Topic: D-Link 504 Problems

[sm@rt]

I have recently upgraded from ISDN to ADSL and bought myself a D-Link 504 Router, i have installed a second network card in my e-smith server\gateway and have setup portforwarding on the router, using port 80 to point to port 80 on the e-smith box.

I can get internet access from all local windows networked pcs\servers, but i cannot get access from the outside world.

Also, i am unable to ping my static isp ip address from my local network.

I have tried tracing the problem using VisualRoute 6.1 it says that i am losing ip packets from hop 1 (my e-smith server).

Please can anyone help, i urgently need for people to gain access..... i am sure that at sometime this week i have managed this, theres just something i have forgotten to do...

cheers
sm@rt

[Rob Wellesley]

Set up your D-Link DMZ to point to the external interface IP. This is the easiest way to by-pass the D-Link firewall. Also - check that the static IP given you by the ISP is actually the one loading up - from memory, in the D-Link web-admin, on the page where you enter your accounrt details, you can "click" to make a connection? The IP will show up once the connection is made.

Rob

[sm@rt]

Thanks Rob for the reply!

I have checked the D-Link 504 web-admin and have confirmed that the ip issued to me is the same. Your suggestion however did not work and i have tried several things. Including that of installing other firewall\server distributions.

However, i always find myself coming back to e-smith.

I tried just a straight forward link to one pc from the router and it worked fine, so it is definitely the e-smith server that is causing me problems.

All i am trying to do is allow access to an internal window 2000 server running some asp projects. So once the client has my ip or dyndns name, i want the 504 to port forward to the e-smith server, where i now have a menu to select projects on the windows 2000 server, where i use proxypass to get through.

This all worked fine when i had just a straightforward ISDN modem, just thought that the rounter would give me a more secure network here at home, but not so secure that knowone can get in. lol

Any ideas Rob, please.

cheers
sm@rt!

[sm@rt]

Thanks Rob for the reply!

I have checked the D-Link 504 web-admin and have confirmed that the ip issued to me is the same. Your suggestion however did not work and i have tried several things. Including that of installing other firewall\server distributions.

However, i always find myself coming back to e-smith.

I tried just a straight forward link to one pc from the router and it worked fine, so it is definitely the e-smith server that is causing me problems.

All i am trying to do is allow access to an internal window 2000 server running some asp projects. So once the client has my ip or dyndns name, i want the 504 to port forward to the e-smith server, where i now have a menu to select projects on the windows 2000 server, where i use proxypass to get through.

This all worked fine when i had just a straightforward ISDN modem, just thought that the rounter would give me a more secure network here at home, but not so secure that knowone can get in. lol

Any ideas Rob, please.

cheers
sm@rt!

[Rob Wellesley]

So your setup looks like this?

Internet
(dynamically applied static IP)
Adsl(192.168.1.1)
ext Nic of SME (192.168.1.2)
internal nic(192.168.0.1)

On SME setup

gateway = 192.168.1.1
dhcp = 192.168.0.65 - whatever

Open pinholes for ports on adsl and point to 196.168.1.2

Port forward from SME to internal servers

[sm@rt]

Thanks again Rob for your advice: Still does not work though! This is my setup:-

Internet
(dynamically applied static IP)
Adsl(192.168.0.1)
ext Nic of SME (192.168.0.2)
internal nic(192.168.10.1)
On SME setup
gateway = 192.168.0.1
dhcp = 192.168.10.65 - whatever
Open pinholes for ports on adsl and point to 196.168.0.2
Port forward from SME to internal servers

I can ping from the SME and get a reply of 192.168.0.1 (adsl) but not from internal clients....No reply at all....

cheers
sm@rt

[sm@rt]

I have discovered via the use of a very good friend, that in fact everything is actually working ok, but only from the outside.

What i have been trying to do is ping or http the static ip address from my internal local network, which i could do previously using the isdn, but cannot now that i am using the ADSL router.

This is in fact my problem and not that is doesn;t work, is there a way around this so that i can test it myself.

I can ping and http  from the SME but not anywhere else.

cheers
sm@rt

[Rob wellesley]

I would think that you should be able to ping the static IP of the adsl from your internal network.


Can you ping your ISPs name servers?


Are you using identical NICs on your SME?

when configuring SME from the console the internal and external NICs are chosen from a driver list. If you have identical chipsets it is easy to choose the same "driver" for both cards. What in fact happens is that the same card is selected for both eth0 and eth1.

do an ifconfig and check the mac address (HWaddr) for each card - they should be different

Do..
# ifconfig | mail rob@winux.co.nz

...if you like and i will take a look at it.

[sm@rt]

This could well ne the answer Rob. As i had said previously, i am sure i had this working sometime earlier last week.

I did in fact have two different network cards in the SME, but because of the other problems i was experiencing, i change them both to 3Com's. This is when i stopped getting access to my static ip.

Going to put back the D-Link card i originally had installed and see what happens.

Thanks again Rob, much appreciated!

sm@rt

[sm@rt]

I have now swapped cards back and now have a 3com and a dlink. Both working fine and i can ping the two dns servers of the isp.

I cannot ping my own, or http it.

I am assured by a friend that everythings is ok from the www, but i dont like not being able to test it myself. I am trying to put together a business site for myself with a link to here at home for application asp driven websites.

sm@rt!

[Charlie Brady]

sm@rt wrote:

> However, i always find myself coming back to e-smith.

IMO you should always be coming back to the D-Link router.
 
> This all worked fine when i had just a straightforward ISDN
> modem, just thought that the rounter would give me a more
> secure network here at home, but not so secure that knowone
> can get in.

IMO the best thing that you can do is to put the D-Link router in a bottom drawer, and configure your server in server-gateway mode. You will have so much less trouble setting it up, without any measureable decrease in security.

Charlie