D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: JBernier on October 19, 2009, 08:40:57 PM

Title: Multiple IP with Failover
Post by: JBernier on October 19, 2009, 08:40:57 PM

I have configure my DFL-210 for two ISP with the WAN and the DMZ as per the FAQ. For HTTP or SMTP I set my DNS accordingly. Everything worked fine with 1 IP for each ISP. Now I have 2 IP with 1 of my ISP and I would like to do port forward on the second ip (HTTP). I set my Adress Book for the new IP, publish ARP for this IP,SAT and NAT rules. Unfortunetly this didn't work for the second ip and the first IP still working fine. When checking the log, I see :

2009-10-19
23:30:01   Warning   RULE
06000051   Default_Rule   TCP   dmz
65.94.170.233
69.70.152.219   22865
80   ruleset_drop_packet
drop

Is anybody have a clue ? It is little complicated with the failover config.

Please help.

Title: Re: Multiple IP with Failover
Post by: Fatman on October 20, 2009, 08:28:18 AM

If you do not have a core route for your additional IP you will need to make the destination interface DMZ not core.

so your choices are add, a route for Additional_IP on core with a metric of 0, or change your destination interfaces to their interface instead of the core interface.

Title: Re: Multiple IP with Failover
Post by: JBernier on October 20, 2009, 12:33:30 PM

Sorry to ask but you lost me. Since there is failover involved, i don't have any clue on how to do that. For the failover, I just followed the step by step tutorial on Dlink website. Do you have any steps to give me ?

Thank you and have a nice day.

Title: Re: Multiple IP with Failover
Post by: Fatman on October 20, 2009, 01:07:32 PM

The fail over changes nothing, other than changing your IP Rule references to WAN to include your DMZ, which you should already have covered.  I am sure you could find some helpful steps in any of the threads with the phrase additional IP in the title.  There is an FAQ even for this kind of scenario.

http://www.dlink.com/support/faq/?prod_id=2404

Title: Re: Multiple IP with Failover
Post by: JBernier on October 20, 2009, 01:19:10 PM

This is exactly the document I used to configure my second IP. But per what you are saying, i am missing a route.

Title: Re: Multiple IP with Failover
Post by: Fatman on October 20, 2009, 02:00:54 PM

No, I said that you either need to include the interface that the additional IP is on in the destination interface field (which is done by selecting Any in that FAQ, or you had to add a route to my earlier stated parameters.  I gave the exact parameters to be used for the route.

So if you matched that FAQ perfectly then you would not have a log entry for that IP on that interface.

Title: Re: Multiple IP with Failover
Post by: JBernier on October 20, 2009, 02:13:04 PM

Thank you. I got it working.