• February 24, 2025, 03:23:17 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: 2 Issues  (Read 4066 times)

djo_34

  • Level 1 Member
  • *
  • Posts: 2
2 Issues
« on: March 16, 2010, 01:44:33 PM »
FIRST ISSUE

I have DHCP set for 192.168.0.100 - 192.168.0.199. I set one computer with a Static IP of 192.168.0.50. I then set up a virtual server (port forward) for port 80 pointing to 192.168.0.50. This would not work. The computer has Internet access, but computers cannot access the Web Server from outside the network. If I set the IP address to DYNAMIC with a reservation of 192.168.0.100 and change the virtual server IP to match, I can access the computer from outside the network.

Any idea why? Is this a firmware bug?

SECOND ISSUE
 
Now that I set up the server with a DHCP reservation of 192.168.0.100, I can access the server internally with 192.168.0.100 and externally with my ISP static WAN IP address of 67.xxx.65.169.

From outside the network, the WAN IP forwards to 192.168.0.100, but if I enter the WAN IP on a workstation on the internal network (192.168.0.120) it will not reach the server.

Why? What would prevent LAN workstations from looping back via the WAN IP address???
Logged

forumuser

  • Level 2 Member
  • **
  • Posts: 62
Re: 2 Issues
« Reply #1 on: March 16, 2010, 07:29:23 PM »
First Issue, Yes upgrade the firmware, there has been port forwarding issues in the past. Also try assigning a static IP outside the range of DHCP, Such as 192.168.0.200

Second Issue, this has to do with the routing table, when you enter your WAN IP from within your network the traffic is directed out through the gateway because your WAN IP is not local. Problem is, once past your gateway there is not anything to tell the traffic to come back into your network and
its complicated because you have NAT services behind the routing service.

The packet would go like this:
Private IP -> NAT -> Private IP mapped to Public IP -> routing -> WAN -> back to WAN -> My source and destination IP are the SAME -> what do I do now? -> drop packet :)
Logged

djo_34

  • Level 1 Member
  • *
  • Posts: 2
Re: 2 Issues
« Reply #2 on: March 16, 2010, 08:29:01 PM »
Thanks forumuser.

In regards to the first issue, 192.168.0.50 is outside of the dynamic IP range.

In regards to the second issue, this works with D-Link WBR-2310, DIR-604, Tomato, Linksys and every other router. The request originates at 192.168.0.120 -> out gateway -> ISP DNS -> to requested WAN IP which is router -> router passes request to port forward configuration IP of 192.168.0.100

I see no issue with this. Every other router I have tried has no issue with this. The DIR-615 does. I will try older firmware versions.
Logged

forumuser

  • Level 2 Member
  • **
  • Posts: 62
Re: 2 Issues
« Reply #3 on: March 17, 2010, 06:52:23 AM »
you might want to fire up wireshark and see what the packets look like, if you have another router that performs the way you want, then also compare the routing tables.

In my opinion though from a security and performance stand point the dir-615 is behaving as it should be. Local traffic should stay internal, looping out and back in is redundant. The dir-615 does a good job of appending the DNS suffix, this allow quick access by hostname.

I am curious to know the difference, I wonder if it could be the SPI firewall. From the outside DNS server point of view the source IP is your gateways WAN IP, the resolved destination IP is going to be the same. This is going to have similar fingerprints to a spoof attack because NAT is going to translate the source and destination as originating from inside the LAN.

I found more explanation here under defense against spoofing
http://en.wikipedia.org/wiki/IP_address_spoofing
Logged