D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: cariparo on October 30, 2009, 10:03:45 AM
-
Hi All,
I'm in trouble when adding an IP Alias to DFL-800 LAN interface. Here the procedure:
Current LAN: 10.10.3.1/24
New LAN: 10.0.0.1/23
Create New IP Address for 10.0.0.1 (lan_new_ip)
Create New IP Address for 10.0.0.0/23 (lan_new_net)
Interfaces -> ARP -> Add
Mode: Publish
Interface: Lan
IP Address: lan_new_ip
MAC: 00-00-00-00-00-00
Rules -> IP Rules -> Add (on top of the list)
Action: Allow
Service: Ping Inbound
Source
Interface: Lan
Network: lan_new_net
Destination
Interface: core
Network: lan_new_ip
Save&Activate
But I can't ping 10.0.0.1 from 10.0.0.55 (10.10 and 10.0 are both on same cable in the phisical lan port 1)
Does anyone please tell ma what is wrong?
Thanks
-Carip
-
Did you add a route for lan_new_net on the LAN interface, metric 100, no gw?
Did you add a route for lan_new_ip on the core interface, metric 0, no gw?
-
Perfect, it works fine!
;)
Keep up your great work,
-Carip.
-
Hello, I am in almost the same situation;
I have the same setup as the OP, after adding routes I can ping 10.0.0.1 from 10.0.0.55 but contrarly to my other lan, 10.0.0.0/23 cannot access the web, I am missing any other routes?
I have added the needed rules for the connections as the firewall doesnt pick anything up anymore...
-
If both your firewall and your network(s) have routes for all valid endpoints then routes are not the problem, rules are. I strongly suspect rules are going to be the issue here, double and triple check them.
For cases like this I like to group all valid LAN networks together in one object and use that instead of LAN_Net for all my IP Rules.
-
There doesnt seem to be anything on my syslog server...
Here is my full setup:
wan1 ip (207.XXX.XXX.108)
wan1 net (207.XXX.XXX.64/26)
wan1 gw (207.XXX.XXX.65)
lan1 ip (207.XXX.XXX.108)
lan1 net (207.XXX.XXX.64/26)
wan1 gw (207.XXX.XXX.65)
Most of my clients get following addresses:
IP: 207.XXX.XXX.91
maks : 255.255.255.192
Gateway: 207.XXX.XXX.65
Now I want to Nat some of these but not all of them.
I added,
ARP:
Publish - lan - NAT-FW-2(192.168.66.1) - (00:00:12:12:12:AA)
Routes:
core - NAT-FW-2(192.168.66.1) - (Metric 0) - No GateWay - No IP
lan - nat-lan-2(192.168.66.0/24) - (Metric 100) - No GateWay - No IP
On a pc I set:
IP : 192.168.66.66
mask : 255.255.255.0
Gateway : 192.168.66.1
Ping to 192.168.66.1 works.
Now I try and ping 4.2.2.2
In syslog I see:
Local0.Warning 207.XX.XX.108 [2010-02-11 14:12:36] FW: RULE: prio=3 id=06000051 rev=1 event=ruleset_drop_packet action=drop rule=Default_Rule recvif=lan srcip=192.168.66.66 destip=4.2.2.2 ipproto=ICMP ipdatalen=40 icmptype=ECHO_REQUEST echoid=512 echoseq=4413
Then I go to my rules, and I add this as my top most:
Action - Allow
SourceIF - lan
Sourcenetwork - nat-lan-2(192.168.66.0/24)
DestinationIF - wan1
DestinationNetwork - all-nets
Service - all_icmp
Now nothing shows up in my syslog, but ping doesnt work.
I also tried the rule with Action - NAT and Action FastForward, but no difference...
Now im stuck...
-
You are routing the same network to multiple interfaces, that is not going to work.
-
Hello,
I have changed to the following:
lan1 ip (192.168.55.1)
lan1 net (192.168.55.0/24)
Then on a client pc i do:
ip: 192.168.55.55
msk: 255.255.255.0
gw: 192.168.55.1
ping 4.2.2.2 works :-)
but from the same pc I do :
ip: 192.168.66.66
msk: 255.255.255.0
gw: 192.168.66.1
ping 4.2.2.2 doesnt work :-( nothing on syslog...
please help... :'(
-
Ok I have found my problem,
it was my ARP entry, it doesn't work if I specify a MAC.
It really took me alot of time to find out :(
hope it help someone.