I realize the DFL-700 is a legacy D-Link product no longer actively supported, but I think the answer to my problem is something simple I don't realize due to lack of experience, and I hope someone here can help.
I am using a DFL-700 firewall to host my home internet connection. A switch is connected to the LAN port and until recently, all devices are plugged into this switch. The firewall works fine with my internet connection and there are no problems there.
I recently tried to play a few multi-player games on my PS3 but had issues connecting. Running the PS3's built-in internet connection test revealed that the PS3 shows it is in a "NAT Type 3" environment. This means that NAT is enabled, and necessary ports are not open for full connectivity. The PS3's "NAT Type 2" means NAT is enabled, but ports are open for multi-player connections. "NAT Type 1" corresponds to a direct connection to the internet with no router/firewall between, meaning no NAT. "NAT Type 2" obviously is my goal.
I have had no success trying to forward ports to the PS3 necessary for connection, partly because Sony's documentation is terrible on the subject, and apparently some third-party games make use of additional undocumented ports anyway. Trying to deduce and set up all ports would be a huge pain in the butt, and in this situation on home routers it's often recommended to simply place the PS3 in a software DMZ, an option on most routers. The DFL-700 has a hardware DMZ port to which I have now connected the PS3. My goal is to simply allow all traffic in and out the DMZ port; I'm not too worried about PS3 hacking, and it's the only device connected to the DMZ port.
However, the PS3 still shows a "NAT Type 3" environment, meaning ports are still closed to it. How must I configure the firewall to not interfere with DMZ traffic? In my firewall policies, both DMZ to WAN and WAN to DMZ have a single rule to allow all traffic. I know the problem lies in the firewall, because when I connect the PS3 temporarily directly to my fiber-optic modem, I get "NAT Type 1" as expected, so I know my ISP isn't blocking any necessary ports. I have changed the DMZ interface address from the default loop-back address, and the PS3 is manually assigned to an appropriate IP address on the same subnet. The PS3 can connect to the internet to browse and download files, but ports are still closed.
I'm generally pretty good with networking, having set up my home network with the DFL-700 for VPN's and a Server 2008 machine acting as a DHCP server and RADIUS server for authentication. Additionally, I can easily configure the PS3 however is necessary. However, I lack extensive knowledge in routing tables and firewall policies, where my problem lies. Again, I don't need any PS3-specific answers, I just need help making sure my DMZ is wide-open to the internet.
Thanks in advance for any help.
Author
Topic: DFL-700 Firewall: Completely expose the DMZ (Read 2885 times)