• How do I connect a Speedstream 5100 DSL Modem to my router?
• How do I interpret the firewall rules on a DI-5xx/6xx router?
• How do I manually configure a network card in lieu of automatic addressing/DHCP?
• How do I set up a D-Link Router with a Westell Modem? (link)
• How do I share my files, folders, or printers using my D-Link network?
• I already have a router. How do I use my wireless router as an access point?
• How can I get my DI-5xx/6xx's firewall to hold more rules?

There are two methods to connect a Speedstream 5100 DSL Modem to your router.

The bridged method, puts your router in control of negotiating the DSL (PPPoE) connection. It also avoids an IP address conflict as both the modem and D-Link routers default to the address of 192.168.0.1 as the modem does not use an IP address in this mode.

•Configuring the Modem
•turn your modem upside down, and read the yellow stickeron the bottom of the unit. Write down on a piece of paper the item called MAC. •connect your computer directly to the modem •open your internet explorer and enter »192.168.0.1 as the address •provide your login and password is provided by the ISP (if any) •click advanced •you will be prompted for a security code, which is what you wrote down on the paper, above. •click PPPoE Location, which is under the item ADVANCED and below Connection Configuration •check the box next to BRIDGED MODE and press SAVE CHANGES •agree, in the next screen, by clicking on CHANGE PPP LOCATION •agree, by pressing RESTART •disconnect the computer from the modem •connect the modem to the WAN port of the router •connect your computer to a LAN port of the router
•Configuring the Router
•Follow the steps for the D-Link FAQ, How can I configure my router to work with a DSL (PPPoE) connection?

The alternative method, requires you to change the LAN IP address of your D-Link router. Both the modem and D-Link routers default to the address of 192.168.0.1 and, unliked Bridged mode, the modem requires the use of this IP address. It is important to understand that routers 'route' between two different subnets. So one of the most important steps is going to be changing the IP address and subnet of our private local area network (LAN) so that it is different than that of the modem.

The benefits to using the alternative method may or may not be important to you. It does allow you to see some diagnostic information that might be useful in troubleshooting connection problems.

Configuring the Modem for the Alternative Method

•Connect your computer directly to the modem. Using your web browser, connect to »192.168.0.1•Navigate to Advanced -> Connection Configuration, entering the access code as prompted•Configure the modem to share the public IP address with the router.•Configure the modem to issue a longer DHCP lease (e.g. 6 hours) than the default (10 minutes).•Disconnect your computer from the modem.

Configuring the Router for the Alternative Method (assumes Router is at the default settings):

•Connect your computer to a LAN port of the router. Using your web browser, connect to »192.168.0.1 •Change your router's LAN IP address to a different subnet than the default. For example, change it from 192.168.0.1 to 192.168.1.1. After making this change, you will be disconnected from your router. You will need to release/renew your IP address or reconfigure your network card for the new subnet.•Instead of configuring the router for a DSL connection, configure it as a cablemodem that is issued a dynamic address via DHCP.

Thanks to: Basher13 & sprog123

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by funchords
last modified: 2005-08-14 05:28:52

How to set a single firewall rule is covered in the user manual. We won't cover that here. If you have lost your manual, you can download it from »support.dlink.com.

This FAQ answer will help you with setting multiple rules, understanding how these firewall rules are evaluated, and understanding whether or not your LAN is well protected.

In the DI-5xx/6xx products, the firewall is implemented using Network Address Translation (NAT) with two permanent rules that block unsolicited incoming packets and allow all outgoing packets. (Note: The NAT firewall does not evaluate LAN-to-LAN traffic, even if there are rules set.)

These two permanent rules appear at the bottom of a list of firewall rules on the ADVANCED / FIREWALL configuration page. This list includes all of the rules currently in force by your firewall. By default, list will have three rules.

Firewall Rules List    
 
Action Name                    Source          Destination      Protocol   
Allow  Allow to Ping WAN port  WAN,*           LAN,192.168.0.1  ICMP,8  
Deny   Default                 *,*             LAN,*            *,*  
Allow  Default                 LAN,*           *,*              *,* 

The optional "Allow to Ping WAN port" rule is set on the TOOLS / MISC page.

Examine the two default rules and see if you can understand why they do the following:
- Deny everything incoming from the WAN toward the LAN
- Allow everything outgoing from the LAN to the WAN

Armed with that knowledge, you can understand that right out of the box, your LAN is pretty secure from outside threats.

One frequent inside threat is opening an attachment that spawns a virus that mails itself to others with the virus's own SMTP engine. For that, you can make a new rule that says:

(X)Enabled   ( )Disabled 
Name:        Stop SMTPZombies
Action:      ( )Allow (X)Deny 
Source:      LAN,* 
Destination: WAN,*                Type/Port: TCP,25
Schedule:    (X)Always

Since mail is sent through port 25, this will prevent a virus from contacting other mail servers.

But a problem with this rule is that it will also block your legitimate outgoing mail. So find out the IP address for your mailserver, and do this

(X)Enabled   ( )Disabled 
Name:        Allow my Mail Server 
Action:      (X)Allow ( )Deny 
Source:      LAN,* 
Destination: WAN,29.13.19.15      Type/Port: TCP,25
Schedule:    (X)Always

Now your rules look like:

Firewall Rules List    
 
Action  Name                    Source          Destination      Protocol   
Allow   Allow my Mail Server    LAN,*           WAN,29.13.19.15  TCP,25
Deny    Stop SMTPZombies        LAN,*           WAN,*            TCP,25
Allow   Allow to Ping WAN port  WAN,*           LAN,192.168.0.1  ICMP,8  
Deny    Default                 *,*             LAN,*            *,*  
Allow   Default                 LAN,*           *,*              *,* 

When your firewall evaluates a packet, it applies rules from the top down. Only the first rule that matches the packet is obeyed, the rest of the rules below it are ignored.

So now you can also understand why, if those top two rules were in the reverse order, that no outgoing mail will be successful, even though you listed your mail server.

Although you can set new rules on this page, understand that other rules also appear here for features that you have enabled through Options, IP Filters, Virtual Servers, Applications, UPnP, or the DMZ.

Regardless of how the rule was entered, the list is applied from top to bottom and only one rule will be obeyed. If a rule higher on the list overlaps a rule lower on the list, the lower rule will never be executed. This is, by the way, how the DMZ option works. It creates a rule that overlaps the Default Deny rule, permitting all traffic to be sent to the LAN IP that you specified on ADVANCED / DMZ. Since that new rule overlaps the Default Deny rule, it is never executed and no incoming packets are blocked.

Summary of Key Concepts:

- The rules on the ADVANCED / FIREWALL list includes rules set on that page, as well as through Options, IP Filters, Virtual Servers, Applications, UPnP, or the DMZ

- Regardless of how the rule was set, the rules are always applied from the top down, and only the first rule that matches the packet will be followed

- The firewall only filters traffic passing between the WAN and LAN. It will not filter traffic from LAN to LAN, even if a rule is set.

- The permanent default rules at the bottom of the list help ensure that your network, by default, is protected from outside threats.

Related:

- /faq/11894

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by funchords
last modified: 2005-11-25 00:13:51

You may want to set up a network card manually in order to solve a problem where your network card fails to receive an automatic address through DHCP, or if you want to use a particular IP address on a system.

If your network card fails to receive an automatic address due to an error or because DHCP is not supported on your device, following this process for setting a manual address will allow you to communicate with your D-Link device.

If you want to run a server on your LAN machine, you need to have a consistent address so that the router can always send the incoming connections to the same machine.

Manually Configuring a Network Card for TCP/IP in Windows XP
NOTE: This section assumes that the client computer is running Windows XP and is using the D-Link default settings for a router. The same objectives no matter which operating system is running on the client, but the actual steps may differ.

•Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.
•Right-click the network connection that you want to change, and then click Properties.
•On the General tab, double-click Internet Protocol (TCP/IP) in the "This connection uses the following items" list, and then click Properties.
•On the General tab, click Use the following IP address. Configure the entries as follows:
•IP Address: The IP address you chose for this client (for example, 192.168.0.165).
•Subnet Mask: 255.255.255.0
•Default Gateway: 192.168.0.1 note: your router is almost always your gateway
•Click Use the following DNS server addresses, and then type 192.168.0.1 in the Preferred DNS server box. note: you may need to use your ISP's DNS server address(es) here if your gateway device does not relay DNS lookups
•Click OK.

If you changed the address in order to configure your D-Link device, you must now attach a network cable between the D-Link device and your computer, and then configure your device using its TCP/IP address. The default TCP/IP address is mentioned in the manual.

Tip when changing from a DHCP address to a static address: Do an IPCONFIG /ALL and write down these settings first, then use them while completing the steps:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-40-CA-48-C8-A8
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.106
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 4.2.2.1
                                    4.2.2.2


got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by funchords
last modified: 2006-07-14 20:22:45

This is covered by an entry in another FAQ:

/faq/7125

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by funchords

Once you have established a working network, there is no difference in how to set up the common methods of sharing files using a network based on D-Link equipment or a network based on other equipment.

If you are using a version of Windows, search for the terms "enable file and printer sharing" in Windows Help.

If you are using a different operating system, consult the documentation for setting up the network of your choice.

Since none of this is specific to your D-Link products, better help can be obtained from our /forum/sharing forum and /faq/networking.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by funchords
last modified: 2005-08-24 14:06:16

As this issue is not unique to D-Link products, this is covered in a different FAQ: /faq/11233

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by funchords

By default, the DI-5xx/DI-6xx routers have several pre-set, disabled Firewall and Virtual Server rules. These are useful as examples.

However, if you need the space for an active rule, you can delete one or more of these pre-set rules to make room in memory for your new rules.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by funchords
last modified: 2005-12-05 21:01:56