There are two methods to connect a Speedstream 5100 DSL Modem to your router.
The bridged method, puts your router in control of negotiating the DSL (PPPoE) connection. It also avoids an IP address conflict as both the modem and D-Link routers default to the address of 192.168.0.1 as the modem does not use an IP address in this mode.
The alternative method, requires you to change the LAN IP address of your D-Link router. Both the modem and D-Link routers default to the address of 192.168.0.1 and, unliked Bridged mode, the modem requires the use of this IP address. It is important to understand that routers 'route' between two different subnets. So one of the most important steps is going to be changing the IP address and subnet of our private local area network (LAN) so that it is different than that of the modem.
Configuring the Modem for the Alternative Method
Configuring the Router for the Alternative Method (assumes Router is at the default settings):
Feedback received on this FAQ entry:
How to set a single firewall rule is covered in the user manual. We won't cover that here. If you have lost your manual, you can download it from »support.dlink.com.
This FAQ answer will help you with setting multiple rules, understanding how these firewall rules are evaluated, and understanding whether or not your LAN is well protected.
In the DI-5xx/6xx products, the firewall is implemented using Network Address Translation (NAT) with two permanent rules that block unsolicited incoming packets and allow all outgoing packets. (Note: The NAT firewall does not evaluate LAN-to-LAN traffic, even if there are rules set.)
These two permanent rules appear at the bottom of a list of firewall rules on the ADVANCED / FIREWALL configuration page. This list includes all of the rules currently in force by your firewall. By default, list will have three rules.
The optional "Allow to Ping WAN port" rule is set on the TOOLS / MISC page.
Examine the two default rules and see if you can understand why they do the following:
- Deny everything incoming from the WAN toward the LAN
- Allow everything outgoing from the LAN to the WAN
Armed with that knowledge, you can understand that right out of the box, your LAN is pretty secure from outside threats.
One frequent inside threat is opening an attachment that spawns a virus that mails itself to others with the virus's own SMTP engine. For that, you can make a new rule that says:
Since mail is sent through port 25, this will prevent a virus from contacting other mail servers.
But a problem with this rule is that it will also block your legitimate outgoing mail. So find out the IP address for your mailserver, and do this
Now your rules look like:
When your firewall evaluates a packet, it applies rules from the top down. Only the first rule that matches the packet is obeyed, the rest of the rules below it are ignored.
So now you can also understand why, if those top two rules were in the reverse order, that no outgoing mail will be successful, even though you listed your mail server.
Although you can set new rules on this page, understand that other rules also appear here for features that you have enabled through Options, IP Filters, Virtual Servers, Applications, UPnP, or the DMZ.
Regardless of how the rule was entered, the list is applied from top to bottom and only one rule will be obeyed. If a rule higher on the list overlaps a rule lower on the list, the lower rule will never be executed. This is, by the way, how the DMZ option works. It creates a rule that overlaps the Default Deny rule, permitting all traffic to be sent to the LAN IP that you specified on ADVANCED / DMZ. Since that new rule overlaps the Default Deny rule, it is never executed and no incoming packets are blocked.
Summary of Key Concepts:
- The rules on the ADVANCED / FIREWALL list includes rules set on that page, as well as through Options, IP Filters, Virtual Servers, Applications, UPnP, or the DMZ
- Regardless of how the rule was set, the rules are always applied from the top down, and only the first rule that matches the packet will be followed
- The firewall only filters traffic passing between the WAN and LAN. It will not filter traffic from LAN to LAN, even if a rule is set.
- The permanent default rules at the bottom of the list help ensure that your network, by default, is protected from outside threats.
You may want to set up a network card manually in order to solve a problem where your network card fails to receive an automatic address through DHCP, or if you want to use a particular IP address on a system.
If your network card fails to receive an automatic address due to an error or because DHCP is not supported on your device, following this process for setting a manual address will allow you to communicate with your D-Link device.
If you want to run a server on your LAN machine, you need to have a consistent address so that the router can always send the incoming connections to the same machine.
Manually Configuring a Network Card for TCP/IP in Windows XP
NOTE: This section assumes that the client computer is running Windows XP and is using the D-Link default settings for a router. The same objectives no matter which operating system is running on the client, but the actual steps may differ.
•Right-click the network connection that you want to change, and then click Properties.
•On the General tab, double-click Internet Protocol (TCP/IP) in the "This connection uses the following items" list, and then click Properties.
•On the General tab, click Use the following IP address. Configure the entries as follows:
•Subnet Mask: 255.255.255.0
•Default Gateway: 192.168.0.1 note: your router is almost always your gateway
•Click Use the following DNS server addresses, and then type 192.168.0.1 in the Preferred DNS server box. note: you may need to use your ISP's DNS server address(es) here if your gateway device does not relay DNS lookups
If you changed the address in order to configure your D-Link device, you must now attach a network cable between the D-Link device and your computer, and then configure your device using its TCP/IP address. The default TCP/IP address is mentioned in the manual.
Tip when changing from a DHCP address to a static address: Do an IPCONFIG /ALL and write down these settings first, then use them while completing the steps:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-40-CA-48-C8-A8
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.106
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 22.214.171.124
This is covered by an entry in another FAQ:
Feedback received on this FAQ entry:
Once you have established a working network, there is no difference in how to set up the common methods of sharing files using a network based on D-Link equipment or a network based on other equipment.
If you are using a version of Windows, search for the terms "enable file and printer sharing" in Windows Help.
If you are using a different operating system, consult the documentation for setting up the network of your choice.
Since none of this is specific to your D-Link products, better help can be obtained from our /forum/sharing forum and /faq/networking.
As this issue is not unique to D-Link products, this is covered in a different FAQ: /faq/11233
By default, the DI-5xx/DI-6xx routers have several pre-set, disabled Firewall and Virtual Server rules. These are useful as examples.
However, if you need the space for an active rule, you can delete one or more of these pre-set rules to make room in memory for your new rules.