DSL-504T ADSL router port filtering and other issues
Hi
I have to setup ADSL at home. I live in South Africa and am using the DSL-504T ADSL router ( http://www.dlink.co.za/dsl-504t.php ) to facilitate and share the connection on the property to 2 separate PC’s, as well as network both PC’s up to the same workgroup.
At first I couldn’t get the ADSL account to work at all on the router, but I flashed the firmware and this sorted everything out.
Broadband internet connection is now running fine on the property and both PC’s are getting the connection 100%.
I did do a few extra things by assigning the 2 computers on the network static IP addresses, with subnet masks and the routers IP address as the default gateway. The setup is like this
384 Home ADSL connection running into DSL-504T ADSL router
Dynamic DNS Setup and configured on the router correctly - www.dyndns.com
2 PC’s networked via the DSL-504T ADSL router
DSL-504T ADSL router static IP of 192.168.1.1
Dad’s Static IP Address 192.168.1.2
Son’s Static IP Address 192.168.1.3
DHCP has been deactivated on the DSL-504T ADSL router because both PC’s are running an Static Internal IP Address
This is where I need some experts assistance please.
Problem 1
I have a teenage son who will just abuse the line and inevitably waste the CAP allocated by the ISP when he gets home from school and is alone with the broadband connection. My son has his own PC and the I have my own PC; neither of us can use each others PC but both are networked together via the router and both have broadband connection.
I know on the DSL-504T router there are filter settings that you can configure – as shown at
May I ask your help to configure the filter correctly?
Basically what I want to do is only allow my son’s computer (IP 192.168.1.3) to only have access to the following traffic on their respective ports. HTTP access for example might run on both port 80 and port 443 - so for the following protocols all the ports they use must be available and remain unblocked.
SMTP for outgoing email
POP3 for incoming email
HTTP access for websites
I am not sure when to configure the ‘Source’ or the ‘Destination’ settings for the above ports and I am also not sure when to use the ‘Outbound Filter’ or ‘Inbound Filter’ - as shown in image at
These download applications and programs that are developed nowadays, like limewire for example, are smart enough so that if you do go ahead and block the port that they use by default they simply port hop and use another available port to carry on working. To eliminate this problem what I tried to do is block port ranges. I went ahead and blocked port ranges
1 to 24 leaving port 25 open for SMTP
26 to 79 leaving port 80 open for HTTP
81 to 109 leaving port 110 open for POP3
111 to 65535 blocking all other ports
But I don’t think I configured the ‘Source’ or the ‘Destination’ settings in the filter correctly when doing so because when I configured the above settings it blocked all traffic and nothing seemed to work; and I was not confident if I should use the ‘Outbound’ or ‘Inbound’ filter? I was also not sure for HTTP Port 80 traffic how to allow in to come in and go out.
Would you mind helping me getting this correct? I only need to configure it for the IP address of the Son’s PC – my PC (With IP 192.168.1.2) must stay unblocked on all ports.
Problem 2
I cannot get web management working – i.e. logging onto the router via port 80 from a remote location in order to configure it. ( I have setup Dynamic DNS and it is working 100%.) - www.dyndns.com
Problem 3
I cannot get RDP Port forwarding to work. I have setup Dynamic DNS and it is working 100%, but the only way I am able to RDP into an internal IP Address is by configuring DMZ to my internal IP – I have followed the steps found at http://www.dlink.co.za/Support/Setup/DSL-G604T/How%20do%20I%20setup%20Port%20Forwarding%20on%20my%20DSL-G604T%20&%20DSL-504T.pdf but with no success.
Thanks in advance experts
Mustek
I have to setup ADSL at home. I live in South Africa and am using the DSL-504T ADSL router ( http://www.dlink.co.za/dsl-504t.php ) to facilitate and share the connection on the property to 2 separate PC’s, as well as network both PC’s up to the same workgroup.
At first I couldn’t get the ADSL account to work at all on the router, but I flashed the firmware and this sorted everything out.
Broadband internet connection is now running fine on the property and both PC’s are getting the connection 100%.
I did do a few extra things by assigning the 2 computers on the network static IP addresses, with subnet masks and the routers IP address as the default gateway. The setup is like this
384 Home ADSL connection running into DSL-504T ADSL router
Dynamic DNS Setup and configured on the router correctly - www.dyndns.com
2 PC’s networked via the DSL-504T ADSL router
DSL-504T ADSL router static IP of 192.168.1.1
Dad’s Static IP Address 192.168.1.2
Son’s Static IP Address 192.168.1.3
DHCP has been deactivated on the DSL-504T ADSL router because both PC’s are running an Static Internal IP Address
This is where I need some experts assistance please.
Problem 1
I have a teenage son who will just abuse the line and inevitably waste the CAP allocated by the ISP when he gets home from school and is alone with the broadband connection. My son has his own PC and the I have my own PC; neither of us can use each others PC but both are networked together via the router and both have broadband connection.
I know on the DSL-504T router there are filter settings that you can configure – as shown at
May I ask your help to configure the filter correctly?
Basically what I want to do is only allow my son’s computer (IP 192.168.1.3) to only have access to the following traffic on their respective ports. HTTP access for example might run on both port 80 and port 443 - so for the following protocols all the ports they use must be available and remain unblocked.
SMTP for outgoing email
POP3 for incoming email
HTTP access for websites
I am not sure when to configure the ‘Source’ or the ‘Destination’ settings for the above ports and I am also not sure when to use the ‘Outbound Filter’ or ‘Inbound Filter’ - as shown in image at
These download applications and programs that are developed nowadays, like limewire for example, are smart enough so that if you do go ahead and block the port that they use by default they simply port hop and use another available port to carry on working. To eliminate this problem what I tried to do is block port ranges. I went ahead and blocked port ranges
1 to 24 leaving port 25 open for SMTP
26 to 79 leaving port 80 open for HTTP
81 to 109 leaving port 110 open for POP3
111 to 65535 blocking all other ports
But I don’t think I configured the ‘Source’ or the ‘Destination’ settings in the filter correctly when doing so because when I configured the above settings it blocked all traffic and nothing seemed to work; and I was not confident if I should use the ‘Outbound’ or ‘Inbound’ filter? I was also not sure for HTTP Port 80 traffic how to allow in to come in and go out.
Would you mind helping me getting this correct? I only need to configure it for the IP address of the Son’s PC – my PC (With IP 192.168.1.2) must stay unblocked on all ports.
Problem 2
I cannot get web management working – i.e. logging onto the router via port 80 from a remote location in order to configure it. ( I have setup Dynamic DNS and it is working 100%.) - www.dyndns.com
Problem 3
I cannot get RDP Port forwarding to work. I have setup Dynamic DNS and it is working 100%, but the only way I am able to RDP into an internal IP Address is by configuring DMZ to my internal IP – I have followed the steps found at http://www.dlink.co.za/Support/Setup/DSL-G604T/How%20do%20I%20setup%20Port%20Forwarding%20on%20my%20DSL-G604T%20&%20DSL-504T.pdf but with no success.
Thanks in advance experts
Mustek
ASKER
http://www.dlink.co.za/dsl-504t_tech_s.php - the firware versions i flashed on the router
also, i am trying to post screen shots of the router filter page - as soon as they are uploaded I will provide the links to them.
also, i am trying to post screen shots of the router filter page - as soon as they are uploaded I will provide the links to them.
ASKER
irwinpks
#1.. use a software like this
http://www.netlimiter.com/index.php
I had downloaded and checked out netlimiter but the problem is that it needs to be installed on the son's pc in order to work correctly. And with my router having the capability of blocking ports I want to get that sorted rather than use (and have to pay for) 3rd party software.
#2 are you accessing via an IP or a domain name?
I am accessing a a domain name that is linked to my IP - in south africa the telecommunication provider does not give you a static IP address with home ADSL lines - therefore I have to use a work around solution by registering at www.dyndns.com and assign a domain name to my dynamic IP, so when my IP updates on a daily basis, it in turn updates my domain name that I have registered at www.dyndns.com
#3 what happens whent you login via the IP address of the session that is current?
not sure what you mean by this. what i can say is that if i dont have DMZ configured on my router then I cannot RDP into my home pc. but DMZ allows all traffic through and I want to specifically only setup RDP traffic on Port 3389 to be forwarded (port forwarding) to my internal IP Address.
thanks
Mustek
#1.. use a software like this
http://www.netlimiter.com/index.php
I had downloaded and checked out netlimiter but the problem is that it needs to be installed on the son's pc in order to work correctly. And with my router having the capability of blocking ports I want to get that sorted rather than use (and have to pay for) 3rd party software.
#2 are you accessing via an IP or a domain name?
I am accessing a a domain name that is linked to my IP - in south africa the telecommunication provider does not give you a static IP address with home ADSL lines - therefore I have to use a work around solution by registering at www.dyndns.com and assign a domain name to my dynamic IP, so when my IP updates on a daily basis, it in turn updates my domain name that I have registered at www.dyndns.com
#3 what happens whent you login via the IP address of the session that is current?
not sure what you mean by this. what i can say is that if i dont have DMZ configured on my router then I cannot RDP into my home pc. but DMZ allows all traffic through and I want to specifically only setup RDP traffic on Port 3389 to be forwarded (port forwarding) to my internal IP Address.
thanks
Mustek
>>" ‘Source’ or the ‘Destination’ settings in the filter correctly when doing so because when I configured the above settings it blocked all traffic "
A couple of points, though I am not familiar with your unit.
-You also need port 53 This allows for DNS Domain name look up to resolve your web sites to IP addresses.
-Source and destination addresses would usually be 0.0.0.0 ( = any) for external/WAN and the IP of the computer you are configuring for internal/LAN
-Source and destination ports, in the case would usually be the same, for a given service such as HTTP, port 80
-On many (not all) routers, default rules apply, allowing all outgoing traffic, and filtering/firewalling inbound traffic as you might expect. However, as soon as you create a rule or filter on an interface, such as the inside, all traffic is blocked except for that for which you create a rule. Rules are also carried out in order on most routers. So you might want to try adding rules to allow 53,80,443 and then your last rule to block all. As mentioned this is only how some routers function.
A couple of points, though I am not familiar with your unit.
-You also need port 53 This allows for DNS Domain name look up to resolve your web sites to IP addresses.
-Source and destination addresses would usually be 0.0.0.0 ( = any) for external/WAN and the IP of the computer you are configuring for internal/LAN
-Source and destination ports, in the case would usually be the same, for a given service such as HTTP, port 80
-On many (not all) routers, default rules apply, allowing all outgoing traffic, and filtering/firewalling inbound traffic as you might expect. However, as soon as you create a rule or filter on an interface, such as the inside, all traffic is blocked except for that for which you create a rule. Rules are also carried out in order on most routers. So you might want to try adding rules to allow 53,80,443 and then your last rule to block all. As mentioned this is only how some routers function.
@Mustek...regarding #3
You are assigned a dynamic IP address per session...so use that temporarily just to test versus a domain name.
You are assigned a dynamic IP address per session...so use that temporarily just to test versus a domain name.
ASKER
Hi Experts
First off I do apologize for not taking so long to update this question. There are no excuses and I humbly apologize.
I started dealing directly with the support team from D-Link South Africa and through a contact there have managed to sort out the problems I was experiencing with this router. With that in mind could I ask the experts that responded to my question their suggestions and recommendations on how I should go about closing this question.
Many Thanks
Mustek
First off I do apologize for not taking so long to update this question. There are no excuses and I humbly apologize.
I started dealing directly with the support team from D-Link South Africa and through a contact there have managed to sort out the problems I was experiencing with this router. With that in mind could I ask the experts that responded to my question their suggestions and recommendations on how I should go about closing this question.
Many Thanks
Mustek
mustekkzn, thank you for the update. Where you resolved the problem on your own you can request to have a question closed and points refunded by posting a 0 point question requesting the moderators to do so, in the community support forum:
https://www.experts-exchange.com/Community_Support/
Instructions can be found here:
https://www.experts-exchange.com/help.jsp#hi71
It's always nice for those who follow in your footsteps, if you can post what the solution was.
Cheers,
--Rob
https://www.experts-exchange.com/Community_Support/
Instructions can be found here:
https://www.experts-exchange.com/help.jsp#hi71
It's always nice for those who follow in your footsteps, if you can post what the solution was.
Cheers,
--Rob
ASKER
Hi Experts
First off I do apologize for taking so long to update this question. There are no excuses and I humbly apologize.
I started dealing directly with the support team from D-Link South Africa and through a contact there have managed to sort out the problems I was experiencing with this router. With that in mind could I ask the experts that responded to my question their suggestions and recommendations on how I should go about closing this question.
Many Thanks
Mustek
First off I do apologize for taking so long to update this question. There are no excuses and I humbly apologize.
I started dealing directly with the support team from D-Link South Africa and through a contact there have managed to sort out the problems I was experiencing with this router. With that in mind could I ask the experts that responded to my question their suggestions and recommendations on how I should go about closing this question.
Many Thanks
Mustek
ASKER
I corresponded with D-Link Africa and got the problems I was having resolved that way. I will post my correspondance in this question so that if folks every have the same type of problem I was having at least there is an answer posted here. My next post will be all the emails sent back and forth between myself and D-Link Africa and subsequently it is a rather long post.
Many Thanks
Mustek
Many Thanks
Mustek
ASKER
Dear Mustek
Ok, now I understand what problem 3 is ;)
For remote web management you must insert a ‘ghost’ IP (Any IP), but the netmask must be 0.0.0.0
Best Regards
Senior Support Engineer
D-Link Africa
Hi D-Link Africa
Sorry, but I confused with your reply below.
The issue I was having with RDP is now totally sorted out and RDP on the router is working perfect.
The only issue I am having now is remote web management of my router. Attached are the screen shots. As shown, I cant insert an IP of 0.0.0.0 and even if I could I do not know what subnet mask to then put in. you said below that instead of using 0.0.0.0 that I must rather select the option ‘Any IP’ but that option is not at all available under the ‘remote web management’ section. Attachment 3 shows the screen where I configure it before I have clicked on ‘Apply’ at the bottom. As soon as I do that it pops up with errors shown in attachments 1 and 2.
Thanks
Mustek
Dear Mustek
Issue 1: Instead of using 0.0.0.0 choose the option that says “Any IP”
That should work.
Issue 2: You have to go to TOOLS and enable “Remote Web Management” for you to be able to connect to the device remotely.
Best Regards
Senior Support Engineer
D-Link Africa
Hi D-Link Africa
Just want to update you.
Problem number 2 – the port forwarding problem is sorted out. I deactivated DMZ this morning and when I got to work I was able to RDP into my the PC using ‘Windows XP Remote Desktop Connection’ and going in over my Dynamic DNS name.
However I am still having a problem with ‘Problem 1’ – remote router web management.
I have attached 3 pictures showing the error it gives me when I try inserting IP 0.0.0.0. I also tried 0.0.0.0, 255.255.255.255 and 255.255.255.0 as the subnet mask with the IP 0.0.0.0 but the errors still occur. Picture 3 shows the screen where I configure it before I have clicked on ‘Apply’ at the bottom. As soon as I do that it pops up with errors shown in picture 1 and 2.
Thanks
Mustek
Dear Mustek
No, when you add the Allow rules and then later the Deny rules the Router will see them as different entities that in the end work together. Meaning that it does not matter which you do first as long as the allow gaps are correct it should work.
Issues:
1) You have to enable remote management under TOOLS for you to be able to configure the unit remotely. Keep the IP 0.0.0.0 this means that you can log into it from anywhere.
2) Setting up Port Forwarding is quite easy. Please just make sure that you forward all the ports used by RDP. This is the main reason why port forwarding won’t work.
Best Regards
Senior Support Engineer
D-Link Africa
Dear D-Link Africa
Thank you very much for the email below. You have gone to great lengths and trouble to fully help out and it is much appreciated. I am sure I will come right with this now.
I just want to run something by you that I thought of trying. Do you know if the filter rules work in sequence, so for example if configured all my ‘Allow’ rules first (so I stated allow traffic on ports 25, 53, 80 & 110) and then at the end of the filter list I make a new ‘Deny’ rule denying all traffic, would it go and allow all the ‘allow’ stated ports and then deny anything else or would the ‘deny’ rule cancel out the ‘allow’ rules?
Please, if possible, could you also just look at the other 2 problems I am having trouble with? Namely
1. I cannot get web management working – i.e. logging onto the router via port 80 from a remote location in order to configure it. ( I have setup Dynamic DNS and it is working 100%.)
2. I cannot get RDP Port forwarding to work. I have setup Dynamic DNS and it is working 100%, but the only way I am able to RDP into an internal IP Address is by configuring DMZ to the internal IP – I have followed the steps found at http://www.dlink.co.za/Support/Setup/DSL-G604T/How%20do%20I%20setup%20Port%20Forwarding%20on%20my%20DSL-G604T%20&%20DSL-504T.pdf but with no success.
Thanks a million – its really appreciated
Mustek
Dear Mustek
Advanced – Filters
Filter rules in the Router are put in place to allow or block specified traffic. The Filter Rules however can be used in a single direction to examine and then Allow or Deny traffic for Inbound (WAN to LAN) or Outbound (LAN to WAN) routed data. The rules based on IP address and TCP/UDP port.
Configure the filter rules as desired and click the Apply button to create the rule. The newly created rule appears listed in the Outbound Filter List at the bottom of the menu. The table below describes the various parameters that are configured for the filter
To modify any previously created filter rule, click on the note pad icon in the right hand column of the Filter List for the set you want to configure. Adjust the settings as desired and click the Apply button to put the new settings into effect.
First determine the direction of the traffic you want the rule to filter. To filter WAN to LAN traffic, select the Inbound Filter option. Any new Inbound Filter rules created will appear in the list. Likewise, should you wish to filter LAN to WAN traffic, create an Outbound Filter rule.
The parameters described below are used to set up filter rules
Parameter Description
Source IP For an Outbound Filter, this is the IP address or IP addresses on
your LAN for which you are creating the filter rule. For an Inbound Filter, this is the IP address or IP addresses for which you are creating the filter rule. You can opt to indicate a Mask Range, a Single IP, an IP Range or Any IP from the pull-down menu. Choosing Any IP will apply the rule to all WAN or all LAN IP addresses depending on which type of rule (Inbound or Outbound) is being configured.
Destination IP Where the Destination IP address resides also depends on if
you are configuring an Inbound or Outbound filter rule. You can opt to indicate a Mask Range, a Single IP, an IP Range or Any IP from the pull-down menu.
Source Port The Source Port is the TCP/UDP port on either the LAN or WAN
depending on if you are configuring an Outbound or Inbound Filter rule. Select one of the following options from the pull-down menu to define a Any Port, Single Port, Port Range or Safe Range (ports above 1024).
Destination Port The Destination Port is the TCP/UDP port on either the LAN or
WAN depending on if you are configuring an Outbound or Inbound Filter rule. Select one of the following options from the pull-down menu to define a Any Port, Single Port, Port Range or Safe Range (ports above 1024).
Protocol Select the transport protocol (TCP, UDP or All) that will be used
for the filter rule.
Action Select to Allow or Deny transport of the data packets according
to the criteria defined in the rule. Packets that are allowed are routed to their destination; packets that are denied are
Click the Apply button to put the new rule into effect. Any filter rule configured in the menu will appear in the Filters List with the new settings. The Router must save the new settings and reboot before the new rules are applied.
Best Regards
Senior Support Engineer
D-Link Africa
Hi D-Link Africa
Thanks for this.
Just a quick question to clarify something. Even though SMTP traffic on Port 25 is outgoing traffic, would I still configure an ‘Inbound’ filter and then just configure the ‘source port’ rather than the ‘destination port’ in that instance? Or would it be an ‘Outbound Filter’ I would need to configure because the traffic is outbound?
The reason I ask this is because if you look at the attachment it states
IP Outbound Filter – filters are used to allow or deny LAN users from accessing the internet
And
IP Inbound Filter
Filters are used to allow or deny WAN users from accessing the internal network
Thanks
Mustek
Dear Mustek
Congrats with the normal Internet connectivity setup.
You are on the right track when using Filters.
You’ll setup Inbound filters pointing to the Source IP of the boy’s PC and keep the Destination IP 0.0.0.0
Your Source and Destination Ports are the same as per your example at the bottom which is correct.
Protocol must be TCP/UDP and the Action would be disallow or block.
But on another note, 85% of web based traffic that normally depletes a cap is port 80 based traffic. If it is possible see if you can sell a DFL-M510 to this client. This unit can cap an IP n all traffic and a lot more.
Best Regards
Senior Support Engineer
D-Link Africa
Hi D-Link Africa
I had to recently go and help setup ADSL at a client’s house. They are using the DSL-504T ADSL router to facilitate and share the connection on the property to 2 separate PC’s, as well as network both PC’s up to the same workgroup.
I went out and checked out the problem. I took along all the firmware flashes, flashed the firmware, configured his account setting and everything was sorted out.
Broadband internet connection is running fine now on the property and both PC’s are getting the connection 100%.
I did do a few extra things by assigning the 2 computers on the network static IP addresses, with subnet masks and the routers IP address as the default gateway. The setup is like this
384 Home ADSL connection running into DSL-504T ADSL router
Dynamic DNS Setup and configured on the router correctly
2 PC’s networked via the DSL-504T ADSL router
DSL-504T ADSL router static IP of 192.168.1.1
Dad’s Static IP Address 192.168.1.2
Son’s Static IP Address 192.168.1.3
DHCP has been deactivated on the DSL-504T ADSL router because both PC’s are running an Static Internal IP Address
This is where I now need some help.
The client has a teenage son who will just abuse the line and inevitably waste the CAP allocated by the ISP when he gets home from school and is alone with the broadband connection. The son has his own PC and the father has his own PC; neither can use each others PC but both are networked together via the router and both have broadband connection.
I know on the DSL-G504T router there are filter settings that you can configure – as shown in the attachment. May I ask your help to configure the filter correctly?
Basically what I want to do is only allow the son’s computer (IP 192.168.1.3) to have access to 3 ports.
SMTP for outgoing email – Port 25
POP3 for incoming email – Port 110
HTTP access for websites – Port 80
I am not sure when to configure the ‘Source’ or the ‘Destination’ settings for the above ports and I am also not sure when to use the ‘Outbound Filter’ or ‘Inbound Filter’.
These download applications and program that are developed nowadays, like limewire, are smart enough so that if you do go ahead and block the port they use by default they simply port hop and use another available port to carry on working. To eliminate this problem what I tried to do is block port ranges. I went ahead and blocked ranges
1 à 24 leaving 25 open for SMTP
26 à 79 leaving 80 open for HTTP
81 à 109 leaving 110 open for POP3
111 à 65535 blocking all other ports
But I don’t think I configured the ‘Source’ or the ‘Destination’ settings in the filter correctly when doing so, and I was not confident if I should use the ‘Outbound’ or ‘Inbound’ filter? I was also not sure for HTTP Port 80 traffic how to allow in to come in and go out.
Would you mind helping me getting this correct? I only need to configure it for the IP address of the Son’s PC – the dad’s PC (With IP 192.168.1.2) must stay unblocked on all ports.
There are 2 other problems I am also experiencing with this setup.
3. I cannot get web management working – i.e. logging onto the router via port 80 from a remote location in order to configure it. ( I have setup Dynamic DNS and it is working 100%.)
4. I cannot get RDP Port forwarding to work. I have setup Dynamic DNS and it is working 100%, but the only way I am able to RDP into an internal IP Address is by configuring DMZ to the internal IP – I have followed the steps found at http://www.dlink.co.za/Support/Setup/DSL-G604T/How%20do%20I%20setup%20Port%20Forwarding%20on%20my%20DSL-G604T%20&%20DSL-504T.pdf but with no success.
Thanks a million, much appreciated
Mustek.
Ok, now I understand what problem 3 is ;)
For remote web management you must insert a ‘ghost’ IP (Any IP), but the netmask must be 0.0.0.0
Best Regards
Senior Support Engineer
D-Link Africa
Hi D-Link Africa
Sorry, but I confused with your reply below.
The issue I was having with RDP is now totally sorted out and RDP on the router is working perfect.
The only issue I am having now is remote web management of my router. Attached are the screen shots. As shown, I cant insert an IP of 0.0.0.0 and even if I could I do not know what subnet mask to then put in. you said below that instead of using 0.0.0.0 that I must rather select the option ‘Any IP’ but that option is not at all available under the ‘remote web management’ section. Attachment 3 shows the screen where I configure it before I have clicked on ‘Apply’ at the bottom. As soon as I do that it pops up with errors shown in attachments 1 and 2.
Thanks
Mustek
Dear Mustek
Issue 1: Instead of using 0.0.0.0 choose the option that says “Any IP”
That should work.
Issue 2: You have to go to TOOLS and enable “Remote Web Management” for you to be able to connect to the device remotely.
Best Regards
Senior Support Engineer
D-Link Africa
Hi D-Link Africa
Just want to update you.
Problem number 2 – the port forwarding problem is sorted out. I deactivated DMZ this morning and when I got to work I was able to RDP into my the PC using ‘Windows XP Remote Desktop Connection’ and going in over my Dynamic DNS name.
However I am still having a problem with ‘Problem 1’ – remote router web management.
I have attached 3 pictures showing the error it gives me when I try inserting IP 0.0.0.0. I also tried 0.0.0.0, 255.255.255.255 and 255.255.255.0 as the subnet mask with the IP 0.0.0.0 but the errors still occur. Picture 3 shows the screen where I configure it before I have clicked on ‘Apply’ at the bottom. As soon as I do that it pops up with errors shown in picture 1 and 2.
Thanks
Mustek
Dear Mustek
No, when you add the Allow rules and then later the Deny rules the Router will see them as different entities that in the end work together. Meaning that it does not matter which you do first as long as the allow gaps are correct it should work.
Issues:
1) You have to enable remote management under TOOLS for you to be able to configure the unit remotely. Keep the IP 0.0.0.0 this means that you can log into it from anywhere.
2) Setting up Port Forwarding is quite easy. Please just make sure that you forward all the ports used by RDP. This is the main reason why port forwarding won’t work.
Best Regards
Senior Support Engineer
D-Link Africa
Dear D-Link Africa
Thank you very much for the email below. You have gone to great lengths and trouble to fully help out and it is much appreciated. I am sure I will come right with this now.
I just want to run something by you that I thought of trying. Do you know if the filter rules work in sequence, so for example if configured all my ‘Allow’ rules first (so I stated allow traffic on ports 25, 53, 80 & 110) and then at the end of the filter list I make a new ‘Deny’ rule denying all traffic, would it go and allow all the ‘allow’ stated ports and then deny anything else or would the ‘deny’ rule cancel out the ‘allow’ rules?
Please, if possible, could you also just look at the other 2 problems I am having trouble with? Namely
1. I cannot get web management working – i.e. logging onto the router via port 80 from a remote location in order to configure it. ( I have setup Dynamic DNS and it is working 100%.)
2. I cannot get RDP Port forwarding to work. I have setup Dynamic DNS and it is working 100%, but the only way I am able to RDP into an internal IP Address is by configuring DMZ to the internal IP – I have followed the steps found at http://www.dlink.co.za/Support/Setup/DSL-G604T/How%20do%20I%20setup%20Port%20Forwarding%20on%20my%20DSL-G604T%20&%20DSL-504T.pdf but with no success.
Thanks a million – its really appreciated
Mustek
Dear Mustek
Advanced – Filters
Filter rules in the Router are put in place to allow or block specified traffic. The Filter Rules however can be used in a single direction to examine and then Allow or Deny traffic for Inbound (WAN to LAN) or Outbound (LAN to WAN) routed data. The rules based on IP address and TCP/UDP port.
Configure the filter rules as desired and click the Apply button to create the rule. The newly created rule appears listed in the Outbound Filter List at the bottom of the menu. The table below describes the various parameters that are configured for the filter
To modify any previously created filter rule, click on the note pad icon in the right hand column of the Filter List for the set you want to configure. Adjust the settings as desired and click the Apply button to put the new settings into effect.
First determine the direction of the traffic you want the rule to filter. To filter WAN to LAN traffic, select the Inbound Filter option. Any new Inbound Filter rules created will appear in the list. Likewise, should you wish to filter LAN to WAN traffic, create an Outbound Filter rule.
The parameters described below are used to set up filter rules
Parameter Description
Source IP For an Outbound Filter, this is the IP address or IP addresses on
your LAN for which you are creating the filter rule. For an Inbound Filter, this is the IP address or IP addresses for which you are creating the filter rule. You can opt to indicate a Mask Range, a Single IP, an IP Range or Any IP from the pull-down menu. Choosing Any IP will apply the rule to all WAN or all LAN IP addresses depending on which type of rule (Inbound or Outbound) is being configured.
Destination IP Where the Destination IP address resides also depends on if
you are configuring an Inbound or Outbound filter rule. You can opt to indicate a Mask Range, a Single IP, an IP Range or Any IP from the pull-down menu.
Source Port The Source Port is the TCP/UDP port on either the LAN or WAN
depending on if you are configuring an Outbound or Inbound Filter rule. Select one of the following options from the pull-down menu to define a Any Port, Single Port, Port Range or Safe Range (ports above 1024).
Destination Port The Destination Port is the TCP/UDP port on either the LAN or
WAN depending on if you are configuring an Outbound or Inbound Filter rule. Select one of the following options from the pull-down menu to define a Any Port, Single Port, Port Range or Safe Range (ports above 1024).
Protocol Select the transport protocol (TCP, UDP or All) that will be used
for the filter rule.
Action Select to Allow or Deny transport of the data packets according
to the criteria defined in the rule. Packets that are allowed are routed to their destination; packets that are denied are
Click the Apply button to put the new rule into effect. Any filter rule configured in the menu will appear in the Filters List with the new settings. The Router must save the new settings and reboot before the new rules are applied.
Best Regards
Senior Support Engineer
D-Link Africa
Hi D-Link Africa
Thanks for this.
Just a quick question to clarify something. Even though SMTP traffic on Port 25 is outgoing traffic, would I still configure an ‘Inbound’ filter and then just configure the ‘source port’ rather than the ‘destination port’ in that instance? Or would it be an ‘Outbound Filter’ I would need to configure because the traffic is outbound?
The reason I ask this is because if you look at the attachment it states
IP Outbound Filter – filters are used to allow or deny LAN users from accessing the internet
And
IP Inbound Filter
Filters are used to allow or deny WAN users from accessing the internal network
Thanks
Mustek
Dear Mustek
Congrats with the normal Internet connectivity setup.
You are on the right track when using Filters.
You’ll setup Inbound filters pointing to the Source IP of the boy’s PC and keep the Destination IP 0.0.0.0
Your Source and Destination Ports are the same as per your example at the bottom which is correct.
Protocol must be TCP/UDP and the Action would be disallow or block.
But on another note, 85% of web based traffic that normally depletes a cap is port 80 based traffic. If it is possible see if you can sell a DFL-M510 to this client. This unit can cap an IP n all traffic and a lot more.
Best Regards
Senior Support Engineer
D-Link Africa
Hi D-Link Africa
I had to recently go and help setup ADSL at a client’s house. They are using the DSL-504T ADSL router to facilitate and share the connection on the property to 2 separate PC’s, as well as network both PC’s up to the same workgroup.
I went out and checked out the problem. I took along all the firmware flashes, flashed the firmware, configured his account setting and everything was sorted out.
Broadband internet connection is running fine now on the property and both PC’s are getting the connection 100%.
I did do a few extra things by assigning the 2 computers on the network static IP addresses, with subnet masks and the routers IP address as the default gateway. The setup is like this
384 Home ADSL connection running into DSL-504T ADSL router
Dynamic DNS Setup and configured on the router correctly
2 PC’s networked via the DSL-504T ADSL router
DSL-504T ADSL router static IP of 192.168.1.1
Dad’s Static IP Address 192.168.1.2
Son’s Static IP Address 192.168.1.3
DHCP has been deactivated on the DSL-504T ADSL router because both PC’s are running an Static Internal IP Address
This is where I now need some help.
The client has a teenage son who will just abuse the line and inevitably waste the CAP allocated by the ISP when he gets home from school and is alone with the broadband connection. The son has his own PC and the father has his own PC; neither can use each others PC but both are networked together via the router and both have broadband connection.
I know on the DSL-G504T router there are filter settings that you can configure – as shown in the attachment. May I ask your help to configure the filter correctly?
Basically what I want to do is only allow the son’s computer (IP 192.168.1.3) to have access to 3 ports.
SMTP for outgoing email – Port 25
POP3 for incoming email – Port 110
HTTP access for websites – Port 80
I am not sure when to configure the ‘Source’ or the ‘Destination’ settings for the above ports and I am also not sure when to use the ‘Outbound Filter’ or ‘Inbound Filter’.
These download applications and program that are developed nowadays, like limewire, are smart enough so that if you do go ahead and block the port they use by default they simply port hop and use another available port to carry on working. To eliminate this problem what I tried to do is block port ranges. I went ahead and blocked ranges
1 à 24 leaving 25 open for SMTP
26 à 79 leaving 80 open for HTTP
81 à 109 leaving 110 open for POP3
111 à 65535 blocking all other ports
But I don’t think I configured the ‘Source’ or the ‘Destination’ settings in the filter correctly when doing so, and I was not confident if I should use the ‘Outbound’ or ‘Inbound’ filter? I was also not sure for HTTP Port 80 traffic how to allow in to come in and go out.
Would you mind helping me getting this correct? I only need to configure it for the IP address of the Son’s PC – the dad’s PC (With IP 192.168.1.2) must stay unblocked on all ports.
There are 2 other problems I am also experiencing with this setup.
3. I cannot get web management working – i.e. logging onto the router via port 80 from a remote location in order to configure it. ( I have setup Dynamic DNS and it is working 100%.)
4. I cannot get RDP Port forwarding to work. I have setup Dynamic DNS and it is working 100%, but the only way I am able to RDP into an internal IP Address is by configuring DMZ to the internal IP – I have followed the steps found at http://www.dlink.co.za/Support/Setup/DSL-G604T/How%20do%20I%20setup%20Port%20Forwarding%20on%20my%20DSL-G604T%20&%20DSL-504T.pdf but with no success.
Thanks a million, much appreciated
Mustek.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.netlimiter.com/index.php
#2 are you accessing via an IP or a domain name?
#3 what happens whent you login via the IP address of the session that is current?
Regarding #2 & #3, you are better off with a static IP