immediate goal.
-
Well that is no problem but the time difference is hughe :-)
is there a swedish or european number to call ?
-
I'm sure there is, I don't have it offhand though. I am sure if you check the D-Link Europe site for that product the correct support number should be listed.
-
Well i emailed them and got an answer 2,5 weeks later. but ill give it a try to call em ive have little faith in that.
-
I did give them a call but this was not done over business hours so no answer.
Still had to go to the customer and give it a try.
And now i saw strange behavior with twisted pair and straight networkcables.
Didnt make any sense so called the support again the day after and there is a setting for full/halv speed on wan1.
(thought this product should be able to be automatic configured depending of speed and cables ?)
I had to configure the old firewall for VPN, its an several years old machine and working flawless INGATE.
-
No, this product does support autonegotiation. That said it is not unheard of to have autonegotiation fail depending on devices and cabling, though that is not limited to our product(s) in particular. That said, it would be interesting to know what this strange behaviour is?
I am sorry you have had such trouble connecting to support.