Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[kthiesen]

Hi

I'm new to DFL-xxx and need some assistance. 

I have been working with a DFL800 - firmware 2.12.00.44-1874
Apr 27 2007 for 96 hours now, and I can't make it work.

What I want is a simple solution.

WAN IP is Static 109.202.132.22
LAN IP is DHCP in range 192.168.10.3 - 192.168.10.199 with dns relay and GW 192.168.10.1
Need to allow http for browsing - nothing else

I have some resources on IPs above 192.168.10.200 - and don't anticipate any problems with setting them manually, so they have static IP.

I have been able to make dhcp work on lan, but I can't make it give the client a default gateway.
If I set client manually to ip 192.168.1.11, subnet 255.255.255.0, gw 192.168.1.1 I get ping ok from internet and dns servers relayed - but can not se a homepage.

I can't seem to make lan work with other than 192.168.1.0/24, and I really need 192.168.10.0/24....

Please help!

Below is the content of support file:

Greetings
Kristen


Technical Support information
Please verify contents of this file before sending to Technical Support
Created: 2010-11-10 08:47:03

D-Link Firewall 2.12.00.44-1874 
Copyright Clavister 1996-2006. All rights reserved
QuickSec SSHIPSECPM version 2.1 library 2.1
Copyright 1997-2003 SafeNet Inc
Build : Apr 27 2007



Uptime             : 0 days, 00:48:36
Last shutdown      : 2010-11-10 08:19:35: Activating configuration changes
CPU Load           : 1%
Connections        : 2 out of 25000
Fragments          : 0 out of 1024 (0 lingering)
Buffers allocated  : 1784
Buffers memory     : 1784 x 2572 = 4480 KB
Fragbufs allocated : 32
Fragbufs memory    : 32 x 10040 = 313 KB
Out-of-buffers     : 0


Using configuration file "core.cfg", ver 8
Crash.dmp was empty

Contents of the License file
----------------------------
  Registration key:            6332-6599-4553-9969
  Bound to MAC address:        00-1E-58-22-AB-53
  Model:                       DFL-800
  Registration date:           2008-04-04 18:32:16
  Issued date:                 2008-04-04 18:32:16
  Last modified:               2008-04-04 18:32:16
  New upgrades until:          2010-10-04 00:00:00.000

  Ethernet Interfaces:         4
  Max Connections:             25000
  Max PBR Tables:              (unlimited)
  Max Routes:                  (unlimited)
  Max Rules:                   1000
  Max Throughput:              210
  Max VPN Tunnels:             300
  Max VPN Throughput:          75
  Max GRE Tunnels:             200
  Max VLANs:                   16
  Max HA cluster size:         2
  User authentication:         YES
  Max PPP Tunnels:             300
  PPP Clients Available:       YES
  PPP Servers Available:       YES
  IKE Responders Available:    YES

Memory Block        Num    Bytes    Total       Setting
------------------- ------ -------- ----------- -------------------
fwloader.cfx                             912 KB [Fixed]
Core Size                              12148 KB [Fixed]
TCP Windows                              256 KB [Auto]
Buffers               1784     2572     4480 KB HighBuffers
ARP Entries           4096       52      208 KB ARPCacheSize
State Hash           131072        4      512 KB [Auto]
State Entries        25000      236     5761 KB MaxConnections
Large reass. bufs       32    10000      312 KB LocalReass_NumLarge
Pseudoreassemblies    1024      156      156 KB PseudoReass_MaxConcurrent

In listing: 24958 KB


Total installed RAM: 128 MB
Free memory        : 92 MB

Configuration log:

Attempting to use new configuration data...
License file successfully loaded.

Configuration done

Configuration (v8) verified for bi-directional communication

Iface core
  Null (sink)
  Receive Mode  : Normal
  MTU           : Unlimited
  IP Address    : 127.0.0.1

Software Statistics:
  Soft received :       0  Soft sent     :       0  Send failures :       0
  Dropped       :       0  IP Input Errs :       0

Driver information / hardware statistics:
  None.
Iface wan1
  Builtin r8139/8129 - Realtek RTL8139 Fast Ethernet  Bus 0 Slot 2  IRQ 0
  Media         : "100BaseTx"
  Link Status   : 100 Mbps full Duplex (autonegotiated)
  Receive Mode  : All Multicast
  MTU           : 1500
  Link Partner  : 10BASE-T, 10BASE-T FD, 100BASE-TX, 100BASE-TX FD
  IP Address    : 192.168.2.34 (DHCP)
  Hw Address    : 00-1e-58-22-ab-55
  PBR Membership: main

Software Statistics:
  Soft received :    1357  Soft sent     :      55  Send failures :       0
  Dropped       :     931  IP Input Errs :       0

Driver information / hardware statistics:
  IN : packets=    3765   bytes=  351930   errors=       0   dropped=       0
  OUT: packets=    1506   bytes=  107138   errors=       0   dropped=       0
  Collisions            :        0
  In : Length Errors    :        0
  In : Overruns         :        0
  In : CRC Errors       :        0
  In : Frame Errors     :        0
  In : FIFO Overruns    :        0
  In : Packets Missed   :        0
  Out: Sends Aborted    :        0
  Out: Carrier Errors   :        0
  Out: FIFO Underruns   :        0
  Out: SQE Errors       :        0
  Out: Late Collisions  :        0

Iface wan2
  Builtin r8139/8129 - Realtek RTL8139 Fast Ethernet  Bus 0 Slot 1  IRQ 0
  Media         : "N/A"
  Link Status   : Unknown (no link detected)
  Receive Mode  : All Multicast
  MTU           : 1500
  IP Address    : 192.168.120.254
  Hw Address    : 00-1e-58-22-ab-56
  PBR Membership: main

Software Statistics:
  Soft received :       0  Soft sent     :       2  Send failures :       0
  Dropped       :       0  IP Input Errs :       0

Driver information / hardware statistics:
  IN : packets=       0   bytes=       0   errors=       0   dropped=       0
  OUT: packets=      20   bytes=    1200   errors=       0   dropped=       0
  Collisions            :        0
  In : Length Errors    :        0
  In : Overruns         :        0
  In : CRC Errors       :        0
  In : Frame Errors     :        0
  In : FIFO Overruns    :        0
  In : Packets Missed   :        0
  Out: Sends Aborted    :        0
  Out: Carrier Errors   :        0
  Out: FIFO Underruns   :        0
  Out: SQE Errors       :        0
  Out: Late Collisions  :        0

Iface dmz
  Builtin IXP4NPE - Port 2  IRQ 0
  Link Status   : No link detected
  Receive Mode  : All Multicast
  MTU           : 1500
  IP Address    : 172.17.100.254
  Hw Address    : 00-1e-58-22-ab-54
  PBR Membership: main

Software Statistics:
  Soft received :       0  Soft sent     :       2  Send failures :       0
  Dropped       :       0  IP Input Errs :       0

Driver information / hardware statistics:
  IN : packets=       0   bytes=       0   errors=       0
  OUT: packets=      20   bytes=    1200   errors=       0
  Collisions            :        0
  In : Length Errors    :        0
  In : CRC Errors       :        0
  In : FIFO Overruns    :        0
  Out: Carrier Errors   :        0
  Out: FIFO Underruns   :        0
  Out: Late Collisions  :        0

Iface lan
  Builtin IXP4NPE - Port 1  IRQ 0
  Link Status   : 1:100F 2:100F 3:- 4:- 5:- 6:- 7:-
  Receive Mode  : All Multicast
  MTU           : 1500
  IP Address    : 192.168.1.1
  Hw Address    : 00-1e-58-22-ab-53
  PBR Membership: main

Software Statistics:
  Soft received :     668  Soft sent     :     279  Send failures :       0
  Dropped       :     248  IP Input Errs :       0

Driver information / hardware statistics:
  IN : packets=    4844   bytes=  670915   errors=       0
  OUT: packets=    4295   bytes= 2184864   errors=       0
  Collisions            :        0
  In : Length Errors    :        0
  In : CRC Errors       :        0
  In : FIFO Overruns    :        0
  Out: Carrier Errors   :        0
  Out: FIFO Underruns   :        0
  Out: Late Collisions  :        0

No policy manager created

No policy manager created
No policy manager created

[BALance]

Hi Kristen,

the problem is, you have to connect to the firewall again for accepting the changes, but you can't because the LAN address changes meanwhile. So, there are two solutions:

1. On your PC configure a second ip address and gateway for the network card connected to the LAN port. The German FTP-Server from DLink has a video instruction for it. Maybe it can help you, although it's in German: ftp://ftp.dlink.de/dfl/dfl-800/documentation/DFL-800_Howto_de_Video_aenderung-ip.zip

2. First configure another port on the Dlink-Firewall for Remote Management via HTTP. Save the settings, connect your PC to this port and configure your LAN.

Best regards,
Carsten

[kthiesen]

Hi Carsten

Danke, Deutsch ist keine problem - ich bin flersprachic 

For the rest of the attendees, this worked out great.

I did as per description in the video, and am now able to enter the admin panel again.

Now I'm just wondering if there is a simple guide to setting up the simple configuration tham I am looking for - even if it is in german, french, english, swedish, norwegian og danish I am able to understand all...

Greetings

Kristen

[BALance]

Hi Kristen,

I've just looked at the DLink sample documentation and didn't find anything, unfortunatly. I guess, you know what you have to do and you're just searching the right places for configuration.

These are the steps in short, where you've to go:
1. Objects->Address Book:
Configure wan1_ip, wan1_gateway, wan1_net, dns, lan1_ip, lan1_net, lan1_dhcp_range, private-nets (255.255.255.0)

2. Interfaces -> Ethernet:
Configure wan1 with: wan1_ip, wan1_net, wan1_gateway
Configure lan1 with: lan1_ip, lan1_net, No Gateway

3. System -> DNS:
Configure the DNS to use by the DLink-DFL

4. System -> DHCP:
Configure your DHCP-Server with:
General-Tab: lan1, 0.0.0.0/0, lan1_dhcp_range, private-nets
Options-Tab: lan1_ip and the DNS to publish via DHCP

5. Rules:
Configure at least 2 rules:
DNS: NAT, dns-all, None, lan1, lan1_net, wan1, all-nets
HTTP: NAT, http-all, None, lan1, lan1_net, wan1, all-nets

I hope, I haven't forgot anything. Just try it.
Best regards,
Carsten

PS: I have just had a little break waiting for a program to finish its analysis. 

[kthiesen]

Hi Carsten

Thanks, I'll try it out. The DNS part is, I believe, what I have been looking for.

Hope your analysis turned out ok 

Greetings!

Kristen

[kthiesen]

Hi all

I've got the firewall working fine.

Now I have been trying all saturday to figure out how to make vlan work with dlf-210 and des-1228.

I have tried to follow the d-link docs, and now I'm totally confused.

In order not to bias an answer here is what I'm trying to do:

Two vlans are set up on dfl-210: xxx.xxx.20.xxx and xxx.xxx.24.xxx.
xxx.xxx.20.xxx tagged on port 1-11 on des-1228 and (vid is 20)
xxx.xxx.24.xxx tagged on port 11-20 (vid is 24)

I use port 11 on des-1228 to connect to dfl-210.

I left vid01 (default) untagged on all ports.

The lan on dfl-210 gives dhcp to all ports on des-1228, and I belive that is wrong.

Can you give me a simple description as to how this is supposed to be set up...

Best regards
Kristen

[silver_surfer30]

Did you turn on asymetric vlan on 1228 ? If so, please disable it.

create the vlans as usual and only tag the connection port between dfl and DES.
As the connection port will belong to both vlan, that port will be tagged.

You need to then create your objects for each vlan (vlan_ip, vlannet, and vlan_dhcp).
create the dhcp for each vlan and that should do it.