Configuration issues (firewall) with DI-524 D-Link

Hi,
I've got a D-Link DI-524 (the DI-524UP, to be precise).
I want to use PCanywhere to connect to the PC behind the router. But I
seem to be to stupid to set the Firewall right. I can set the PC to
"DMZ" and reach it perfectly well, but there must be a way to configure
the Firewall, right? Please help, this drives me crazy! ;-)
Thanks, Ulrich

On 27 Apr 2006 12:01:47 -0700, "UH" <(E-Mail Removed)> wrote:

>I've got a D-Link DI-524 (the DI-524UP, to be precise).
>I want to use PCanywhere to connect to the PC behind the router. But I
>seem to be to stupid to set the Firewall right. I can set the PC to
>"DMZ" and reach it perfectly well, but there must be a way to configure
>the Firewall, right? Please help, this drives me crazy! ;-)

Turn OFF the stupid DMZ. That's not the correct way to do it. In
effect, it disables all the router security to that machine and opens
ALL the IP ports. Do not use the DMZ.

PCAnywhere 9 thru 12 use ports 5631 (TCP) and 5632 (UDP) for incoming
traffic. These can be changed, so please make sure your PCAnywhere is
using the default ports.

Specific instructions for the DI-524:

http://www.portforward.com/english/r...pcAnywhere.htm
Just copy the setup. Make sure that your client computer has either a
static IP address, or that you have setup a "reserved" DHCP address.
See the section called "static DHCP" in your router like:
http://support.dlink.com/emulators/di524/h_dhcp.html


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

Hi Jeff!
This solved it, thank you! The key is to use the "virtual server", not
the Firewall settings.
Regarding DMZ: What I did was: Log in to the router remotely, enable
DMZ, log on via PCanywhere, Log off PC anywhere, disable DMZ. It works,
but it's a hassle. So thank you (and I'll happily go to portforward.com
for my next router...).
Have a great day, Ulrich

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <(E-Mail Removed) .com> on 28 Apr 2006
08:41:46 -0700, "UH" <(E-Mail Removed)> wrote:

>Hi Jeff!
>This solved it, thank you! The key is to use the "virtual server", not
>the Firewall settings.
>Regarding DMZ: What I did was: Log in to the router remotely, enable
>DMZ, log on via PCanywhere, Log off PC anywhere, disable DMZ. It works,
>but it's a hassle. So thank you (and I'll happily go to portforward.com
>for my next router...).
>Have a great day, Ulrich

Be warned that the so-called and badly misnamed "DMZ" feature in cheap
consumer routers is (unlike *real* DMZ) a *huge* security hole. Like Jeff,
I strongly advise against using it.

--
Best regards, SEE THE FAQ FOR ALT.INTERNET.WIRELESS AT
John Navas <http://en.wikibooks.org/wiki/FAQ_for_alt.internet.wireless>

Hi you all.

I got PCanywhere to work without any DMZ. Thanks!

Now, I am trying to get Wake-up-on-LAN to work.

It works *with* DMZ, so the PC is properly configured.

I tried to set up a virtual server (like I did for PCanywhere), but
that does not help. I cannot route to port 192.168.0.255 (which would
be the broadcast-port, right?). If I route to the static port of my PC
(which is what I do for PCanywhere), nothing happens because the PC is
off.

What now? Any ideas? Thanks!
Ulrich

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <(E-Mail Removed) .com> on 2 May 2006
06:54:10 -0700, "UH" <(E-Mail Removed)> wrote:

>I got PCanywhere to work without any DMZ. Thanks!
>
>Now, I am trying to get Wake-up-on-LAN to work.
>
>It works *with* DMZ, so the PC is properly configured.
>
>I tried to set up a virtual server (like I did for PCanywhere), but
>that does not help. I cannot route to port 192.168.0.255 (which would
>be the broadcast-port, right?). If I route to the static port of my PC
>(which is what I do for PCanywhere), nothing happens because the PC is
>off.
>
>What now? Any ideas? Thanks!

Read up on Wake-on-LAN; e.g., <http://en.wikipedia.org/wiki/Wake-on-LAN>

--
Best regards, SEE THE FAQ FOR ALT.INTERNET.WIRELESS AT
John Navas <http://en.wikibooks.org/wiki/FAQ_for_alt.internet.wireless>

"UH" <(E-Mail Removed)> hath wroth:

>Now, I am trying to get Wake-up-on-LAN to work.

You might want to search alt.internet.wireless with Google Groups for
previous postings on WOL. See:
| http://groups.google.com/group/alt.i...220f22ed7fc996
| http://groups.google.com/group/alt.i...b334192093101a
Note that WOL is not directly supported by the router and that
trickery is required to make it work.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Hi Jeff,

> Note that WOL is not directly supported by the router and that
> trickery is required to make it work.

well, that's where I am at now.

I have two WOL-programs that both work if I am "inside" of the router's
firewall (I brought my Laptop to work to try it out; it woke up the
office PC perfectely).

BUT: If I try sending the magic packet via the internet (which worked
fine with my previous router, a Netgear, where I could set the rule to
route magic packets on port 7 to subnet broadcast 192.168.0.255),
nothing happens. The new router does not allow me to set the broadcast
(no virtual servers for the *.*.*.255).

Do you have any ideas for the required trickery? :-)

Thanks, Ulrich

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <(E-Mail Removed) .com> on 8 May 2006
12:25:00 -0700, "UH" <(E-Mail Removed)> wrote:

>Hi Jeff,
>
>> Note that WOL is not directly supported by the router and that
>> trickery is required to make it work.
>
>well, that's where I am at now.
>
>I have two WOL-programs that both work if I am "inside" of the router's
>firewall (I brought my Laptop to work to try it out; it woke up the
>office PC perfectely).
>
>BUT: If I try sending the magic packet via the internet (which worked
>fine with my previous router, a Netgear, where I could set the rule to
>route magic packets on port 7 to subnet broadcast 192.168.0.255),
>nothing happens. The new router does not allow me to set the broadcast
>(no virtual servers for the *.*.*.255).
>
>Do you have any ideas for the required trickery? :-)

Try:
* Configuring the PC with a fixed IP address
* Using a static route in the DI-524

--
Best regards, SEE THE FAQ FOR ALT.INTERNET.WIRELESS AT
John Navas <http://en.wikibooks.org/wiki/FAQ_for_alt.internet.wireless>

"UH" <(E-Mail Removed)> hath wroth:

>> Note that WOL is not directly supported by the router and that
>> trickery is required to make it work.

>well, that's where I am at now.

The trickery is not in the router. It's in the WOL originating
program.

>I have two WOL-programs that both work if I am "inside" of the router's
>firewall (I brought my Laptop to work to try it out; it woke up the
>office PC perfectely).

Which programs? Did you try this one I recommended?
http://www.depicus.com/wake-on-lan/wake-on-lan-gui.aspx

>BUT: If I try sending the magic packet via the internet (which worked
>fine with my previous router, a Netgear, where I could set the rule to
>route magic packets on port 7 to subnet broadcast 192.168.0.255),
>nothing happens. The new router does not allow me to set the broadcast
>(no virtual servers for the *.*.*.255).
>
>Do you have any ideas for the required trickery? :-)

It's called "magic" packet for a reason. Getting it to work requires
a bit of magic.

There's no guarantee that your router will port forward port 7 to
whatever you're using for a client computah. I suggest you pick
another random port, over 1024, and port forward it to the IP address
of your test client computah (not the entire IP block). You will need
to setup a "reserved DHCP address" or "static IP address" for this
computah as you don't want the IP to change later.

Then try using:
http://www.depicus.com/wake-on-lan/woli.aspx
http://www.dslreports.com/wakeup?r=692
to test your WOL function from the internet. I have it working on
about 6 different cheapo routers without much difficulty. My favorite
mistake is using the wrong MAC address. I haven't tried this one:
http://www.moldaner.de/wakeonlan/wakeonlan.html
but it looks interesting.

It would be interesting to know which model Netgear worked for you in
the past where which allows you to port forward a port to an entire
Class C IP block. Every other router I've seen only allows port
forwarding to a single IP address (per entry). Also, harware
mutations and firmware version if available.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558