• February 24, 2025, 01:47:39 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DFL-800: Configure WAN1 and WAN2 when using DHCP  (Read 7114 times)

andqui

  • Level 1 Member
  • *
  • Posts: 3
DFL-800: Configure WAN1 and WAN2 when using DHCP
« on: April 19, 2010, 01:15:17 AM »
Hi,

I am trying to make both wan interfaces work om my DFL-800 the way I want - respond to port forwarded traffic on allowed ports on both wan interfaces. As it is now I can only get WAN1 to respond in the manor that I would like to.

First an explanation of the context: WAN1 and WAN2 both receive their IP settings via DHCP. My ISP allows me to be able to receive up to five IP-adresses this way and the interfaces usually will have the same gateway and subnets (wan1_gw and wan2_gw are the same) but that is not something that I will take for granted.

The setup I am trying is the classic "drawkcaB routing table" approach and treat it as I have statically assigned ip:s on WAN1 and WAN2 and different ISPs.

Routing table wan2:
InterfaceNetworkGatewayLocal IP addressMetric
wan2wan2net100
wan2all-netswan2_gw100

Routing Rule wan2_routing:
#NameSource interfaceSource networkDestination interfaceDestination networkService
1wan2_routingwan2all-netscorewan2_ip     all_tcpudpicmp
Forward Table: main
Return Table: wan2 (routing table above)

My main table looks like this:
InterfaceNetworkGatewayLocal IP addressMetricMonitor this route
wan1wan1net100No
wan1all-netswan1_gw100No
dmzdmznet100No
lanlannet100No

I have allow and SAT rules (and a general NAT rule even if I am not sure it has any purpose in this case) for the traffic I would like to be able to resond to on WAN2:
SAT_http_wan2_mail2SATanyall-netscorewan2_ip http
NATNATlanlannetanyall-netsall_tcpudpicmp
Allow_http_wan2Allowanyall-netscorewan2_iphttp

When I enable more extensive logging on these rules and try to connect via http on the WAN2 interface there is conn_open entry but then something goes wrong and the connection times out and I am not able to tell what it is (the same server is also SAT:ed on WAN1 and there it works just fine). I have a hunch that it is something with the return traffic that is not working but I can not figure it out.

I have tried many different configs but this is the one that seems most logical. Am I going about this the wrong way? Is there a clear error in my config above? Should this even work? Any pointers will be appreciated since I am about to give up.  :)


Best Regards
Anders
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: DFL-800: Configure WAN1 and WAN2 when using DHCP
« Reply #1 on: April 19, 2010, 10:27:57 AM »
1) You can remote route wan2   wan2net         100 from "wan2" table, it's useless

2) Change PBR rule to
wan2/all-nets any/all-netsall_tcpudpicmp

3) In IP rules, don't use "any". Change rules to
SAT_http_wan2_mail2   SAT   wan/all-nets   core/wan2_ip    http
Allow_http_wan2   Allow   wan/all-nets   core/wan2_ip   http
NAT   NAT   lan/lannet   wan/all-nets   all_tcpudpicmp

PS Better to use all_services instead of all_tcpudpicmp because it includes all IP protocols.
Logged
BR, Alexandr Danilov

andqui

  • Level 1 Member
  • *
  • Posts: 3
Re: DFL-800: Configure WAN1 and WAN2 when using DHCP
« Reply #2 on: April 20, 2010, 12:12:57 AM »
Thanks for your tips! Much appreciated!

I tried your suggestions but to no avail. It's still just a conn_open entry in the log and it still times out after a while. I guess I am very close to give up this dream of mine or maybe I will buy a second DFL-800 who knows (I really like the one I have) ;D

About your comments, I felt compelled to respond to them.

Quote
1) You can remote route wan2   wan2net         100 from "wan2" table, it's useless
I have tried both with and without that route and just left it there in case it might do some magic.  ;)

Quote
2) Change PBR rule to
wan2/all-nets any/all-netsall_tcpudpicmp
I tried with all_services as well just to be sure.

Quote
3) In IP rules, don't use "any". Change rules to
SAT_http_wan2_mail2   SAT   wan/all-nets   core/wan2_ip    http
Allow_http_wan2   Allow   wan/all-nets   core/wan2_ip   http
NAT   NAT   lan/lannet   wan/all-nets   all_tcpudpicmp
Do you mean I should use a wan group instead or was just a "2" left out? Anyhow, should this have any bearing on my particular problem except for it being a security issue with the Allow and SAT rule? The NAT rule is a general one meant to cover all interfaces. Can that rule affect the return traffic?

About the all_tcpudpicmp. It used to be all_services but when I upgraded to the latest firmware these were all changed so I thought that there was some intelligence behind this conversion and just decided to keep them.
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: DFL-800: Configure WAN1 and WAN2 when using DHCP
« Reply #3 on: April 20, 2010, 08:39:52 AM »
If you PM me with your config or a way into your unit remotely I will take a look see.
Logged
non progredi est regredi

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: DFL-800: Configure WAN1 and WAN2 when using DHCP
« Reply #4 on: April 20, 2010, 12:00:41 PM »
Quote from: andqui on April 20, 2010, 12:12:57 AM
Do you mean I should use a wan group instead or was just a "2" left out? Anyhow, should this have any bearing on my particular problem except for it being a security issue with the Allow and SAT rule? The NAT rule is a general one meant to cover all interfaces. Can that rule affect the return traffic?
Sorry, of cource wan2, not wan.
If you created NAT rule to let back traffic to go, you can remote it - allow is statefull rule, it passed return traffic by authomatically.
Btw, does interkan host has DFL as gateway? Try to change Allow to NAT.
Logged
BR, Alexandr Danilov