Solve the Problem of reasonable coordination between D-link router configuration and firewall configuration

You may encounter many problems when you contact the D-link router configuration. It is necessary to solve these problems, the following describes how to properly coordinate D-link router configuration and firewall configuration.

Solve the Problem of reasonable coordination between D-link router configuration and firewall configuration

Company gateway with a D-LINK DI-604LB + Multi Wan port router, the old man has come, since there is such a fierce thing, it can not waste, originally prepared to change ISA, unfortunately that IBM X3400 only one network card, and then apply for a trouble again waste, can only do the best to make the DI-604LB + play a role.

Previously, someone else set up the network project and started the DHCP service. As a result, all the IP addresses in the LAN were automatically obtained. When the old man came, they all had dynamic IP addresses, causing a headache, although there are not many computers, it is easy to cause conflicts, and it is also tiring to run upstairs and downstairs. Therefore, I am too lazy to disable the DHCP service of the vro, enable the DHCP service on another server, and plan the IP segment, use macscan with the free version of Active wall to get the MAC address of all users, retain all IP addresses in DHCP, and shorten the lease period, so that all IP addresses are fixed the next day. Start DI-604LB + firewall configuration, now "Advanced Configuration" "ARP binding configuration" to bind all IP and MAC, then open "firewall configuration", find the IN direction of the LAN0 port, click FW LAN0 IN to add the rule set. This was a bit confusing at first, and it was easy to understand.

Note on the right: the Filter list is an ordered statement set. It matches the message information and access table parameters in a top-down order to allow or deny packets through an interface. If a rule in the access list is passed, the matching rule will be stopped and will not be compared with other rules. That's the same as the ISA rule. The requirement is that all personnel at or above the supervisor level are not restricted, and other personnel are retained to send and receive emails. After the firewall is enabled, communication between all ports of all IP addresses and all ports of all IP addresses is rejected by default. Therefore, the first rule to add is to allow all users to access port 25 and port 110, the first step is to allow access at the master level.

The D-Link DI-604LB + Firewall function is also very bad, and no port set as ISA, can only be added one by one, add, State permit, protocol TCP, source IP address Any, source terminal slogan Any, destination IP address Any, and destination terminal slogan eq (=) 25. Do you want to define the time period? If you do not define it, you will not select it. Insert the position at the end, submit, and return, you can see that there is already a rule in "access list information". Click "edit" on the rightmost side of the rule, add the Top Modification point, change port number 25 to 110, and submit the rule again, in this way, the second rule is also done, and then add a master-level rule, add, State permit, Protocol IP, source IP Address, select IP Address, and add the IP Address to be allowed, you can also select IP Range to add IP segments to be allowed. For other default IP segments, change the insert position to the beginning, submit, and add other IP addresses to be allowed according to the previous method.

After adding the IP address, click "back" and check the application after FW LAN0 IN. Then, the rule is applied. Hey hey, if you didn't add your IP address to allow it, cannot even access the Router web interface? So remember. At this time, if you have been banned, you can go to the computer you just allowed to change the firewall rules. If you have set an error, you will not be able to access the Internet. You can simply turn off the router and re-open it, at this time, the rule has not been saved, and the restart rule is lost, and it is OK to re-Add the rule. Click "System Management", "configuration management", and click "save. For other refined configurations, you can configure them according to this idea. You can also set the time period in "time period configuration" in "basic configuration", and then start some functions of the time period in the firewall configuration. D-LINK DI-604LB + this stuff looks difficult, a little bit of it is not difficult, but those messy functions of the old man or there are a lot of don't touch clearly, the next day slowly learn D-link router configuration.

1. D-Link introduces a new generation of 54M Wireless Broadband Router
2. Application viewpoint: vro Basics
3. Describes how to test a vro
4. About Cisco router ports
5. D-Link DI-624 + A wireless router WIFI settings