Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Carlos Oviedo]

Sorry, but my english is so bad.

After i finish the Configuration Wizard on my Dfl-210, can`t access the internet.

What rules need to create or change?

Wan is in DHCP mode, and the ADSL is working fine, I have a wireless router conected and erverythig is ok.

I have a Windows 2003 server for the DHCP, so the DHCP service on the firewall is disabled.

Thanks.

[Fatman]

Do you get a WAN IP?

If so what is the first 2 octets?

What IP information (IP Subnet Gateway DNS etc...) does the PC that is not getting on-line have?

Is that IP static or DHCP assigned?

[Carlos Oviedo]

1- Yes i get a WAN IP 201.199.X.X
2- The PC I`m using have an static IP 192.168.1.2, subnet 255.255.255.0, gateway 192.168.1.1, DNS 200.91.75.5/6
3- Later I will change the lan interface and lannet to the segments 192.168.0.X for compatibility with the internal network, but my intention was to make first the necesary test with the firewall.

[Fatman]

Well in that case the wizard should have gotten you through.  Any log entries?

[Carlos Oviedo]

I just reset to factory defaults.
Erase al loging related to the new configuration.
Try to acces a web page and this are the 4 resulting log entries:

Severity: Warning
Category/ID: Rule/6000051
Rule: Default Rule
Proto: UDP
Src/DestIF: Lan
Src/DestIP: 192.168.1.2/192.168.1.1
Src/DestPort: 2792/53
Event/Action: ruleset_drop_packet/drop

[danilovav]

Set up external DNS server on your client (ex, 8.8.8.8 and 8.8.4.4) or configure DNS relay:
SAT lan/lannet core/lan_ip dns-all (SAT: new desination = wan_dns1)
NAT lan/lannet core/lan_ip dns-all

[Carlos Oviedo]

I configure DNS Relay but have no efect, no internet acess.

Maybe this is important, when I try to ping from the pc to the wan IP in the firewall I have no response.
The traffice betwen them is being blocked.

[danilovav]

By default, DFL has much disallowed. To allow LAN -> WAN ip ping, make rule Allow lan/lannet core/wan_ip ping-inbound. But it's not related with internet at all.

[Carlos Oviedo]

No way, i tried everything and can't access the internet.

Please give me an example of necesary IP rules.

[danilovav]

Just try to ping everything (ex, 8.8.8. in internet by IP - is it working?

[chechito]

how you connect to internet, if you connect a pc directly to the isp

Its important to have all the config information to connect to the isp, one good way to get this information its connecting a pc directly to the isp and take note of the configuration what gives you navigation.

es importante tener clara la configuración que debe tener la wan del firewall, una buena manera de averiguarlo es conectando un pc directamente al servicio de internet y observando la configuración con la cual logra navegar.

[Carlos Oviedo]

The IP is DHCP assigned by the ADSL Modem.
The ADSL moden have 4 ports, all of them are working fine.
I have connected a D-Link DI-604 Router, a Wireless Router and the DFL-210 Firewall.
The DI-604 give access to the internet and is the one I want to change.

The configuration that the ADSL modem gives to the DFL-210 Firewall is the same that the DI-604 Router, only changes the IP.

I have a PC connected directly to the DFL-210 with the configuration indicated by the guide and the firewall have his default configuration.

PC:
IP 192.168.1.2
Sub 25.255.255.0
Gateway 192.168.1.1

 

[danilovav]

If u have default configuration, specify on client's PCs external (ex, ISP) DNS servers and it should work.

[Carlos Oviedo]

it should work, but does'nt.
Please give me an example of necesary IP rules. Grin

[danilovav]

In minimal case, you need just one rule
NAT lan/lannet wan/all-nets all_services
Try to ping from client to 8.8.8.8 (Google DNS) and check in Status > Connections
And shouw your Status > Routes