• November 29, 2021, 12:45:33 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: Guest Zone access to public ports  (Read 11166 times)

ksx2015

  • Level 1 Member
  • *
  • Posts: 11
Guest Zone access to public ports
« on: May 25, 2015, 03:09:35 PM »

Hello everyone,

The configuration of my router (DIR-868L) has some LAN ports exposed to the internet.
This is working just fine and I can access the home server over the internet.

I also have enabled the Guest Zone, so I have 2 additional guest zones (2.4 and 5 GHz).
I have disabled the "Enable Routing Between Zones", so guest zone clients can't access the LAN resources.

However, the guest zone clients can't access the public LAN ports either.
To me this seems as an issue in the routing logic of the device as I would expect that the guest zone clients should be able to access the public resources without limitation.

example config:
router public ip: 62.21.12.12
LAN server: 192.168.1.5
virtual server: 12345 ->192.168.1.5:12345
guest zone client: 192.168.1.160


Expected results:
guest zone clients should NOT be able to connect to: 192.168.1.5:12345
guest zone clients SHOULD be able to connect to: 62.21.12.12:12345

Actual results:
guest zone clients can't access neither 192.168.1.5:12345 or 62.21.12.12:12345

I hope it is clear what I want to achieve. If needed I can explain further.

Is there some additional configuration that I have missed?
Should I do this in another way?

Please help!
« Last Edit: May 25, 2015, 03:13:53 PM by ksx2015 »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49863
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Guest Zone access to public ports
« Reply #1 on: May 26, 2015, 07:30:19 AM »

Link>Welcome!

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

If your trying to configure Virtual Server with Guest Zone clients, I don't believe that is a supported configuration. Guest Zone connections are handled similarly like DMZ, allows connected clients unlimited resource to the WAN side only. There should be no configuration of any LAN side settings for Guest Zone devices. The only feature would be to enable or disable the "Enable Routing Between Zones" if needed or not. Virtual Server handles connections from the WAN side to LAN side sources only. Does not include the Guest Zone.

What application or WAN side resources does this one client use? Please explain more about what the client can't get to...
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

ksx2015

  • Level 1 Member
  • *
  • Posts: 11
Re: Guest Zone access to public ports
« Reply #2 on: May 26, 2015, 07:59:46 AM »

Hardware version: A1
Firmware version: 1.09
Region: Europe

Cable modem: Cisco EPC3208

As for the supported configuration or not:
Since some LAN ports are configured in the virtual server section, I would consider them as part of the internet.
If the guest client can't access them, then in effect they can't access part of the internet.
So, I would ask:
Why are the guest clients restricted from accessing some part (which just so happens resides on my LAN) of the internet?

So, even if it doesn't work at the moment, I can't see no justification that it must remain as is.
Instead, it seems to me that it should be changed.

As for the type of service that is exposed:
It is just a small thing I wrote related to WOL.

CHEERS !

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49863
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Guest Zone access to public ports
« Reply #3 on: May 26, 2015, 08:33:36 AM »

Seems like your trying to configure something that is not supported on D-Link routers. Some routers don't handle WoL due to lookback support not featured on some model routers.

You can review this and see if any of it helps for WoL and your Virtual Server settings:
http://forums.dlink.com/index.php?topic=37018.0
http://forums.dlink.com/index.php?topic=13539.0

Guest zone only handles connected devices to the WAN side unless "Enable Routing Between Zones" is enabled then I presume that only allows network access to network folder shares and PCs on the LAN side when enabled, not any virtual server configurations or WoL. I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please. Good Luck.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

ksx2015

  • Level 1 Member
  • *
  • Posts: 11
Re: Guest Zone access to public ports
« Reply #4 on: May 26, 2015, 08:43:37 AM »

Thank you for the reply.
However, I feel more input is needed from my side.

The configuration has several exposed servers and the WOL is just an example.
I would like to access anything available on the internet from my guest zone (even if it happens to reside on my LAN).
At the moment no virtual server can be accessed from guest zone.
The WOL setup is working just fine if I invoke it from other network (for example from my phone 4G).

I want to attach the scheme of my working WOL setup. But ... how?

CHEERS ! :)



Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49863
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Guest Zone access to public ports
« Reply #5 on: May 26, 2015, 08:47:42 AM »

All resources should be accessible on the WAN side from the GZ. You'd have to enable Routing Between Zones to see if this effects any change. Can you access network shares and folders and PC if this is enabled?

Adding Screenshots In A Post
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

ksx2015

  • Level 1 Member
  • *
  • Posts: 11
Re: Guest Zone access to public ports
« Reply #6 on: May 26, 2015, 08:53:15 AM »

Thank you

Here it is:
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49863
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Guest Zone access to public ports
« Reply #7 on: May 26, 2015, 08:58:03 AM »

Can you enable Routing Between Zones to see if this effects any change. Can you access network shares and folders and PC if this is enabled from the GZ?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

ksx2015

  • Level 1 Member
  • *
  • Posts: 11
Re: Guest Zone access to public ports
« Reply #8 on: May 26, 2015, 09:12:37 AM »

I keep my guest zone open (no password) so that anyone that needs internet access can use it for free.
For that reason, I would hesitate to just leave this checkbox selected.

Anyway, I just checked and in that case the guest clients can access the servers.

But, as explained above, this doesn't really fit my picture because in that case the guest clients can access the whole LAN.
And that is a huge NO.

CHEERS !
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49863
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Guest Zone access to public ports
« Reply #9 on: May 26, 2015, 09:25:52 AM »

Ok, just making sure that routing between zone works. I presume it would for this quick test. I presume that there is no routing or access for GZ to Virtual Server configured ports when it's disabled or enabled and I presume this is how it's designed or do to the lack of loopback routing. I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. Ask for level 2 or higher support. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

ksx2015

  • Level 1 Member
  • *
  • Posts: 11
Re: Guest Zone access to public ports
« Reply #10 on: May 26, 2015, 09:27:21 AM »

Thank you ... will keep you posted !
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49863
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Guest Zone access to public ports
« Reply #11 on: May 27, 2015, 07:20:55 AM »

 ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49863
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Guest Zone access to public ports
« Reply #12 on: June 05, 2015, 12:38:09 PM »

Any status on this?  ???

I keep my guest zone open (no password) so that anyone that needs internet access can use it for free.
For that reason, I would hesitate to just leave this checkbox selected.

Anyway, I just checked and in that case the guest clients can access the servers.

But, as explained above, this doesn't really fit my picture because in that case the guest clients can access the whole LAN.
And that is a huge NO.

CHEERS !
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

ksx2015

  • Level 1 Member
  • *
  • Posts: 11
Re: Guest Zone access to public ports
« Reply #13 on: June 07, 2015, 11:23:20 AM »

I just got the reply from dlink:

Disable routing between zones is implemented by Linux iptable. 62.21.12.12:12345 actually belongs to LAN.
Therefore, iptable blocks traffic from guest zone to 62.21.12.12:12345.

In other words it is by-design and they don't want to change it.

Logged

ksx2015

  • Level 1 Member
  • *
  • Posts: 11
Re: Guest Zone access to public ports
« Reply #14 on: June 08, 2015, 12:23:44 AM »

Another reply:

Please allow me to explain for this case again.

Based on Vendor's description, if user disable routering between zones, and then guest zone users will not be able to access LAN IP address, but guest zone user still can access WAN IP address.

If you find Vendor's topology, and you can see he set a virtual for LAN server (192.168.1.5:12345), and that means when user try to connect WAN IP with port 12345 and DIR-868L will redirect the WAN (62.21.12.12:12345) to LAN (192.168.1.5:12345). That is why Vendor explain WAN (62.21.12.12:12345) belongs to LAN IP.

If user enable routering between zones, and there will be not problem if guest zone clinet try to access WAN (62.21.12.12:12345).
« Last Edit: June 08, 2015, 10:41:31 AM by ksx2015 »
Logged
Pages: [1] 2