Configuration issues (firewall) with DI-524 D-Link

Hi, I've got a D-Link DI-524 (the DI-524UP, to be precise). I want to use PCanywhere to connect to the PC behind the router. But I seem to be to stupid to set the Firewall right. I can set the PC to "DMZ" and reach it perfectly well, but there must be a way to configure the Firewall, right? Please help, this drives me crazy! ;-) Thanks, Ulrich

Reply to
UH
Loading thread data ...

Turn OFF the stupid DMZ. That's not the correct way to do it. In effect, it disables all the router security to that machine and opens ALL the IP ports. Do not use the DMZ.

PCAnywhere 9 thru 12 use ports 5631 (TCP) and 5632 (UDP) for incoming traffic. These can be changed, so please make sure your PCAnywhere is using the default ports.

Specific instructions for the DI-524:

formatting link
copy the setup. Make sure that your client computer has either a static IP address, or that you have setup a "reserved" DHCP address. See the section called "static DHCP" in your router like:
formatting link

Reply to
Jeff Liebermann

Hi Jeff! This solved it, thank you! The key is to use the "virtual server", not the Firewall settings. Regarding DMZ: What I did was: Log in to the router remotely, enable DMZ, log on via PCanywhere, Log off PC anywhere, disable DMZ. It works, but it's a hassle. So thank you (and I'll happily go to portforward.com for my next router...). Have a great day, Ulrich

Reply to
UH
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Be warned that the so-called and badly misnamed "DMZ" feature in cheap consumer routers is (unlike *real* DMZ) a *huge* security hole. Like Jeff, I strongly advise against using it.

Reply to
John Navas

Hi you all.

I got PCanywhere to work without any DMZ. Thanks!

Now, I am trying to get Wake-up-on-LAN to work.

It works *with* DMZ, so the PC is properly configured.

I tried to set up a virtual server (like I did for PCanywhere), but that does not help. I cannot route to port 192.168.0.255 (which would be the broadcast-port, right?). If I route to the static port of my PC (which is what I do for PCanywhere), nothing happens because the PC is off.

What now? Any ideas? Thanks! Ulrich

Reply to
UH
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Read up on Wake-on-LAN; e.g.,

Reply to
John Navas

"UH" hath wroth:

You might want to search alt.internet.wireless with Google Groups for previous postings on WOL. See: |

formatting link
|
formatting link
that WOL is not directly supported by the router and that trickery is required to make it work.

Reply to
Jeff Liebermann

Hi Jeff,

well, that's where I am at now.

I have two WOL-programs that both work if I am "inside" of the router's firewall (I brought my Laptop to work to try it out; it woke up the office PC perfectely).

BUT: If I try sending the magic packet via the internet (which worked fine with my previous router, a Netgear, where I could set the rule to route magic packets on port 7 to subnet broadcast 192.168.0.255), nothing happens. The new router does not allow me to set the broadcast (no virtual servers for the *.*.*.255).

Do you have any ideas for the required trickery? :-)

Thanks, Ulrich

Reply to
UH
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Try:

  • Configuring the PC with a fixed IP address
  • Using a static route in the DI-524
Reply to
John Navas

"UH" hath wroth:

The trickery is not in the router. It's in the WOL originating program.

Which programs? Did you try this one I recommended?

formatting link

It's called "magic" packet for a reason. Getting it to work requires a bit of magic.

There's no guarantee that your router will port forward port 7 to whatever you're using for a client computah. I suggest you pick another random port, over 1024, and port forward it to the IP address of your test client computah (not the entire IP block). You will need to setup a "reserved DHCP address" or "static IP address" for this computah as you don't want the IP to change later.

Then try using:

formatting link
formatting link
test your WOL function from the internet. I have it working on about 6 different cheapo routers without much difficulty. My favorite mistake is using the wrong MAC address. I haven't tried this one:
formatting link
it looks interesting.

It would be interesting to know which model Netgear worked for you in the past where which allows you to port forward a port to an entire Class C IP block. Every other router I've seen only allows port forwarding to a single IP address (per entry). Also, harware mutations and firmware version if available.

Reply to
Jeff Liebermann

Hi Jeff, hi John,

I have set up a "static DHCP client" with the right MAC address (been there, done that, checked it twice this time).

I also have set up a port forwarding from a high port to my "static" IP address.

So far, so good. I have to try the WOL-part of it tonight, though, because I am sitting in front of my office PC (who should be woken) right now.

What I don't get is: Even if I have a static IP address, so far it does not work because the PC is off and so the router "forgets" about it, right? So the static IP address will only see to the PC getting the same IP address everytime it's on -- but there is no static route when it's off, because there is no route at all. Or is there??

I have tried the Depicus-program. That's the one that worked before with my Netgear router, so the program is great.

My Netgear router was a FWG114P, I had v1 and v2, always upgraded the Firmware first, both worked fine regarding the WOL (because you can port forward to broadcast). On the other hand, the DynDNS-service did not work properly, it lost interest in updating the IP address after about five days...

Now DynDNS works fine, but WOL doesn't (so far).

I'll keep you posted.

Thanks so far.

Ulrich

Reply to
UH

"UH" hath wroth:

Do you have control over the office DI-524 router?

You have a good point. There's no ARP table entry in the router if the PC is turned off. RARP (reverse ARP) will work if the router supports it. I don't think it does. Let's try this a bit differently.

  1. Leave your PC set to DHCP assigned IP address, not static. Assign a "static DHCP" IP address to your client computer in the DI-524:
    formatting link
    the bottom of the page. Note that the IP is defined by the PC's MAC address. This will insure that the router ARP table is permanently populated with your PC's MAC and IP address when it's turned off.
  2. Port forward some high numbered port to your PC's IP.
    formatting link
    This port forwarding is permanent and does not change whether the PC is on or off.

That's the one I use. I also use the web based versions when I don't have the program handy.

Amazing. I'll have to try that.

I've had the same problem with a few routers with built in DDOS clients. They just seem to go comatose after a few days. On the "does not work" list are, DI-604 rev c1, WGR-614v5 and v6, and DI-514. I ended up using the DynDNS Windoze client on the PC, which works well enough. DynDNS is trying to get vendors to certify clients, but the small number of certified routers is not impressive:

formatting link
Keep trying. It should work, eventually.

Reply to
Jeff Liebermann
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Not necessarily (usually not) -- what's also needed (as I wrote) is a

*static route* in the DI-524 to that IP address.
Reply to
John Navas
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Not so good. You also need a *static route* in the DI-524 to that static IP address.

Right.

There's only a static route if you add it to the router.

Reply to
John Navas
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

p.s. See "Wake On LAN - An Overview"

Reply to
John Navas

Hi,

I have tried Jeff's suggestion -- unfortunately, it didn't work.

D-Link support states (quickly, at least): No, WOL will not work.

I can remote control the router, but he will not route to anything turned off... too bad.

Thank you both very much for your help. At least I learned a lot. :-)

I'll have to sell this router and buy I new one, I fear. :-(

Any suggestions (to get out of your hair) for a good one. The only features I actually need are: print server (USB), remote manegemnt, Wlan, Routing for PCanywhere, WOL (broadcast to *.*.*.255), DynDNS-service. Shouldn't be too hard to build...

Thanks again, and have a wonderful sunday!

Ulrich

Reply to
UH
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

I think that's right -- I checked the DI-524 Manual, and there's no support for static routes/directed broadcasts. That's not surprising, because directed-broadcasts is a security risk (Smurf attacks) and isn't of much interest to the home market in any event. Thus you'll normally find this only in more sophisticated products

Buffalo AirStation 125 High-Speed Mode Wireless Secure Remote Gateway

Explicit Wake-On-LAN feature

Reply to
John Navas

Hi John,

I bought the Buffalo AirStation. Thanks for the tip. The Wake-On-LAN seems to work (though you have to log on the the AirStation to use it). Strangely, though, I do not find any way to get PCanywhere to work. Same scenario: I need to route the ports through to my PC... But everything is called differently with the Airstation. Do you happen to have it yourself? If not, I'll fiddle around with it until I stumble upon the solution, but if you do... well, you could tell me, where to look. ;-)

Thanks, Ulrich

Reply to
UH
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Don't have one myself. You might want to contact Tech Support.

Reply to
John Navas

i got pc anywhere port

pcANYHWERE host on your LAN IN TCP 5631 IN UDP 5632

i do not use pcanywhere i use VNC much more easy to use with my di-624

Reply to
midjet

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.