Hiya John,
I use a dlink 504 also, but with NAT, however I work with firewall
policy so I'll give it a go for ya!
Are you using PPPoE or PPPoA ? I would be thinking PPPoA would be more
likely in the UK (PPPoE more common here in AU)
Do you have a gateway IP set for the router WAN port? I'll assume you
have, and ip forwarding is configured and working (ie everything is
working without the firewall stuff enabled)
Also, I believe the rule order is important to the dlink firewall (as
it is in most commercial enterprise products), and as such the end
rule should look (in its simplest notation) as 'any traffic from and
to anywhere, on any protocol, DROP!'
(example follows)
So, lets assume you wanted to disable IRC from inside your network.
we will also assume that your IP allocation is sequenced (say,
203.10.0.1, 203.10.0.2, 203.10.0.3, 203.10.0.4) Your router is usually
assigned one of your static IP numbers, unless your ISP has something
else organised.
IP Filter state : enabled
if not matched : pass
name : block_irc
pass or block? block
direction is always in, on my firmware (R2.21.002.05.b13au)
Protocol : TCP
Source : (the outside world)
IP : leave on 0.0.0.0 (you could indicate a specific server IP here)
Subnet mask: 0.0.0.0/0 (defaults seem okay on dlinks!)
greater than/equals/less than symbols : shouldnt matter
start port: 0
end port : 0
(Im not informed regarding current irc service ports, so these are
general)
Destination : (your internal network)
IP : 203.10.0.0 (specify the c class for brevity)
subnet mask : 255.255.255.0/24
greater than/equals/less than symbols : 'select greater than'
start port : 6666
end port : 6669
then add it and test it.
Its a bit easier to specify the c-class address (203.10.0.0) as the
dlink firewall wont allow several, specific or multinetwork IPs to be
used in part of a ruleset.
So, this router will basically let everything in and out, except it
wont let anyone on 203.10.0.xx connect to IRC servers.
My apologies if this is offtrack to what you were seeking - if it is,
perhaps you need to find a different way of explaining the problem?
If you cant connect to websites etc via the router with the firewall
module disabled, then it would seem you have a routing or possibly a
connection issue.
Anyways, 4am for me, off to bed!
cheerio
Dea
> Dlink dont seems to understand the question, thwey just keep sending
> me a config to make the router work on NO NAT, which it does, now I
> want to setup the Firewall.
>
> Any Ideas anyone.
|
Similar Threads
Linear Mode
