DFL-210 - Quick Config - My Digital Life

The D-Link DFL-210 is not a plug and play router. The router is not setup for DHCP, you must first assign a static IP address of 192.168.1.2 and a gateway of 192.168.1.1 on your PC's wired Ethernet adapter. To access the administration UI you connect via IE to 192.168.1.1. You should then check that you are running the latest firmware.

As of 9/8/06 version 2.05 was the newest available. You can download the latest from D-Link and use the tools/upgrade menu item. This is a straight forward process.

The default configuration comes with basic firewall rules that block all inbound traffic and allow outbound traffic via the 4 lan ports. The DMZ port is blocked. There are two elements to configure; the WAN interface, and DHCP.

The WAN interface under Interfaces/Ethernet/wan needed to be setup as a DHCP client for my Comcast connection by checking the Enable DHCP Client box. For every configuration change you then need to use the Configuration/Save and Activate menu item. I also found that the router should be up running before the Motorola cable modem is activated for the connection/address acquisition process to work.

If you have static DNS entries setup on your PC's Ethernet you should be able to access the Internet at this point. If you want to use DHCP to assign IP addresses and DNS entries on your network you need to setup a DHCP server. A default object called lannet is already setup for a pool of addresses (192.168.1.0 - 192.168.1.24) that you can use for DHCP. This object is also used in the lan to wan rule, with this rule the firewall only allows outbound traffic within this IP address range. I create a new object called DHCP_Pool since I have devices on my network with fixed IP addresses. Unfortunately the DHCP server does not have the ability to assign IP address based on MAC address, this is a major omission given that most sub $50 routers have this feature. I have an email out on the subject to D-Link support but no response yet.

The first configuration screen for DHCP.

The DHCP options tabs provides fields for specifying domain name, DNS and WINS entries. Since the router does not understand DNS, you must use an external DNS server (unless you run your own) such as the one gathered by the DHCP client on the wan interface. There are two default object, wan_dns1 and wan_dns2, that can be used to pass the external DNS servers to your clients.

This should get basic firewalled connectivity up and running. Next up; bandwidth management with pipes and pipe rules..

Comments

Very helpful. Thanks! I think I got in over my head with this router. And the docs don't help much. It also seems to be a bit buggy since, after following your steps above, I also had to do a full reset (this is reproducible). Now I need to set up a VPN client - just like I would in Windows. How can I do that? Or is there a way to let the Windows client through? Thanks! Please help!!

Posted by: Kim | January 30, 2007 at 07:32 PM

To be more specific, the vpn server is a Windows 2003 Server machine, allowing PPTP VPN connections (via the "simple" setup). I can create a VPN client in Windows XP and access the server through my smc firewall, but not thru this dlink 210.

I would like to know the rules needed to allow the Windows client through.

I would also like to know how to set up the 210 as a client. What are the the settings for the pptp client and the rules needed? Thanks! -Kim

Posted by: Kim | January 30, 2007 at 08:07 PM

Hi Kim,

For Windows XP you need to setup an outbound rule on the 210 that allows pptp.

To do that you go to rules/ip rules/lan_to_wan and add two new rules.

1. action=allow, service=pptp-ctl, source=lan/lannet, destination=wan/all-nets
2. action=allow, service=pptp-suite, source=lan/lannet, destination=wan/all-nets

You may get away by just using the second rule. Less rules is better so I would try that first, then add the first rule if that does not work.

In your second question, I assume you want to make the 210 a pptp client. I will have to research that some more, but I think the D-Link configuration guide has an example of this.

Posted by: Stephen Skarlatos | January 31, 2007 at 09:02 AM

Hi Stephen,

Thanks for your suggestion, but no luck. The only other rules that I have are the default rules and my firmware is the latest (2.11.02). I think you are correct that only the pptp-suite should be necessary, and I tried that too. And I moved the rule(s) to the top, bottom, did a full reset, etc. Maybe my router is just buggy.

In my second question, yes, I would like to make the 210 a pptp client. I found a link on the dlink site that seemed to be what I need, but appears to have typos and doesn't work for me. :(

Thanks for your help. It would be interesting to see if you can get the PPTP pass-through or PPTP client to work on the 210.

Thanks,
-Kim

Posted by: Kim | January 31, 2007 at 01:08 PM

Hello Stephen,

I changed added the pptp-suite rule, but changed allow to nat and got it working. I think this makes sense, but I'm not absolutely sure. :)

There does seem to be something wrong with my router. I found that I have to do a *full reset* with every change; a quick reset or save/activate doesn't do it.

I also hooked up the serial cable and when I do a full reset see this error:
Core Shutdown in 10 seconds
+**Warning** FLASH configuration checksum error or invalid key
Use 'fconfig -i' to [re]initialize database

However, when I issue an fconfig command it says it is not valid.

I also have another question: with the factory defaults, it appears that all ports are closed. Why does remote desktop work without making any changes?

Thanks again,
-Kim

Posted by: Kim | January 31, 2007 at 02:32 PM

Glad you got outbound pptp to work. It sounds like your flash memory is corrupted, I would suggest contacting D-Link to get a replacement unit.

The factory defaults allow outbound http traffic, the problem with the defaults is that you have to manually set the WAN interface attributes. Without setting those attributes the firewall does not route traffic properly.

I had not noticed that version 2.11 was available, I am running 2.05.00. I will upgrade this weekend.

Posted by: Stephen Skarlatos | January 31, 2007 at 08:44 PM

I think I got in over my head with this router also.
I have gained entry via 192.168.1.1.
However, I really need to change the DFL -210 IP
to 192.168.2.1
and where does one specify the usually subnet mask
255.255.255.0
and the ISP gateway.

I know you are not DLink Support.. But I am in a bind...
started this over the weekend... and I am dead in the water... I thought DLink had a 24 hour support line.
Do you know about that?

Help
Pretty Please :)
Philip

Posted by: Philip | February 03, 2007 at 12:59 PM

Hi Phillip,

I assume you want to setup 192.168.2.1 as the LAN address. My subnet is also 192.168.2.x and the way I changed it was by modifying in objects/address book/interfaceaddresses the lan_ip to 192.168.2.1 and the lannet to the range of addresses on my lan like 192.168.2.1-192.168.2.251. The DFL-210 automatically figures out the mask, so there is no need to set it.

The trick to making this work is to be able to switch your pc's address to a 192.168.2.x address within the 30 sec time it takes for the DFL-210 to validate the configuration and reboot. If you do not switch your PC to a valid lan address the DFL-210 won't verify your config and it will revert back to 192.168.1.1. I had my network connection properties open on my PC and as soon as I clicked ok on the DFL-210, I modified the IP address on my PC. It took several attempts but I got it to work.

Technical support as is the case with most companies these days is not very good and is really only available Monday - Friday unless you have a support contract. I emailed support and they just told me to call 877-453-5465.

This is a very good router, too bad they made so complex to configure but once your config is set you no longer have to worry about it. Hope this helps.

Posted by: Stephen Skarlatos | February 04, 2007 at 09:08 AM

I suggest you hook up the serial cable from your computer to the router and open a hyperterminal session (9600 8-N-1). Lots of info is displayed and it really helps to see what's going on with the router. There are cases where the web interface does not agree with the settings in the router. After you make a change and activate it, the router occassionally will revert to the previous configuration, and you will see the message in the hyperterminal window (but the web UI will not show that the configuration has reverted).

You can type "help" and see the commands that can be used via the serial interface. Using commands such as "dns" and "dhcp wan" will allow you to see the dynamically configured addresses (which appear as all zeroes in the web UI).

I have the router set up as a VPN client; however, I can't ping the netbios name of the VPN server computer from my computer. (If I use the XP VPN client with netbios over TCP/IP checked, I can ping the server by name.) Any ideas how to tunnel the netbios vpn server name through the router?

Posted by: Kim | February 08, 2007 at 12:20 PM

Just a note: I have the pptp vpn rules set to "nat" "all services," which should include netbios-dgm, netbios-name, netbios-ssn.

Posted by: Kim | February 08, 2007 at 12:37 PM

Thanks Kim, great comments. I will be setting up ISA server for a client of mine and will try setting the DFL-210 as a VPN client.

Posted by: Stephen Skarlatos | February 08, 2007 at 02:35 PM

Hi, I have been trying to setup the vpn on DFL210, i would like to assign IPs to my vpn client through the DHCP server that i have made for the remote users, but i cant get it to work, i have assigned the DHCP interface as L2TP server that services the clients, any idea or help needed from anybody.

Thankyou

Posted by: Asher | November 19, 2007 at 11:26 PM

Hello, I just found your site on D-link DFL-210 from google. Anyway I'm trying to set it up but everytime I connect to the internet router, the firewall would stop working. I would have to reset it for it to work again. Have you ever encounter this? Thanks

Posted by: Eddie | October 10, 2008 at 04:57 AM

Are you trying to change the default subnet?

Posted by: Stephen Skarlatos | October 10, 2008 at 09:02 AM

Yes I was trying to change the default IP to another because the DSL modem and switch is using the same IP which is 192.168.1.1. I manage to change the switch and one of the firewall IP already. But strangely the other firewall doesn't recognize the change as it will always go to the default even after changing the IP. I have two firewalls for separate projects by the way but connected to the same server.

Posted by: Eddie | October 13, 2008 at 11:17 PM

Hi I ve recently bought a DFL210 which Im trying to connect to a levelone modem router. Ive run the setup wizard noumerous times (after full reset) using DHCP, so it can get the wan settings automatically from the levelone router and it does. However I have no internet on any of the lan ports of the DFL210 eventhough I m on the same subnet (192.168.1.x) and I have static primary and secondary DNS.
Im supposed to set this one up for a client who wants his employees to be able to get access to a list of urls only, and nothing else. So I selected it, because it can create whitelists for the allowed URLs and ban everything else. But I cant even get it to allow anything at all (I get no internet at all)
I ve read in your post above that the DFL210, comes with basic firewall rules that block all inbound traffic. If this is the reason could you please tell me what to adjust so I can get it to work. I ve already tried changing Rules/iprules/lan-to-wan/drop-smb-all from "drop" to "allow" but no luck. I ve even tried entering a few URLs on the whitelist, but still nothing
Any ideas?

Thanks a lot

P.S. Are you Greek? Skarlatos is a Greek name.

Posted by: jim | December 16, 2009 at 09:13 AM

The first test you should try is using tools/ping on the router to ping a site like yahoo.com @ 209.131.36.159. If you get a response then the router is getting out to the internet. It could be a DNS issue? Why did you setup static DNS? Try using DHCP for both WAN and DNS addresses. This router is very easy to setup out of the box, but you do have have to enable the WAN setup (DHCP) for it to. Let me know how it goes.

Yes, I am part Greek by heritage...

Posted by: Stephen Skarlatos | December 17, 2009 at 08:16 AM

i just got DFL-210,got setup already but i wanna access remote managment from another location via internet,is there any way to get into that through internet from various location..................

Posted by: ikhlaq | March 03, 2010 at 11:21 PM

Yes, you turn on remote management under system/remote management. I would only allow https to make the connection secure. If you don't have a valid certificate, you will get a browser error which you can bypass since you should trust your own firewall.

Posted by: Stephen Skarlatos | March 04, 2010 at 04:53 PM

I have successfully set up DHCP and can connect to the Internet with a new DFL-210, however, even after configuring the DNS addresses into the DFL-210, I had to go and manually input them into each LAN PC to be able to actually get on the web. Isn't the DFL-210 supposed to provide the DNS entries you configure it with to the LAN PCs, so you don't have to configure each and every LAN PC DNS setting? Did I miss something? Thanks much, your sites are awesome.

Posted by: Mark | July 01, 2010 at 03:27 PM

Yes, the DFL-210 DHCP provides the DNS addresses automatically to the LAN clients. My Wan interface is setup to use DHCP from my broadband provider (FIOS)and retrieves the WAN IP, Gateway IP, and DNS IPs. I don't remember doing anything special to make that happen, other than leaving the DNS entries under system as wan_dns1 and wan_dns2.

Posted by: Stephen Skarlatos | July 03, 2010 at 08:43 AM

Hello, I am attempting to set one of these up with a static ip via charter communications. I go through the wizard and enter all the correct info in, one thing that confuses me is the 192.168.1.0/24, the subnet for the static ip is 255.255.255.252 so would I enter 192.168.1.0/30 for that?

After the setup, the DHCP works but I am unable to access the internet, do I still have to enable the DHCP checkbox on the WAN side even though my client is a static customer?

Thanks in advance!

Posted by: Computer Rescue | October 22, 2010 at 07:49 AM

Not sure if anyone can help but I need to set up VPN passthrough and I can't seem to get it to work. I can get VPN to work on the Router but I need to have an internal server be the VPN server and I it won't make a connection to the internal VPN server. FYI it seems to work fine from inside the network.... I think it might be GRE not passing but I am not sure?

Posted by: Brian | September 09, 2011 at 12:44 AM