Aug 12

Note: This FAQ will demonstrate how to set up DNS relay so that a computer running on the LAN port can use the LAN IP of the D-Link firewall as a DNS server.

D-Link Netdefend firewall Details:

• LAN IP on firewall: 192.168.1.1
• Lannet on firewall: 192.168.1.0/24
• External DNS Server: 4.2.2.2

Step 1: Open the web browser and type the IP address of the firewall into the address bar (default is 192.168.1.1). Press Enter.

Step 2: Click on the plus sign next to Objects, select Address Book, and then select Interface Addresses.

Step 3: Click on Add and select IP address from the dropdown menu.

Step 4: Configure the D-Link DNS server address as followed:

• Name: Name as desired (dns_server in this example).
• IP Address: External DNS server address.

dlink-firewall-dns-relay-1

Click on OK.

Step 5: Click on the plus sign next to Rules and then select IP Rules.

Step 6: Click on Add and select IP Rule from the dropdown menu.

Step 7: Create the IP Rule as followed:

• Name: Name as desired
• Action: SAT
• Service: dns-all
• Schedule: None
• Source interface: lan
• Source network: lannet
• Destination interface: core
• Destination network: lan_ip

dlink-firewall-dns-relay-2

Step 8: Click on the SAT tab and under New IP Address select dns_server (as created in Step 4) from the dropdown menu.

dlink-firewall-dns-relay-3

Step 9: Click on Add to create another IP Rule and configure it as followed:

• Name: Name as desired
• Action: NAT
• Service: dns-all
• Schedule: None
• Source interface: lan
• Source network: lannet
• Destination interface: core
• Destination network: lan_ip

dlink-firewall-dns-relay-4

Note: If the environment is not NAT, then the action is Allow.

Step 10: Click on the Configuration tab and select Save and Activate from the dropdown menu. Click on OK to save and activate your changes.

Note: Make sure these two rules are triggered before any generic rules (e.g. allow_standard rules).And also, configure all PCs to have the firewall lan_ip (192.168.1.1) as DNS server.

Tags: , ,

Aug 12

Note: You may consider binding a secondary IP address to one NIC that matches the new network segment for this configuration ahead of actual firewall configuration.

Step 1: Open a web browser and type the IP address of the D-Link firewall into the address bar (default is 192.168.1.1). Press Enter.

Step 2: The default username is admin (all lower case) and the password is admin (all lower case). Click on OK.

Step 3: Click on the plus sign next to Objects, select Address Book, and then select Interface Addresses.

dlink-netdefend-firewall-1

Step 4: Click on the lan_ip folder and edit the IP address as desired and then click OK.

dlink-netdefend-firewall-2

Note: You will also need to change the lan subnet and DHCP client pool (Only if a DHCP server is enabled on the firewall) to reflect the new IP subnet.

Step 5: Click on the Configuration tab and select Save and Activate from the drop-down menu. Click on OK to save and activate your changes.

dlink-netdefend-firewall-3

Note: The new LAN IP address will have to accessed within the validation timeout period. The default value is 30 seconds. To change the timeout period, click on the plus sign next to System, select Remote Management, and then select Advanced Settings. Change the Validation Timeout, and click OK.

Tags: ,

css.php