• February 24, 2025, 04:21:04 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Understanding DFL-800 routing  (Read 5320 times)

DFL800_noob

  • Level 1 Member
  • *
  • Posts: 6
Understanding DFL-800 routing
« on: December 09, 2010, 02:03:10 PM »
Hi All,

I just started a new role with a company that has D-link DFL-800 Firewalls as their routers on ALL there sites. Now I come from a Cisco networking background and so I am finding the setup of these routers to be difficult to understand. I am posting here with the hope that someone can explain to me what some of the rules configured here mean as when it seems I understand something, I log into another router that is configured differently and I stumped.

For example,

To give you a bit of an understanding of how things work here, they dont have a DMZ (though they use the port as a cross connect to other sites), what they do is port forward everything internally.

Eg, they want mail to go to a SMTP GW, they port forward the traffic to the server.

Here is my example: Below are 3 ip rules

7  SAT_mail  SAT  any  all-nets  core  wan1_ip  all_mail
8  NAT_mail  NAT  lan  lannet  core  wan1_ip  all_mail
9  allow_mail  Allow  any  all-nets  core  wan1_ip  all_mail

SAT has a translation destination IP to neserver1 (out SMTP GW)

all_mail service are the following protocols imap, pop3, smtp-in, and worldclent_in

any = an interface that does not exist in objects...is this a default interface?

all_net = 0.0.0.0/0

core = can not find this interface object or interface group anywhere so I am not sure where this is coming from

Wan1_ip = ISP CPE





So what is rule 7 saying? My understanding would be...

That any incomming traffic from ANYWHERE that matches the traffic, imap, pop3, smtp and world-client then redirect that traffic neserver1. Am I rught?

If so, what does the destination Core and Wan1_ip mean? I don't understand why the destination address is core (which I dont know what it is) but why the destination address is wan1_ip when the mail server is in our LAN.

In rule number 8 then, why is it also natting the traffic? Why does it need to do dynamic address translation?

In Nat for this rule, it says "Use interface address"...which interface is it referring to?

Sorry I know this is a long post and Ill finish here. But I am going crazy trying to understand this.

Regards
Logged

silver_surfer30

  • Level 3 Member
  • ***
  • Posts: 107
Re: Understanding DFL-800 routing
« Reply #1 on: December 17, 2010, 01:51:50 PM »
you need to know that all the trafic is routed through the core of the system so all packet is inspected.
The core interface own all the IP of all ethernet interface.
So to have a better idea just make a status of the routing table and check the show all routes box.
You will then see the core interface.

hope that it will help ...
Logged

DFL800_noob

  • Level 1 Member
  • *
  • Posts: 6
Re: Understanding DFL-800 routing
« Reply #2 on: December 19, 2010, 10:18:48 PM »
Ahhh ok, right thanks. Will check it out.

Thanks.
Logged