• July 16, 2018, 11:12:14 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2]

Author Topic: Firmware 1.20B03/2.20B03 Released - Security Fixes  (Read 4431 times)

lescarlson

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #15 on: October 31, 2017, 03:27:40 PM »

Gattsu:
---"it works when he applies a static IP, instead of DHCP, but which router was this applied to?"

The static WAN IP address and WAN gateway address are entered into the "Static" setting in the 850L.
The Netgear modem passes (DMZ) the ISP assigned WAN IP address (Dynamic address) to the 850L. (The Netgear modem/router has a DMZ feature which points to the 850L LAN address 192.168.0.1) When the 850L security update was applied, the 850L lost it's connection to the internet. The only way I could get internet to the 850L was to change the "Dynamic IP (DHCP)" setting to "Static". The 'static' address I used was the public WAN address and Gateway address given to the Netgear modem from the ISP. Once I plugged in those two public addresses in the "Static" setting of the 850L the internet connection was restored to the 850L and all the devices it serves.

The Netgear modem/router has both public and private DHCP Servers which are DISABLED and its wiresess radio is turned off. All our LAN connections are through the 850L. Prior to the 850L security update the 850L received the internet connection with the "Dynamic IP (DHCP)" setting and the internet connection was just there all the time:

1- NetgearWAN >>> DMZ >>> 850L "Dynamic IP (DHCP)" setting >>> Working system
2- NetgearWAN >>> DMZ >>> 850L [security update] "Dynamic IP (DHCP)" setting >>> No internet to LAN
3- NetgearWAN >>> DMZ >>> 850L [security update] "Static" setting with WAN address plugged in >>> Working system

Although the 3rd system currently works, it will fail when my ISP changes that dynamic WAN address.

---"On the Netgear, check for DHCP reservation list and create one for the 850L."
The Netgear has both a Private and Public DHCP server. I have both of them and the wireless radio disabled. The Netgear passes the internet to the 850L via DMZ. I thought I was doing the right thing by only having the 850L serve. All connections from our LAN are made through the 850L. The Netgear only serves to get the internet (via DMZ) into the 850L. Prior to the 850L security update all was working 100%
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 45275
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #16 on: October 31, 2017, 03:31:53 PM »

"The Netgear modem passes (DMZ) the ISP assigned WAN IP address (Dynamic address) to the 850L. (The Netgear modem/router has a DMZ feature which points to the 850L LAN address 192.168.0.1) "

I believe the LAN address for the DMZ is incorrect. If the NG modem/ROUTER is using 192.168.1.1 for it's LAN then the IP address the 850L gets on it's WAN port should be a 192.168.1.### address. <This is the address that should be in the Modem/ROUTER DMZ, not 192.168.0.1...
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

lescarlson

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #17 on: October 31, 2017, 04:41:06 PM »

---"I believe the LAN address for the DMZ is incorrect"
I stated the DMZ pointed to the 850L LAN address. I was wrong. The "DMZ Host", as it is called in the Netgear, points to a MAC number. That MAC number is the 850L's MAC number as shown on the Home page of the 850L's administration pages. My term "points to" is probably not a suitable term. the DMZ Host is currently enabled for the 850L's MAC number. Apparently the 850L's LAN address has nothing to do with the DMZ. It just goes where ever the ethernet cable goes as long as the MAC number matches.

So if the internet connection is always there at the internet port on the 850L, why does the "Dynamic IP (DHCP)" setting in the 850L fail to see it?
« Last Edit: October 31, 2017, 04:43:21 PM by lescarlson »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 45275
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #18 on: October 31, 2017, 04:54:16 PM »

Can you use the IP address the WAN port gets from the NG modem/router instead of the MAC address? Should be 192.168.1.something. Look at the WAN IP address on the 850L Status back. What is it getting from the NG modem/router?

Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 45275
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #19 on: October 31, 2017, 08:57:54 PM »

One other thing to try as well. Disable uPnP on the modem/router as well. See it in some cases having two uPnP features running at the same time can cause problems as well.
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

lescarlson

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #20 on: October 31, 2017, 09:20:08 PM »

---"Can you use the IP address the WAN port gets from the NG modem/router instead of the MAC address? Should be 192.168.1.something. Look at the WAN IP address on the 850L Status back. What is it getting from the NG modem/router?"
---"The IP address the WAN port gets from the NG modem/router" is the same as the Netgear gets from the ISP. The MAC number was selected in the DMZ Host page while enabling the DMZ in the Netgear. At that time the 850L was the only device connected to the Netgear. The Netgear DMZ Host asks which device (from a menu of attached devices) should share the WAN address. The 850L was chosen, the 850L's internet connection was set to  "Dynamic IP (DHCP)" and the LAN connected to the 850L worked reliably until the security update.


Logged

lescarlson

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #21 on: October 31, 2017, 09:23:22 PM »

---One other thing to try as well. Disable uPnP on the modem/router as well. See it in some cases having two uPnP features running at the same time can cause problems as well."

Thanks. I'll try that...........No cigar. UPnP was enabled but disabling it did not make any difference.
« Last Edit: October 31, 2017, 09:33:38 PM by lescarlson »
Logged

Gattsu

  • Technical Engineer
  • Level 3 Member
  • *
  • Posts: 133
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #22 on: November 01, 2017, 07:43:33 AM »

So basically your network should look like this:

Internet <------->Netgear (LAN) <----------> (WAN)850L (LAN) <----->All other devices

What else is the Netgear connected to? If Netgear is not doing anything else other than passing traffic only to 850L, then I recommend setting that to bridge mode. This is the proper way to setup a home network; 1 modem, 1 router, and everything else connects to the router. Two routers complicate things and D-Link does not support such setup.

If you look at the release notes in the beginning, it will have four WAN security fixes. This tells us that the WAN port is more sensitive to internet traffic. I'm not sure what is breaking the connection between the NG and D-Link but it might have something to do with your double NAT setup.


Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 45275
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #23 on: November 01, 2017, 09:49:34 AM »

I agree, bridging the ISP Modem should work for best results...
https://www.dslreports.com/forum/r28137734-Bridging-7550
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

lescarlson

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #24 on: November 01, 2017, 08:56:39 PM »

FurryNutz,  Gattsu,

You two have been most generous with your time and expertise. That you share your knowledge and suggestions so willingly is deeply appreciated by myself and probably the many others you have helped. I will try to do likewise for another when a situation arrises.
Thanks,
LesCarlson
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 45275
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Firmware 1.20B03/2.20B03 Released - Security Fixes
« Reply #25 on: November 02, 2017, 08:11:01 AM »

Good Luck in your endeavours.
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting
Pages: 1 [2]