D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: lira3122 on May 26, 2009, 07:19:45 AM
-
So I am trying to configure a Server that has Terminal Services on it. I have used the FAQ guide located here. http://support.dlink.com/FAQ/view.asp?prod_id=2404&question=dfl-210
Now I didn't do the check box in Step 9 because we currently have another server that is allowing RDP in. Now that one is configured correctly for RDP. (was set up before me) But when I try to RDP to the TS I get cannot locate server. Looking at the log I see this:
2009-05-26
09:14:48 Warning RULE
6000051 Default_Rule UDP wan
XX.XXX.194.56
XX.XXX.80.226 37437
39274 ruleset_drop_packet
drop
ipdatalen=39 udptotlen=39
Now the XX.XXX.80.226 is the server that is set up already but the TS server is XX.XXX.80.227.
I have put the SAT line in there as well as the ARP. But I can't find why it isn't directing it to the 226 instead of the 227.
I have been at this for half a week. Any help would be greatly appreciated.
Thanks,
-
Paste an image of the rule, specificly the SAT tab.
-
Here are the screenshots... First shows all rules, then general tab for the Terminal server, Then the Sat tab for the Terminal Server.
(http://i22.photobucket.com/albums/b336/blade3122/all_iprules.jpg)
(http://i22.photobucket.com/albums/b336/blade3122/TS_Sat_general.jpg)
(http://i22.photobucket.com/albums/b336/blade3122/TS_Sat_tab.jpg)
-
You need a SAT and a NAT
Not allow.
-
well I do have some NAT. Not sure if any of these is what your talking about?
(http://i22.photobucket.com/albums/b336/blade3122/nattrans.jpg)
Or what would I need?
-
Just like the SAT rule but a NAT version and the SAT rule should come before it on the list of rules.
-
Ok I put this in (don't know if it is right) but it is still not working.
(http://i22.photobucket.com/albums/b336/blade3122/ts-nat-general.jpg)
(http://i22.photobucket.com/albums/b336/blade3122/ts-nat-nat.jpg)
-
you don't need the NAT tab.
-
Ok I took off the NAT tab and put it back on "Use Interface Address". Save and Activate. And still no joy.
Still cannot connect to the computer.
-
You might want to contact our business class support, they would be better able to assist you over the phone.
-
so trying to ping this address I get this in the log..(I enabled ICMP for this test)
2009-05-26
17:41:14 Notice RULE
6000031 DirectedBroadcasts
directed_broadcasts
drop
Is there a rule to drop all these packets? I can ping my other server but not the new one.
-
Ok so I found out the guy before me had the wrong submask for out public IP addresses. Now I fixed that and am trying to ping that ip and I now I see it in the log but am getting this
2009-05-27
16:26:56 Info CONN
600001 ICMP_in ICMP wan
wan XX.XX.171.90
XX.XX.80.227
conn_open
conn=open connsrcid=12759 conndestid=12759
I noticed when I ping my other server it looks the same but instead of the destination being wan it is Core. so it looks like this
2009-05-27
16:26:56 Info CONN
600001 ICMP_in ICMP wan
core XX.XX.171.90
XX.XX.80.226
conn_open
conn=open connsrcid=12759 conndestid=12759
-
Ok got it working...Just deleted everything I had done and went through all the steps again. And this time it worked...I think the submask of public messed me up the first time.
-
Glad to hear that.