• March 29, 2024, 03:53:48 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DFL-800 Routing problem with multiple LAN setup  (Read 9482 times)

andyhill24

  • Level 1 Member
  • *
  • Posts: 1
DFL-800 Routing problem with multiple LAN setup
« on: December 01, 2009, 09:48:23 AM »

We have a setup where a DFL-800 is located at head office is used to connect to the internet.
There is another router on the LAN which provides connection to branch offices via a private network.
Network Config is as follows.
Head Office 192.168.0.0/24
Branch 1 10.0.31.0/24
Branch 2 10.0.32.0/24
DFL-800 LAN IP 192.168.0.225
Branch office router LAN IP 192.168.0.201
Branch office router is a managed service, but has a default route to send all unknown traffic to 192.168.0.225 (DFL-800)
Problem is Branch offices are unable to route traffic to internet.
DFL-800 has static routes to branch office networks with the branch office router as the gateway.
Probably missing something silly but any pointers much appreciated.



Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: DFL-800 Routing problem with multiple LAN setup
« Reply #1 on: December 01, 2009, 11:00:31 AM »

Well, the problem is almost certainly either in Routes or in IP Rules.

Do you get log entries?

If they mention Default_Rule, you have an IP Rule problem.

If they mention Default_Access_Rule, you have a routing problem.

If you don't have any, the traffic is most likely not reaching the DFL, inspect downstream first.
Logged
non progredi est regredi

Lavdd

  • Level 1 Member
  • *
  • Posts: 21
Re: DFL-800 Routing problem with multiple LAN setup
« Reply #2 on: December 22, 2009, 05:35:57 AM »

Got almost the same



There was freebsd on *.0.1
route add x.x.1.0/24 x.x.0.224
everything was fine - 1.0/24 and 0.0/24 was routed

On DFL-260 when it replased freebsd server
with rout lan x.x.1.0/24 x.x.0.224
0.0/24 pings 1.0/24 but telnet dont work
1.0/24 pings dfl but not 0.0/24

Ip rules
Allow lan/lannet lan/remote_net all_tcpudpicmp
Allow lan/remote_net lan/lannet all_tcpudpicmp

there is something about too high scr value in logs when I do telnet on 135 fron 0.0/24 to 1.0/24
« Last Edit: December 22, 2009, 07:57:42 AM by Lavdd »
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: DFL-800 Routing problem with multiple LAN setup
« Reply #3 on: December 22, 2009, 09:57:15 AM »

Show me what is in the logs and we can decipher it together.
Logged
non progredi est regredi

Lavdd

  • Level 1 Member
  • *
  • Posts: 21
Re: DFL-800 Routing problem with multiple LAN setup
« Reply #4 on: December 22, 2009, 10:33:34 AM »

Ill make another try on thursday.
I plugged freebsd svr back to 0.1 now.
Logged

Lavdd

  • Level 1 Member
  • *
  • Posts: 21
Re: DFL-800 Routing problem with multiple LAN setup
« Reply #5 on: December 24, 2009, 01:30:38 AM »

Did full reset and add some rules
ping 192.168.3.10 goes
telnet 192.168.3.10 135 dont





Logged

Lavdd

  • Level 1 Member
  • *
  • Posts: 21
Re: DFL-800 Routing problem with multiple LAN setup
« Reply #6 on: December 24, 2009, 01:41:22 AM »

set
TCP Sequence Numbers: Ignore


2009-12-24
12:36:04 Warning TCP_FLAG 3300010 LogStateViolations TCP lan lan 192.168.0.191 192.168.3.10 50337 135 unexpected_tcp_flags drop
flags=SYN endpoint=originator state=FIN_RCVD origsent=232 termsent=0 ipdatalen=28 tcphdrlen=28 syn=1 
Logged

Lavdd

  • Level 1 Member
  • *
  • Posts: 21
Re: DFL-800 Routing problem with multiple LAN setup
« Reply #7 on: December 24, 2009, 01:55:24 AM »

set
Allow TCP Reopen On

dont work, no logs ...
Logged

Lavdd

  • Level 1 Member
  • *
  • Posts: 21
Re: DFL-800 Routing problem with multiple LAN setup
« Reply #8 on: December 24, 2009, 02:02:59 AM »

Jesus

for rules put
from_local  FwdFast
from_far  FwdFast

set
Allow TCP Reopen Off

http://archive.netbsd.se/?ml=cfw-users&a=2002-08&t=253890
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: DFL-800 Routing problem with multiple LAN setup
« Reply #9 on: January 04, 2010, 08:36:15 AM »

I belive that was a statement of exasperation, and not a name.  The link points to mailing list thread where an issue with a Clavister firewall is troubleshot, which Lavdd then used as inspiration for his fix here.
Logged
non progredi est regredi