Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[tecno13]

I should shape the doors for a server asterisk and to open the doors with these configurations: 
server in the LAN 192.168.0.250 (as also the telephones are in the LAN) 
had handed since 5060 to the 5068 
had handed since 8000 to the 8012 
had handed since 10000 to the 20000 
 thanks

[Fatman]

What I would do is create a series of services for those port ranges, and then I would group those services into a single service group.  From there you can apple that service group to a single port forward rule set.

The FAQ for port forwards is below.

http://www.dlink.com/support/faq/?prod_id=2922

You are going to want to make the second rule an allow instead of a NAT.

[tecno13]

[2009-08-17 18:23:52] FW: RULE: prio=3 id=06000051 rev=1 event=ruleset_drop_packet action=drop rule=Default_Rule recvif=lan srcip=192.168.0.250 destip=192.168.0.1 ipproto=UDP ipdatalen=36 srcport=50370 destport=53 udptotlen=36

192.168.0.250 VOIP Server
192.168.0.1 firewall

[Fatman]

Use an Allow instead of a NAT on your second IP Rule like I asked.

[tecno13]

thanks now I try
 
Can I ask you a further question? 
I have necessity to have etc etc some servers in the DMZ with addresses 10.10.10.14 10.10.10.15 every ip it covers etc etc one service of his web mail ftp the scenery it is the following: 
wan1 public ip that has gone since 82.150.xx.xx1 to 82.150.xx.xx8 that they correspond the first one to the dns server the second to the web the third one to the mail server the quarter to the ftp server and do they have to aim ip of the dmz to the realativis I have followed the suggestion as bottom but doesn't it work as I can do?

How to open ports - WAN to DMZ 
This setup example shows how to open ports for a FTP server on DMZ network. The example uses the following network settings:

Firewall LAN Interface: 192.168.1.1
Firewall DMZ Interface: 172.17.100.254

FTP Server IP Address: 172.17.100.253
FTP Server Subnet Mask: 255.255.255.0
FTP Server Default Gateway: 172.17.100.254

The goal is to get FTP Server accessible via second public IP assigned to WAN interface. In our example the WAN interface has an additional public IP address. The FTP server is connected to the DMZ network.

Step 1. Log into the Firewall by opening Internet Explorer and typing the LAN address of the Firewall. In our example we are using the default 192.168.1.1. Enter Username and Password which you specified during the initial setup of the Firewall.

Note: If you are setting up a WEB server which uses HTTP port 80, it is advisable to change the default management port of your firewall from 80 to something else. You can set it to be accessed via HTTPS only (port 443) https://192.168.1.1. This can be set under System > Remote Management. If you want to leave HTTP management active but change the port to something different for port 80 (e.g. port 88), select 'Modify Advanced Settings' under System > Remote Management.

Step 2. Go to Objects > Address Book > Interface Addresses. Click on Add and select 'IP Address'.

Step 3. Under Name enter 'FTP_Server' and under IP Address specify the IP address of the server on your DMZ network. In our example it is 172.17.100.253.
Click on OK when done.

Step 4. Add another IP Address. This entry is for the additional public IP which will be used to access your FTP server. Under Name enter 'WAN_Public_IP_2' and under IP Address specify the second public IP address.
Click on OK when done.

Step 5. In the menu on the left select Interfaces > ARP Table. Click on Add > ARP Entry. Add new ARP Entry. Under Mode select Publish. Interface - WAN. Under IP Address select the WAN_public_IP_IP_2 created in Step 4.
Click on OK when done.

Step 6. In the menu on the left select IP Rules > WAN to DMZ. Click on Add > IP Rule.
Set a rule 'FTP_map'. Under Action select SAT. Since in our example we are setting up an FTP server, under Service we are selecting 'ftp-inbound'.
Set Source Interface as 'any', Source Network: 'all-nets'. Destination Interface: 'WAN', Destination Network: 'WAN_public_IP_2'.

Step 7. Click on SAT tab on top. Select the Destination IP Address option. Under New IP Address select the 'FTP_Server' option.
Click on OK when done.

Step 8. Create another IP Rule to allow FTP traffic.
Set Name as Allow_FTP. Under Action select Allow. Under Service choose 'FTP-inbound'.
Set Source Interface as 'any', Source Network: 'all-nets'. Destination Interface: 'WAN', Destination Network: 'WAN_public_IP_2'.
Click on OK when done.

Step 9. Save the new configuration. In the top menu bar click on Configuration and select 'Save and Activate'.
Click on OK to confirm the new settings activation.
Wait 15 seconds for the Firewall to apply the new settings.

--------------------------------------------------------------------------------
 

[tecno13]

it doesn't work where I am wrong thanks

VOIP-wan1
1  VOIP1-nat    NAT    Source interface  wan1  Source network all-nets  Destination interface core  Destination network wan1_ip  Service gruppo-voip
2  VOIP1-in      Allow   Source interface  wan1  Source network all-nets  Destination interface core  Destination network wan1_ip  Service gruppo-voip
3  VOIP1-in      SAT    Source interface wan1  Source network all-nets  Destination interface core  Destination network wan1_ip  Service gruppo-voip

SAT Destination IP VOIP SERVER (192.168.0.250)  X  All-to-One Mapping: rewrite all destination IPs to a single IP

Group service gruppo-voip


it doesn't work where I am wrong thanks

 
 

[Fatman]

Delete the NAT rule and place the SAT rule before the Allow.

As for your other question, you will write all your port forwards just like the first one (but with different destination networks and SAT destinations obviously) if you do the below.

Create an ARP entry for all additional WAN IPs.
Create a route matching the below pattern for all additional WAN IPs
Interface     Network     Gateway     Metric
Core           WAN_IP_x   -               0

[tecno13]

do I believe to have resolved thanks to you now however as I do for entering from the lan and to visualize the servers type the pages web and the contained sites in the servers?

[tecno13]

help me

[Fatman]

I do not understand what you are asking me.

[tecno13]

from the lan I cannot see the servers in dmz type the pages http and the services

[Fatman]

Do you have an IP Rule in place with LAN included in the source interface?

[tecno13]

I don't believe to have done him/it if you are able it looks that if there are some errors   
 
 
it excuses my English and very poor

http://www.nsgroup.it/html-page/dfl-800.htm

[Fatman]

That helps a lot.

IP Rules 1/5 and 1/6 conflict, and only 1/5 will be used.  Delete ones of them.

IP Rules 3/1 and 3/2 are the ones we are worried about, ensure that the LAN is included in the source interface.  This can be done by setting it to any, or by creating an Interface Group that includes both LAN and WAN.

IP Rule folder 4 is a little bit of a mess, it looks like there you got the source interface as "any" correct.  You are also using WAN as the destination interface instead of core which I would prefer to see as core (that will only work if your routes are right).  Also you have some conflicting port forwards (Rules 4/1-2,4/6-7), as they have the same interface and network masks only the first one will ever take effect.  Remove one of them.

It looks like your core routes I asked you to make are in a separate routing table, if that is the case they are not going to take effect (at least not without a cumbersome routing rule).  Get them on the main table.

No worries, trust me your English is better than my Italian!

[tecno13]

she is a great you excuse me some trouble you look if now it is ok I have modified the charts

 if some other error exists you don't hesitate to tell me him I am very hard

http://www.nsgroup.it/html-page/dfl-800.htm