google

Google Referral

July 2010

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Blog powered by Typepad

« VOIP and the D-Link DFL-210 router | Main | Microsoft Internet Explorer 7 Release Candidate 1 »

September 08, 2006

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Kim

Very helpful. Thanks! I think I got in over my head with this router. And the docs don't help much. It also seems to be a bit buggy since, after following your steps above, I also had to do a full reset (this is reproducible). Now I need to set up a VPN client - just like I would in Windows. How can I do that? Or is there a way to let the Windows client through? Thanks! Please help!!

Kim

To be more specific, the vpn server is a Windows 2003 Server machine, allowing PPTP VPN connections (via the "simple" setup). I can create a VPN client in Windows XP and access the server through my smc firewall, but not thru this dlink 210.

I would like to know the rules needed to allow the Windows client through.

I would also like to know how to set up the 210 as a client. What are the the settings for the pptp client and the rules needed? Thanks! -Kim

Stephen Skarlatos

Hi Kim,

For Windows XP you need to setup an outbound rule on the 210 that allows pptp.

To do that you go to rules/ip rules/lan_to_wan and add two new rules.

1. action=allow, service=pptp-ctl, source=lan/lannet, destination=wan/all-nets
2. action=allow, service=pptp-suite, source=lan/lannet, destination=wan/all-nets

You may get away by just using the second rule. Less rules is better so I would try that first, then add the first rule if that does not work.

In your second question, I assume you want to make the 210 a pptp client. I will have to research that some more, but I think the D-Link configuration guide has an example of this.

Kim

Hi Stephen,

Thanks for your suggestion, but no luck. The only other rules that I have are the default rules and my firmware is the latest (2.11.02). I think you are correct that only the pptp-suite should be necessary, and I tried that too. And I moved the rule(s) to the top, bottom, did a full reset, etc. Maybe my router is just buggy.

In my second question, yes, I would like to make the 210 a pptp client. I found a link on the dlink site that seemed to be what I need, but appears to have typos and doesn't work for me. :(

Thanks for your help. It would be interesting to see if you can get the PPTP pass-through or PPTP client to work on the 210.

Thanks,
-Kim

Kim

Hello Stephen,

I changed added the pptp-suite rule, but changed allow to nat and got it working. I think this makes sense, but I'm not absolutely sure. :)

There does seem to be something wrong with my router. I found that I have to do a *full reset* with every change; a quick reset or save/activate doesn't do it.

I also hooked up the serial cable and when I do a full reset see this error:
Core Shutdown in 10 seconds
+**Warning** FLASH configuration checksum error or invalid key
Use 'fconfig -i' to [re]initialize database

However, when I issue an fconfig command it says it is not valid.

I also have another question: with the factory defaults, it appears that all ports are closed. Why does remote desktop work without making any changes?

Thanks again,
-Kim

Stephen Skarlatos

Glad you got outbound pptp to work. It sounds like your flash memory is corrupted, I would suggest contacting D-Link to get a replacement unit.

The factory defaults allow outbound http traffic, the problem with the defaults is that you have to manually set the WAN interface attributes. Without setting those attributes the firewall does not route traffic properly.

I had not noticed that version 2.11 was available, I am running 2.05.00. I will upgrade this weekend.

Philip

I think I got in over my head with this router also.
I have gained entry via 192.168.1.1.
However, I really need to change the DFL -210 IP
to 192.168.2.1
and where does one specify the usually subnet mask
255.255.255.0
and the ISP gateway.

I know you are not DLink Support.. But I am in a bind...
started this over the weekend... and I am dead in the water... I thought DLink had a 24 hour support line.
Do you know about that?

Help
Pretty Please :)
Philip

Stephen Skarlatos

Hi Phillip,

I assume you want to setup 192.168.2.1 as the LAN address. My subnet is also 192.168.2.x and the way I changed it was by modifying in objects/address book/interfaceaddresses the lan_ip to 192.168.2.1 and the lannet to the range of addresses on my lan like 192.168.2.1-192.168.2.251. The DFL-210 automatically figures out the mask, so there is no need to set it.

The trick to making this work is to be able to switch your pc's address to a 192.168.2.x address within the 30 sec time it takes for the DFL-210 to validate the configuration and reboot. If you do not switch your PC to a valid lan address the DFL-210 won't verify your config and it will revert back to 192.168.1.1. I had my network connection properties open on my PC and as soon as I clicked ok on the DFL-210, I modified the IP address on my PC. It took several attempts but I got it to work.

Technical support as is the case with most companies these days is not very good and is really only available Monday - Friday unless you have a support contract. I emailed support and they just told me to call 877-453-5465.

This is a very good router, too bad they made so complex to configure but once your config is set you no longer have to worry about it. Hope this helps.

Kim

I suggest you hook up the serial cable from your computer to the router and open a hyperterminal session (9600 8-N-1). Lots of info is displayed and it really helps to see what's going on with the router. There are cases where the web interface does not agree with the settings in the router. After you make a change and activate it, the router occassionally will revert to the previous configuration, and you will see the message in the hyperterminal window (but the web UI will not show that the configuration has reverted).

You can type "help" and see the commands that can be used via the serial interface. Using commands such as "dns" and "dhcp wan" will allow you to see the dynamically configured addresses (which appear as all zeroes in the web UI).

I have the router set up as a VPN client; however, I can't ping the netbios name of the VPN server computer from my computer. (If I use the XP VPN client with netbios over TCP/IP checked, I can ping the server by name.) Any ideas how to tunnel the netbios vpn server name through the router?

Thanks,
-Kim

Kim

Just a note: I have the pptp vpn rules set to "nat" "all services," which should include netbios-dgm, netbios-name, netbios-ssn.

Thanks,
-Kim

Stephen Skarlatos

Thanks Kim, great comments. I will be setting up ISA server for a client of mine and will try setting the DFL-210 as a VPN client.

Asher

Hi, I have been trying to setup the vpn on DFL210, i would like to assign IPs to my vpn client through the DHCP server that i have made for the remote users, but i cant get it to work, i have assigned the DHCP interface as L2TP server that services the clients, any idea or help needed from anybody.

Thankyou

Eddie

Hello, I just found your site on D-link DFL-210 from google. Anyway I'm trying to set it up but everytime I connect to the internet router, the firewall would stop working. I would have to reset it for it to work again. Have you ever encounter this? Thanks

Stephen Skarlatos

Are you trying to change the default subnet?

Eddie

Yes I was trying to change the default IP to another because the DSL modem and switch is using the same IP which is 192.168.1.1. I manage to change the switch and one of the firewall IP already. But strangely the other firewall doesn't recognize the change as it will always go to the default even after changing the IP. I have two firewalls for separate projects by the way but connected to the same server.

jim

Hi I ve recently bought a DFL210 which Im trying to connect to a levelone modem router. Ive run the setup wizard noumerous times (after full reset) using DHCP, so it can get the wan settings automatically from the levelone router and it does. However I have no internet on any of the lan ports of the DFL210 eventhough I m on the same subnet (192.168.1.x) and I have static primary and secondary DNS.
Im supposed to set this one up for a client who wants his employees to be able to get access to a list of urls only, and nothing else. So I selected it, because it can create whitelists for the allowed URLs and ban everything else. But I cant even get it to allow anything at all (I get no internet at all)
I ve read in your post above that the DFL210, comes with basic firewall rules that block all inbound traffic. If this is the reason could you please tell me what to adjust so I can get it to work. I ve already tried changing Rules/iprules/lan-to-wan/drop-smb-all from "drop" to "allow" but no luck. I ve even tried entering a few URLs on the whitelist, but still nothing
Any ideas?

Thanks a lot

P.S. Are you Greek? Skarlatos is a Greek name.

Stephen Skarlatos

The first test you should try is using tools/ping on the router to ping a site like yahoo.com @ 209.131.36.159. If you get a response then the router is getting out to the internet. It could be a DNS issue? Why did you setup static DNS? Try using DHCP for both WAN and DNS addresses. This router is very easy to setup out of the box, but you do have have to enable the WAN setup (DHCP) for it to. Let me know how it goes.

Yes, I am part Greek by heritage...

ikhlaq

i just got DFL-210,got setup already but i wanna access remote managment from another location via internet,is there any way to get into that through internet from various location..................

Stephen Skarlatos

Yes, you turn on remote management under system/remote management. I would only allow https to make the connection secure. If you don't have a valid certificate, you will get a browser error which you can bypass since you should trust your own firewall.

Mark

I have successfully set up DHCP and can connect to the Internet with a new DFL-210, however, even after configuring the DNS addresses into the DFL-210, I had to go and manually input them into each LAN PC to be able to actually get on the web. Isn't the DFL-210 supposed to provide the DNS entries you configure it with to the LAN PCs, so you don't have to configure each and every LAN PC DNS setting? Did I miss something? Thanks much, your sites are awesome.

Stephen Skarlatos

Yes, the DFL-210 DHCP provides the DNS addresses automatically to the LAN clients. My Wan interface is setup to use DHCP from my broadband provider (FIOS)and retrieves the WAN IP, Gateway IP, and DNS IPs. I don't remember doing anything special to make that happen, other than leaving the DNS entries under system as wan_dns1 and wan_dns2.

Computer Rescue

Hello, I am attempting to set one of these up with a static ip via charter communications. I go through the wizard and enter all the correct info in, one thing that confuses me is the 192.168.1.0/24, the subnet for the static ip is 255.255.255.252 so would I enter 192.168.1.0/30 for that?

After the setup, the DHCP works but I am unable to access the internet, do I still have to enable the DHCP checkbox on the WAN side even though my client is a static customer?

Thanks in advance!

Brian

Not sure if anyone can help but I need to set up VPN passthrough and I can't seem to get it to work. I can get VPN to work on the Router but I need to have an internal server be the VPN server and I it won't make a connection to the internal VPN server. FYI it seems to work fine from inside the network.... I think it might be GRE not passing but I am not sure?

us vpn

It worked like a charm, thank you very much.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)