D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: sicruise on October 21, 2009, 05:29:06 AM

Title: DFL-800 Unable to setup port forwarding to VLAN
Post by: sicruise on October 21, 2009, 05:29:06 AM

Well the title is confusing because that is the end result that I want but port forwarding is not working for me at the moment.

The rules I have at the moment are...

#    Name      Action      Source interface      Source network      Destination interface      Destination network      Service
1     https_inbound_map     SAT     any     all-nets     core     wan1_ip     http
2     https_inbound_allow     Allow     wan1     all-nets     core     wan1_ip     http
3     alloww45     Allow     vlan2     vlan2net     core     wan2_ip     http
4     nat_out     NAT     vlan2     vlan2net     any     all-nets     all_tcpudpicmp

The SAT destination address is set to map to an address on the vlan2net network

In the logs I am seeing this

2009-10-21
12:45:27    Debug    TCP_FLAG
3300016    TCPSequenceNumbers    TCP    wan1
vlan2    192.168.100.107
192.168.2.100    51615
80    tcp_seqno_too_low
drop

I have tried just forwarding to an ip on the lan too and I get the same problem, any help anyone can offer would be really appreciated.

Title: Re: DFL-800 Unable to setup port forwarding to VLAN
Post by: sicruise on October 21, 2009, 05:38:52 AM

I set logging on the rules to emergency just so I can find them easy, the trace is below

Please ignore https names, it is actually http that I am forwarding and connecting to at the moment.

2009-10-21
12:53:51    Emergency    CONN
600002    https_inbound_allow    TCP    wan1
vlan2    192.168.100.107
192.168.100.99    51644
80    conn_close
close
conn=close origsent=2712 termsent=748
2009-10-21
12:53:48    Emergency    CONN
600002    https_inbound_allow    TCP    wan1
vlan2    192.168.100.107
192.168.100.99    51637
80    conn_close
close
conn=close origsent=3832 termsent=1712
2009-10-21
12:53:12    Emergency    CONN
600001    https_inbound_allow    TCP    wan1
vlan2    192.168.100.107
192.168.100.99    51646
80    conn_open
satdestrule=https_inbound_map conn=open
2009-10-21
12:52:30    Emergency    CONN
600004    nat_out    UDP    vlan2
core    192.168.2.2
224.0.0.251    5353
5353    conn_open_natsat
conn=open connnewsrcip=127.0.0.1 connnewsrcport=15305 connnewdestip=224.0.0.251 connnewdestport=5353
2009-10-21
12:52:30    Emergency    CONN
600004    nat_out    UDP    vlan2
core    192.168.2.100
224.0.0.251    5353
5353    conn_open_natsat
conn=open connnewsrcip=127.0.0.1 connnewsrcport=10438 connnewdestip=224.0.0.251 connnewdestport=5353
2009-10-21
12:52:27    Emergency    CONN
600001    https_inbound_allow    TCP    wan1
vlan2    192.168.100.107
192.168.100.99    51644
80    conn_open

Title: Re: DFL-800 Unable to setup port forwarding to VLAN
Post by: sicruise on October 21, 2009, 07:25:55 AM

Got this figured out, wan1's default route was not specified

Title: Re: DFL-800 Unable to setup port forwarding to VLAN
Post by: Fatman on October 22, 2009, 08:46:45 AM

Well, I am glad this all worked out for you!