• March 28, 2024, 03:26:38 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: Inbound Filters?  (Read 10243 times)

GewGaw

  • Level 1 Member
  • *
  • Posts: 15
Inbound Filters?
« on: January 05, 2015, 09:46:56 AM »

I know last year I attempted to move away from my DIR-655 but was hit with the loss of some DNS and INBOUND FILTERS with the newer firmwares. I made the jump to the DIR-880 to replace all our DIR-655's and was surprised that this feature was not present. We have spent time with DLINK support and they were not able to help. They indicated that they will attempt to find a solution within their LABS and get back to us.

The issue I have is this:

1) I would like all LAN traffic to access all LAN resource and full access to the internet (WAN)
2) Would like to set inbound rules allow only certain IPs to access internal resources for example WAN IP: 123.123.123.1 and 321.321.321.1 to access an internal IP or 192.168.0.10 on port 443 TCP. This was simple with the earlier versions as INBOUND FILTERS accomplished this beautifully.

along with DLINK support we tried enabling firewall rules to explicitly denied traffic and write rules to all and then the reverse. But you still need to set a port forward or virtual server rules to allow traffic and once you do they override the firewall rules. along with the lack of ability to set order to the firewall rules.

any ideas on how we can accomplish this?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Inbound Filters?
« Reply #1 on: January 05, 2015, 09:57:03 AM »

Link>Welcome!

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?


Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GewGaw

  • Level 1 Member
  • *
  • Posts: 15
Re: Inbound Filters?
« Reply #2 on: January 05, 2015, 10:35:33 AM »

HW:A1
FW:1.02
REGION: NA
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Inbound Filters?
« Reply #3 on: January 05, 2015, 11:09:55 AM »

Let us know your ISP services, modem Mfr and model please.

Have you attempted to set up any forwarding or use the Virtual Server in our configurations?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GewGaw

  • Level 1 Member
  • *
  • Posts: 15
Re: Inbound Filters?
« Reply #4 on: January 05, 2015, 11:26:07 AM »

Currently Using Bell Fibe Internet (Canada)

We are running the ISP supplied modem/router in "bridged" mode which operates like a modem and not a router. The DIR-880 is using the PPOE credentials to authenticate to the ISP just fine.

We currently have a |Virtual server rule to allow OpenVPN connections in to a VPN server without issue. If we create a virtual server or port forwarding rule for HTTP or HTTPS for example it works perfectly. What we wish to do is restrict what IPs are allowed through the DIR-880 from the WAN to the HTTPS server for example. I would suspect a firewall rule would work but it doesn't seem to be doing the trick. Any Port forwarding or virtual server rule seems to override the firewall rules (which seems odd to me).

This indicates that the connectivity and configuration is correct of the modem, router, etc. This mirrors how we had a DIR-655 setup.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Inbound Filters?
« Reply #5 on: January 05, 2015, 11:50:12 AM »

Thank you for the feed back.

Ya, unfortunately for this model router, Inbound Filter was probably removed due to most home users didn't user it. Most avgerage home users just want easy setup and configurations. So I presume D-Link removed it to make room for other features on this model router. I presume gong forward if D-Link uses this UI, I'm not sure if they will be adding it back in. You may need to find a different model router that has the inbound filter feature. The DIR-868L Rev A does I believe. I don't have mine anymore however looking at the manual, it has Inbound Filtering. Maybe this model would better fit your needs. Its similar to WiFi features however the only big differences are 2.4ghz only does 450Mb where the 880L does 600Mb. The 5ghz radios are the same, 1750Mb. The cases are different.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GewGaw

  • Level 1 Member
  • *
  • Posts: 15
Re: Inbound Filters?
« Reply #6 on: January 05, 2015, 11:55:24 AM »

I tried that style housing in the DIR-826L

I would be really hesitant because of coverage issues we had with that previous "Beer Can" style.

Any feedback on the wireless coverage with the Dir-868L?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Inbound Filters?
« Reply #7 on: January 05, 2015, 12:01:36 PM »

Love it and has great coverage. The just up't the 5Ghz radio too. I gave mine away to a family member for xmas. I'm gonna miss it. I'll try to get another Rev A. Be aware that they released a Rev B modem which has the new UI like the 880L so if you want Inbound Filters, Get a Rev A model. The 868L is one the best routers D-Link has. Wireless and performance is great. We did some beta testing early one to see performance and catch some issues. Router has been great since I got it. I highly recommend it. Ya, the cylinder style is kind of odd, however works well for signal and range, especially if placed well. I hope to get another.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GewGaw

  • Level 1 Member
  • *
  • Posts: 15
Re: Inbound Filters?
« Reply #8 on: January 05, 2015, 12:04:16 PM »

I just noticed it would have to be a REVA reading through the manuals as well.

Did the Dir-826L have coverage issues? has the design internally changed to improve the coverage?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Inbound Filters?
« Reply #9 on: January 05, 2015, 12:24:21 PM »

Id would say the range may not be as good as the 868L however I have the 826L as well and it works for it's small size. I'd say for a small house? The 826L/836L would be just fine.

I don't know if anything has changed internally for either router. Just the FW was updated recently for some FB features and output on the 5Ghz radio for the 868L.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GewGaw

  • Level 1 Member
  • *
  • Posts: 15
Re: Inbound Filters?
« Reply #10 on: January 07, 2015, 04:34:17 PM »

We have heard back from level 3 support and their suggestion was the following:
1)Use a port forward or virtual server rule (IE to allow HTTPS IN to 192.168.0.11)
2) enble IPv4 firewall in  "Turn ON IPv4 Firewall and ALLOW rules listed"
3) set up a rule with the following:
SOURCE WAN 123.123.123.123 (IP TO ALLOW IN)
DEST LAN 192.168.0.11 (IP WITHIN NETWORK)
PORT RANGE 1-65335
TYPE ANY

then a rule to allow internal traffic out:
SOURCE LAN 192.168.0.1-192.168.0.254
DEST WAN 1.1.1.1-254.254.254.254
PORT 1-65535
TYPE ANY


Upon testing this was not effective. For the reason that port forwarding and virtual server rules apply "before" the firewall rules when the firewall is in the "ALLOW LISTED" mode. Which results in all IPs being allowed to the internal server (based on the port forwarding or virtual server rule. I am guessing this is a choice made to protect people from accidentally killing their port forward rules with bad firewall rules.

However, this changes if we change the firewall filtering to "DENY LISTED" mode. When in this mode the expliced rules set will over ride the port forwarding rules. However, this is much more complicated to set up as you need to specify a whole bunch of rules to explictedly deny WAN traffic. For example:
-You need to create a rule to block 1.1.1.1-123.123.123.122
-then another 123.123.123.124-254.254.254.254
-and you can imagine if there was a group of IPs to allow in it would be very complicated and maybe a dozen rules

I am wiating to hear back from them so I can provide the results of our testing. I would imagine they need to change how the IMPLICITED rules are applied when setting the "ALLOW LISTED" mode or bring the INBOUND FILTER back.

I'll post more results after speaking with them.

GewGaw
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Inbound Filters?
« Reply #11 on: January 07, 2015, 05:03:27 PM »

Thank you for the feed back. Keep us posted on how it goes.

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Inbound Filters?
« Reply #12 on: January 12, 2015, 10:48:15 AM »

I'm wondering if a D-Link DFL model firewall appliance would be something that you should review...  ???
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GewGaw

  • Level 1 Member
  • *
  • Posts: 15
Re: Inbound Filters?
« Reply #13 on: January 12, 2015, 11:00:49 AM »

I am more concerned about the new GUI as a whole. It would appear some features have not  been vetted and confirmed working. Such as:
-firewall keeping ports open even when rules in place to close them.
-email setting unable to send email
-unable to review logs of the router or set logging levels.

While I see the attempt they are making to simplify thevinterdace, but some slightly more advanced features will help set the dlink routers apart from the pack.

I love the range and speed and price of the 880l. I hope I can help work through the issues with dlink to correct it.

I spoke with them again and they are running some more tests to confirm my findings and have asked another group if it is by design or a bug.

Marcus
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Inbound Filters?
« Reply #14 on: January 12, 2015, 11:11:43 AM »

Please keep us posted on how it goes...

I'll have a look see with mine....
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.
Pages: [1] 2