D-Link Forums
D-Link Wireless Routers for Home and Small Business => DIR-842 => Topic started by: cheezy1963 on December 28, 2017, 09:52:25 AM
-
Dir-842
HW:B1
FW:2.02
Region:US
I have a NAS which I've setup as DMZ host and can access from WAN with no problems. Now I need help with Firewall rule to allow NAS on LAN to send email over port 587 but deny all other ports for NAS. Also need to deny all other LAN devices on any port to WAN.
Basically I need the NAS to be the only device on the LAN to be able to access the WAN (and only be able to send email on port 587). Hope this makes sense.
A little confused if I need to enable SPI IPv4 and choose to turn ON firewall and Allow rules and how to setup the rules while still allowing DMZ access to the NAS. If needed, I could remove the NAS from the DMZ.
-
Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)
Internet Service Provider and Modem Configurations
- What ISP Service do you have? Cable or DSL?
- What ISP Modem Mfr. and model # do you have?
When using the DMZ, the firewall and port configurations are not supported since the DMZ is wide open to the WAN side and nothing can't be configured when using the DMZ.
You might try removing the NAS from the DMZ and set up a Virtual Server and DNS Relay enabled configuration on the router and see if this helps better.
Here some resources to review:
http://forums.dlink.com/index.php?topic=13539.0 (http://forums.dlink.com/index.php?topic=13539.0)
Difference between "Virtual Servers" and "Port Forwarding" (http://forums.dlink.com/index.php?topic=4235.0)
-
thanks for your response.
ISP is T-mobile on hotspot connected to another router.
I have removed the NAS from the DMZ. I can connect via wireless to the Dir-842 if I need to admin the NAS.
This leaves me with figuring out how to restrict the NAS to be the only device on the LAN to be able to access the WAN (and only be able to send email on port 587).
Do I need to enable SPI IPv4?
I've tried the following without any luck. Mail stops working and other devices on the LAN are allowed to WAN. I must be missing something.
-->IPv4 rules
Turn IPv4 filtering On and allow rules listed
created Only one Rule...
Name:enable_mail
Source address range: LAN 10.0.0.1 {NAS address}
Dest address range: WAN 0.0.0.0-255.255.255.255
Port range: TCP 587
Schedule: Always enable
-
"ISP is T-mobile on hotspot connected to another router."
Whats this other router? Having two routers on the same line will effect how this all works.
-
I think I understand what you are saying but I don't see how it matters since I'm trying to only control WAN/outbound access on the DIR-842.
Here is my setup:
Internet(T-Mobile hotspot)-->AirLink101-->Dir-842-->NAS (and other wireless devices)
I get email from the NAS when no firewall rules are enabled on the Dir-842 and the wireless devices can access the internet.
WHen I attempt to setup firewall rules on the DIR-842,I stop getting emails from the NAS.
How can I restrict the NAS to be the only device on the LAN side of the DIR-842 to be able to access the WAN side (and only be able to send email on port on port 587).
Can you help me with what the rule or rules and what to enable/disable?
-
Any updates on this?
???