DLink DSL-504 Firewall Config and firmware problems

I've just bought a DLink DSL-504 router off ebay, and am having a lot of
troubles with it. I've got it working with no firewall enabled - ie. I can
use the internet on all computers on my home network. However, the
interface for configuring the firewall is so un-intuitive! Has anyone any
experience in setting this firewall up? I want to have everything blocked -
except certain specified ports (for now, let's just say port 80), and only
on a certain computer on the network. How would I do this? I found one
example on the internet, but that has the subnet mask as 0,0,0,0 on some of
the options. On my version, there is no 0,0,0,0 in the combobox.

I've also tried downgrading the firmware to the version we use at work (the
firewall page is completely different). But halfway through the firmware
upload a popup box says "Upload Failed". I've tried various firmwares, and
they all fail! Anyone experience this?

Below is a link to a screenshot of the firewall configuration page. Ignore
the values I've already put in - I was just playing around trying to get it
to work.

http://www.dracan.x-1.net/firewall.jpg


Thanks for any help with this, as it's driving me nuts! |

Dan.

Dan wrote:
> I've just bought a DLink DSL-504 router off ebay, and am having a lot of
> troubles with it. I've got it working with no firewall enabled - ie. I can
> use the internet on all computers on my home network. However, the
> interface for configuring the firewall is so un-intuitive! Has anyone any
> experience in setting this firewall up? I want to have everything blocked -
> except certain specified ports (for now, let's just say port 80), and only
> on a certain computer on the network. How would I do this? I found one
> example on the internet, but that has the subnet mask as 0,0,0,0 on some of
> the options. On my version, there is no 0,0,0,0 in the combobox.
>
> I've also tried downgrading the firmware to the version we use at work (the
> firewall page is completely different). But halfway through the firmware
> upload a popup box says "Upload Failed". I've tried various firmwares, and
> they all fail! Anyone experience this?
>
> Below is a link to a screenshot of the firewall configuration page. Ignore
> the values I've already put in - I was just playing around trying to get it
> to work.
>
> http://www.dracan.x-1.net/firewall.jpg
>
>
> Thanks for any help with this, as it's driving me nuts! |
>
> Dan.
>
>
I would be inclined to set up the DMZ pointing to a non-existant address
on your network. And the use port forwarding to redirect port 80 to the
appropriate server on your network. Simpler that setting up firewall rules.
Go here http://shadow.sentry.org/~trev/dsl50x.html if you want a very
useful site. This guy is Australian but all the information is relevant,
including how to set up your firewall if that's the way you decide to go.
Also don't forget www.grc.com is a useful site for checking whether or
not you firewall (or DMZ) is doing its job.

HTH


--

Mark²°°³

> I would be inclined to set up the DMZ pointing to a non-existant address
> on your network. And the use port forwarding to redirect port 80 to the
> appropriate server on your network. Simpler that setting up firewall
rules.
> Go here http://shadow.sentry.org/~trev/dsl50x.html if you want a very
> useful site. This guy is Australian but all the information is relevant,
> including how to set up your firewall if that's the way you decide to go.
> Also don't forget www.grc.com is a useful site for checking whether or
> not you firewall (or DMZ) is doing its job.

I would rather try and learn how the firewall rules work. I've already
looked at the shadow.sentry site, but the example that they have on it uses
a subnet mask of 0,0,0,0 - which for some reason I don't have on my router
( How do I say I want to allow "any IP"?

Cheers,
Dan.

Dan wrote:
<snip>
> I would rather try and learn how the firewall rules work. I've already
> looked at the shadow.sentry site, but the example that they have on it uses
> a subnet mask of 0,0,0,0 - which for some reason I don't have on my router
> ( How do I say I want to allow "any IP"?
>
> Cheers,
> Dan.
>
>
Your version of firmware uses slash notation for the subnet. i.e.
0.0.0.0. is the same as /0, and 255.255.255.255. is the same as /32 -
and everything in between.

--

Mark²°°³

I had another good play with the router last night. Finally got it working.
Mine doesn't have the 0,0,0,0 or /0, but if I use the 255,255,255,255 or /32
with a 0,0,0,0 IP address - that still seems to mean "any IP". I think what
I was previously doing wrong was not allowing the DNS ports through. I've
now got my firewall set up properly, with about 5 million rules )

Which still leaves me with the firmware upgrade problem. But I suppose it's
not that important now that I've sorting the firewall on my current version.
One problem I encountered yesterday however, was that the router hangs if
someone tries to send me a file in MSN messenger. Doing a google groups
search found that some people had been able to fix this problem by upgrading
their firmware. I've got a later firmware than what's on the website
though??? Not that I would be able to upgrade it anyway with this stupid
firmware upgrade problem (

Cheers,
Dan.




"Mark²°°³" <(E-Mail Removed)> wrote in message
news:bthsqr$7f2fi$(E-Mail Removed)...
> Dan wrote:
> <snip>
> > I would rather try and learn how the firewall rules work. I've already
> > looked at the shadow.sentry site, but the example that they have on it
uses
> > a subnet mask of 0,0,0,0 - which for some reason I don't have on my
router
> > ( How do I say I want to allow "any IP"?
> >
> > Cheers,
> > Dan.
> >
> >
> Your version of firmware uses slash notation for the subnet. i.e.
> 0.0.0.0. is the same as /0, and 255.255.255.255. is the same as /32 -
> and everything in between.
>
> --
>
> Mark²°°³