• February 22, 2025, 03:30:35 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR 628 Access list issues  (Read 5860 times)

rcarty

  • Level 1 Member
  • *
  • Posts: 7
DIR 628 Access list issues
« on: September 15, 2009, 05:09:14 PM »
I was having trouble getting access lists to work properly on a DIR-615 so I have upgraded to a DIR-628. I still have access list issues, although some things work on this model that didn't work on the DIR-615.

This is hardware version A2, and I just upgraded the firmware to 1.22NA to try to fix these issues (but it didn't).

I have Virtual Server ports configured. When no access lists are enabled the VS port forwarding works fine. When I enable the TCP port restriction access list (which, unless I am mistaken, and if so please tell me, is supposed to control outgoing only) it breaks the incoming VS port forwarding.

I have set up a website filter to only block certain sites. This does not work as it allows access to all sites. I have set it to use only the root domain name as the help instructions say, such as hotmail.com not just www.hotmail.com. I have also not included the http:// part as per instructions. It also does not log activity.

In my access lists I have one that is for specific computers and is supposed to be almost unrestricted access (website filter only). Since the web filter does not work it is unrestricted access instead.

I have two port-restriction access lists, one for TCP and one for UDP. They are set to operate on Other Machines, that is, the ones not included in the other list mentioned above.

The TCP port restriction list I configured to block ports 1-4898, 4900-5529, 5556-5899, 5909-9614 and 9616-65535. This I believe should allow only outgoing TCP connections on ports 4899 (RAdmin), 5530-5555 (UVNC), 5900-5908 (also UVNC) and 9615 (EDI). When this is enabled it blocks incoming connections as well as outgoing, and blocks include ports that are specifically excluded from the TCP list (so are not supposed to be blocked). This means my Virtual Server port forwarding to any computers not specifically included in the web-restriction-only list mentioned above do not work.

The UDP port restriction list is also set to operate on Other Machines, and is set to block all ports (1 to 65535) and does work as desired, at least as far as blocking web access (which is all I tested).

My questions are:
1) What can I do to get the web filtering working?
2) What can I do to get the web logging working?
3) What can I do to get the TCP access list to not block incoming VS ports?
Logged