Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Mr5o1]

Hi,

Firstly I realise this is the DIR-615 board, but there doesn't seem to be a DIR-632 board, so I'm sure someone can move this post if it's in the wrong place.

I have several questions around access control, I have some not-so-great house guests who are torrenting.. (the height of rudeness?!) so I'm trying to configure access control.

• Am I right in thinking that I'm supposed to make a whitelist policy for my PCs by MAC or IP, and then create a second "other computers" policy which is partially blocked?
• I guess there's no real way to block torrents? Other than restricting access to all ports other than 80 & 443, and whatever else seems necessary? (skype is a pain, they recommend opening all ports > 1024?!)
• it seems like there's no way to whitelist ports? I just have restrict access to all the ranges of ports in between the ports I actually want to open?
• I have forwarded several ports to my home server. When I enable access control, specify my server by IP address, and create a policy which says "Log Web Access", I lose access to this server from WAN-side. I don't really understand what I'm doing wrong here

Thanks in Advance!
I have several other questions about this, but depending on the answers to the above, I may be able to resolve them myself.

[FurryNutz]

Link>Welcome!

What Hardware version is your router? Look at sticker under router.
Link>What Firmware version is currently loaded? Found on routers web page under status.
What region are you located?

What ISP Service do you have? Cable or DSL?
What ISP Modem Mfr. and model # do you have?

Some things to try: - Log into the routers web page at 192.168.0.1. Use IE, Opera or FF to manage the router.
Turn off ALL QoS or Disable Traffic Shaping (DIR only) GameFuel (DGL only and if ON.) options. Advanced/QoS or Gamefuel.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual or under Setup/PARENTAL CONTROL/Set to>None: Static IP or Obtain Automatically From ISP.
Enable Use Unicasting (compatibility for some ISP DHCP Servers) under Setup/Internet/Manual.
Turn on DNS Relay under Setup/Networking. Link>Finding Faster DNS Addresses using Name Bench
Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting.
Ensure devices are set to auto obtain an IP address.
If IPv6 is an option on the router, select Local Connection Only or Disable IPv6 options under Setup/IPv6.
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
Enable uPnP and Multi-cast Streaming under Advanced/Networking. Disable uPnP for testing Port Forwarding rules.
Turn off WISH, and WPS under Advanced.

Set current Time Zone, Date and Time. Use an NTP server feature. Tools/Time.

You'll need to use Network Filter and Access Control I believe to make a list of devices to control.
You may also want to set up a schedule for those black listed or partially controlled devices:
To set up scheduling:
1. Reserve device IP addresses ON the router under Setup/Networking.
2. Set up a schedule under Tools/Schedule on the routers web page. Customize your dates and times here.
3. Use Access Control under Advanced to apply the customized schedule to a policy and to the PC(s) desired to be controlled.  

Use the follow section for access control and ports: Block Some Access/Apply Advanced Port Filters should help you configure the server to the WAN side.

Give this a review:
http://forums.dlink.com/index.php?topic=10764.0

[Mr5o1]

Hi FurryNutz:

firmware: A1
region: Australia
ISP: DSL
Modem: TP-LINK
QoS / Traffic Shaping / GameFuel: off
Advanced DNS: no option
Unicasting: no option
Reserved IPs: set
IPv6: local link only
Firewall: endpoint independent (TCP & UDP)
UPnP: disabled
WPS: off

I've already set up access control per your suggestion.

I did have a look through the blocking bittorrent thread, useful stuff but I'd already blocked unused ports with access control.

So the primary problem right now is that I can't access my server from WAN-side. To explain a little more.

• the server is running apache, trying to connect via http (port 80)
• the server does not use DHCP, an ip address of 192.168.0.10 is set on the machine, so MAC address reservation is not necessary?

I figure I should be able to set this up with forwarded ports & two policies:

port forward: have set this up, works if Access Control is not enabled.

restrict access: This rule is set to "Other Computers", and blocks port ranges. For example, for now I have 4 ranges, closing all ranges around 80, 53, 463.

whitelist: This rule lists only the IP address of the server, 192.168.0.10, and is set to "Log Web Access Only"

Strangely, even without the whitelist rule, I would have thought that I could still access port 80 on the server, because it's not blocked by the "restrict access" rule.