• March 28, 2024, 07:01:41 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 2 [3]

Author Topic: Migrate to DFL-210>configuration problem  (Read 21126 times)

Chilleboy

  • Level 1 Member
  • *
  • Posts: 23
Re: Migrate to DFL-210>configuration problem
« Reply #30 on: April 28, 2010, 11:10:29 AM »

For port mapping (publishing your servers)

As i undestood, you want to access HTTP/HTTPS/IMAP from outside by standart ports and SSH by non-standart. So...

1) Objects > Services
Make service ssh-xxx00 with destination port xxx00
Make service groups ext_mail_server with imap, pop3, smtp (all services what you need) and ssh-xxx00
Do the same for web servers (group ext_web_server)

2) Rules > IP rules
# mail server
SAT wan/all-nets core/wan_ip ssh-xxx00 (SAT: new dest = lan_mail_server, new port = 22)
SAT wan/all-nets core/wan_ip ext_mail_server (SAT: new dest = lan_mail_server)
Allow wan/all-nets core/wan_ip ext_mail_server
# web server
SAT wan/all-nets core/wan_ip ssh-xxx02 (SAT: new dest = lan_web_server, new port = 22)
SAT wan/all-nets core/wan_ip ext_web_server (SAT: new dest = lan_web_server)
Allow wan/all-nets core/wan_ip ext_web_server

If you want to have access from internal network (LAN) to wan published services, make additional rules

# mail server
SAT lan/lannet core/wan_ip ssh-xxx00 (SAT: new dest = lan_mail_server, new port = 22)
SAT lan/lannet core/wan_ip ext_mail_server (SAT: new dest = lan_mail_server)
NAT lan/lannet core/wan_ip ext_mail_server
# web server
SAT lan/lannet core/wan_ip ssh-xxx02 (SAT: new dest = lan_web_server, new port = 22)
SAT lan/lannet core/wan_ip ext_web_server (SAT: new dest = lan_web_server)
NAT lan/lannet core/wan_ip ext_web_server
You do an amazing job for me Danilovav!
I can see now why the SSH-thing did'nt work for me, I put port 22 as the destination in the service.  :-[

Will try this settings as soon as I can!
However, I am a little worried that it might not do any difference for my problems to connect to the mailserver via Outlook and Mail.
But I'll try your settings first!  ;D
Logged

Chilleboy

  • Level 1 Member
  • *
  • Posts: 23
Re: Migrate to DFL-210>configuration problem
« Reply #31 on: April 29, 2010, 06:02:23 AM »

Sadly I had no luck with the new conf! :'(
Still not able to connect via MAil or Outlook (SSL not SSH).
SSH-connection was not successful either.

Here is the current settings:






Have I made any typos or bad conf?
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Migrate to DFL-210>configuration problem
« Reply #32 on: April 29, 2010, 08:25:13 AM »

Your source ports should be 0-65536, source ports are randomly generated.

If you want to get technical it is actually a much smaller range than that, but that covers our bases.
Logged
non progredi est regredi

Chilleboy

  • Level 1 Member
  • *
  • Posts: 23
Re: Migrate to DFL-210>configuration problem
« Reply #33 on: April 29, 2010, 08:51:41 AM »

Your source ports should be 0-65536, source ports are randomly generated.

If you want to get technical it is actually a much smaller range than that, but that covers our bases.
Thanks Fatman!
I'll change the source ports to 0-65536. But the destination ports is still correct or shall I change those to?
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Migrate to DFL-210>configuration problem
« Reply #34 on: April 29, 2010, 11:12:27 AM »

The destination ports are up to you, I don't know what kind of traffic you are running.
Logged
non progredi est regredi

Chilleboy

  • Level 1 Member
  • *
  • Posts: 23
Re: Migrate to DFL-210>configuration problem
« Reply #35 on: April 29, 2010, 02:27:50 PM »

Thanks Fatman and Danilovav for all your help!
The last tips regarding sourceports from Fatman was the culprit of the problem.
Again without your help I had been toast.  ;D
Logged
Pages: 1 2 [3]