D-Link Blog Home

When you use the Virtual Server, Port Forwarding, or Remote Administration features to open specific ports to traffic from the Internet, you could be increasing the exposure of your LAN to cyberattacks from the Internet.

In these cases, you can use Inbound Filters to limit that exposure by specifying the IP addresses of internet hosts that you trust to access your LAN through the ports that you have opened. You might, for example, only allow access to a game server on your home LAN from the computers of friends whom you have invited to play the games on that server.

Inbound Filters can be used for limiting access to a server on your network to a system or group of systems. Filter rules can be used with Virtual Server, Gaming, or Remote Administration features. Each filter can be used for several functions; for example a “Game Clan” filter might allow all of the members of a particular gaming group to play several different games for which gaming entries have been created. At the same time an “Admin” filter might only allows systems from your office network to access the WAN admin pages and an FTP server you use at home. If you add an IP address to a filter, the change is effected in all of the places where the filter is used.

Add/Edit Inbound Filter Rule

Here you can add entries to the Inbound Filter Rules List below, or edit existing entries.

Name

Enter a name for the rule that is meaningful to you.

Action

The rule can either Allow or Deny messages.

Source IP Range

Define the ranges of Internet addresses this rule applies to. For a single IP address, enter the same address in both the Start and End boxes. Up to eight ranges can be entered. The Enable checkbox allows you to turn on or off specific entries in the list of ranges.

Save
Saves the new or edited Inbound Filter Rule in the following list. When finished updating the Inbound Filter Rules List, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Inbound Filter Rules List

The section lists the current Inbound Filter Rules. An Inbound Filter Rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the “Edit Inbound Filter Rule” section is activated for editing.

In addition to the filters listed here, two predefined filters are available wherever inbound filters can be applied:

Allow All

Permit any WAN user to access the related capability.

Deny All

Prevent all WAN users from accessing the related capability. (LAN users are not affected by Inbound Filter Rules.)

Tags: INBOUND FILTER, Port Forwarding, Virtual Server

Step 1: Open a web browser and type the IP address of the D-Link DI-624M in the address bar (default is 192.168.0.1). Press Enter.

Step 2: The default username is admin (all lower case) and the default password is blank (nothing). Click OK.

Step 3: Click on Advanced on the top and then Virtual Server on the left.

Step 4: Click on the trash can to delete one of the built-in Virtual Server entries.

Step 5: Click on the Enabled radio button and give the Virtual Server a name. Specify the Private IP address, Protocol Type, Public Port, Private Port, and Schedule. Apply the settings.

Read More: What is the difference between Virtual Server and Port Forwarding?

Tags: DI-624M, Virtual Server

The DMZ feature allows you to forward all incoming ports to one computer on the local network. The DMZ, or Demilitarized Zone, will allow the specified computer to be exposed to the Internet. DMZ is useful when a certain application or game does not work through the firewall. The computer that is configured for DMZ will be completely vulnerable on the Internet, so it is suggested that you try opening ports from the Virtual Server or Firewall settings before using DMZ.

Depending on the D-Link router models, divided into the following set of several.

1.DI-514, DI-524, DI-604, DI-614+, DI-624 OR
DI-704P (revB), DI-704P (revC), DI-704UP, DI-707P, DI-714P+, DI-754, DI-764, DI-774, DI-784

Step 1: Open your web browser and enter the IP address of your router (192.168.0.1). Enter username (admin) and your password (leave blank).

Step 2: Click the Advanced tab and then click on the DMZ button.

Step 3: Select Enable and type in the IP address of the computer you want to use as DMZ host.

Step 4: Click Apply and then Continue to save the changes.

2.For the DI-704, DI-704P (revA), DI-707, DI-711 (revA), DI-713, and DI-713P:

Step 1: Open your web browser and enter the IP address of your router (192.168.0.1). Enter username (admin) and your password (leave blank). If you have only 1 box, enter admin.

Step 2: At the bottom, click Advanced and then click Misc Items.

Step 3: Type in the IP address of the computer you want to use as DMZ host. Click the box to enable DMZ.

Step 4: Click Save and then Yes when prompted to reboot router.

3.For the DI-711 (revB), 714, and 804:

Step 1: Open your web browser and enter the IP address of the router (192.168.0.1).

Step 2: Enter your username (admin) and password (blank) and click Log in.

Step 3: Click on Advanced Settings on top and then click Virtual Server Settings on the left side.

Step 4: Next to Internal IP, enter the last number of the IP address of your computer that you want to use (i.e. 192.168.0.100). Next to Service, click the down arrow and select ALL(DMZ).

Step 5: Click Submit and then Save and Restart to save settings.

Tags: di-524, DI-624, DI-704P, DMZ, Virtual Server

Virtual Server – is used to forward a specific external port to an internal port in a one port to one port relationship. This would allow WAN side connections to come to the LAN side of your network. Virtual Server settings are commonly used for Port Redirection, when you use a public port that is different from the private port. This use is common if you are accessing multiple cameras. For for ease of use, you keep the cameras all on port 80 to view the web interface, but because the router will only allow port 80 to be opened to one IP, you would use Virtual server to redirect other ports to the LAN side cameras on port 80.

Example: In Virtual Server you would set your first camera as public port 81, private port of 80 and set it private IP accordingly. Then make the second camera public port 82, private port 80 and set its private IP accordingly. Internally (from LAN) both camera can be accessed at their IP address and port 80. From the outside(from WAN) they are access from the WAN ip address and their respective Public port, camera one at 81 and camera two at 82. http://wan-ip-address:81 typed into your browser will show you the web page of camera one.

Port Forwarding – is used to allow data to come from the WAN (Internet) and pass through the firewall to the destination ip address(s). This is used when a device or application behind the firewall of your router needs access to a range of ports to function properly. (E.g. online games or gaming consoles, FTP servers and network cameras.)
However, no two devices or machines on the LAN side of the router can use the same port number at the same time.

Example: In the case of the camera above, for Virtual Server, you kept the HTTP port as 80 and used Virtual Server to make the public port 81. To cover the streaming ports, Audio, Video, and control (DCS-5300G) you will have to set each port range unique to each camera and put those ranges in Port Forwarding. You can keep 5001-5003 for camera one but need to make camera two unique, may be 5004-5006.

In the end you will have used the Virtual Server for redirection and the Port Forwarding rules to allow a range of ports through the router to a LAN side device.

Tags: Port Forwarding, Virtual Server