how-to block ads
|
Rooting
@xs4all.nl
| DSL-300T NAT issue
Greetings, I got a problem with the 300T D-Link.
all configuration to connect to my ISP works fine.
The problem is that aparently there is a NAT service starting along with the rest and I believe its causing the propblem.
I have a server and I run a number of services; Mail server, FTP Server DNS...
In my actual config it all works fine (I use a USR Modem/router).
Now I want to use the 300T as a modem and the Linksys (with ddrw firware).
So I set all my NATing on the router fine.
But when I use any online port scan, look like I have several port open but none that has a listening service behind.
This is abviously not real.
I connected my server straight to the modem and did the same test... same results!
In the 300T log it mention that the NAT Service has Started!
So I bet this is the issue.
Anyone can help me solve this issue?
My ISP connection is a PPPoA and cannot be differently.
I cannot make it a Bridge cause my Router does not support PPPoA.
Thanks for your help | |
Z3r03556
@edu.au
| I don't quite understand what you're saying... but here we go
There are two types of NAT most people will be familiar with, SNAT (Masquerading) and DNAT (Port fowarding)
NAT is Network Address Translation, SNAT allows several computers to use the same external IP address, i.e. web browsing, DNAT allows you to forward requests from the internet interface to a specific port on your PC.
If you have a setup such as
ADSL -> DSL-300T -> Linksys Wireless router -> PC1 & Laptop & PC2
The most efficient thing to do is put the DSL-300T into bridge mode and allow the Linksys Wireless ROuter to PPPoA/PPPoE Authenticate if possible, you then need to 'port forward' and forward the necessary external ports to the internal computer handling these requests.
You shouldn't have many problems with using NAT on two routers though, you just need to port forwarding from one router to the next so...
first router forward to second router which forwards to network | |
Rooting
@xs4all.nl
| hi,
Thanks for your reply.
Sorry if I did not express myself well.
The issue is not the modem and the router..
The issue is the modem itself!
Lets forget about the Linksys for a moment.
Lets say I connect the modem straight in to the PC.
So we cut a step out.
The most important thing is that my Services (SMTP, , POP, IMAP,FTP...) can keep on working.
Tipically, on a router scenario, it is a must to open the needed ports.
As in the modem there are no NAT funtion (Visible), I expect the port requests to get directly on my PC.
But this does not happen!
The modem is blocking requests from the WAN suc as the above mentioned ports.
When you do a port scan from the internet (as a test) it turns out that the ports (most of them) are open but no service respond to it. Therefore is considered Closed but not Secure!
The response should have been Open and a service is responding (this would be correct).
On the modem (das-300T) log, there is a line about the NAT Service started.
This is what I think is causing the problem.
And there are no visual option how to turn that NAT Service off or modify it as I need.
About Bridge...
I cannot do that as my ISP requires PPPoA and not PPPoE. My Router does only PPPoE and so I cannot let the router do the connection but must be the modem itself.
Anyone know any option or command to let the port request pass the modem?
Thanks. | |
rperkin
join:2003-12-12
UK
| The D-Link T-series products are based on the Texas Instruments AR7 single chip communications processor. They are differentiated only by firmware and by connectivity options (USB option, single Ethernet port or 4-port switch option) and also by on-board memory (2 Mbyte or 4 Mbyte flash memory).
All T-series products are *routers* by default, even those models sold as modems, including the DSL-300T. Early firmware for the DSL-300T included specific NAT and firewall functionality making it a single-port router, although this has been crippled in later releases.
But the above is just background info. The key to the event log entry which refers to the NAT service is not much to do with routing, but how the DSL-300T passes through the public IP address etc handed out by your ISP.
With current firmware, the DSL-300T implements ZIPB (zero configuration IP bridge), also known as half-bridge mode.
The DSL-300T handles all the PPPoA connection and authentication issues. The public IP address, ISP gateway (boundary router) address, DNS server addresses are handed out by the ISP's DHCP server. The DSL-300T runs a DHCP server process which forwards these to an attached device (router or PC). For this to work correctly, the DSL-300T and the attached device must be on different networks.
NAT on the DSL-300T is not the problem. In fact, I'm not sure that you have a problem, providing everything works OK.
The DSL-300T runs an embedded version of Linux (MontaVista Linux) and it's possible that some of the processes have specific ports open. My DSL-300T is still packed away after a recent house move otherwise I'd test things out.
If you want all your ports to appear 'stealth' (a bogus marketing term, as this is no more secure than Closed) the usual technique is to configure an unused IP address into the router's DMZ. Try this and see if it has the desired effect.
Hope this helps | |
Rooting
@xs4all.nl
| Hi rperking,
thanks for those info.
All you said makes sense to me.
Just one thing I would like to pick on;
you said that id I want to have all ports closed I have to configure an unused IP into my router...
What I am trying to do is kind of oposit!
I want all ports to be open. And handle the NAT (open and close ports) by the router itself.
As it is now, My modem uses a different subnet (192.168.1.x) when my router uses 192.168.2.x and of course I got my private fix IP from the ISP.
So, either I did not understand well what you mean or I need a different configuration.
If the DSL-300T is not the issue, than I dont underdstand why when connecting it straight to the PC I still dont have the ability to control the ports listening and those that should be closed!
Point N2:
If the firmware is based on Linux, I believe it should be open to configuration.
I am a 0 (zero) on linuz but I know that can be openly modified.
In fact, I realized I can telnet on the modem and I get a login request. Non of my credentials seems to work to logon to the modem.
The doc does not mention about it either.
Do you see a possible solution by configuring the Firmware itself? Or an alternative firmware?
I would apreciate if you or anyone has some more feedback for me.
Thanks | |
rperkin
join:2003-12-12
UK
| I understand what you are trying to do. But what you asked was whether NAT on the DSL-300T was affecting what was seen by an external port scanner.
I don't think that NAT is the problem. The solution that I offered was how to make unused ports not respond to an external port scanner. You said that several ports were shown as Open even when there was no service using that port - this may indeed be the modem, as I suggested (but cannot check myself at the moment).
As far as configuring the DSL-300T from the command line interface goes, this is indeed possible. Connect by telnet and login with username root and the same password used on the web-based config. The device runs MontaVista Linux + the BusyBox shell/toolset.
As an aside, if you want to run the latest firmware you should be aware that the DSL-300T will happily run the V3 firmware for the successor model, the DSL-320T. You can install the V3 firmware directly if you have V2 firmware installed. If you have V1 firmware, then it is first necessary to install V2 firmware using the standalone V2 firmware upgrade utility.
Hope this helps | |
Rooting
@xs4all.nl
| I am sorry Rperkin, I guess I did not read your mail well.
and maybe I did not write mine good (I am not native english).
The port scan gives the close port saying that the reason why is closed is because there are no services running but it can be exploited.
The point is that some of those ports have no service for real but other do have a service listening and still it shows as Closed.
Therefore I cannot control my ports.
I think to remember I did try telnetting in the router using the root and the web base UI password without success. But after all the tests.. I might have made a mistake and try again.
If not working, I will try the firmware for the DSL-320T. Hopefully I will have a better handle on the Modem.
I will keep you posted.
Rperkin, I apreciate your help.
Thanks | |
rooting
@xs4all.nl
| Hi again,
so, here is the results:
I had V1 as a firmware so I went to the d-link site and had no luck to find anything beside the V1.
Moreover, the dsl-300t is not longer supported.. at all! :-(
Browsing around, I found a site: »www.dlinkpedia.net/software/aggi···ware.php
That has a link to the V2 firmware: »www.dlinkpedia.net/software/firm···nali.php
Here there are the Original firmware V1 and 2 (to downbload just in case.
I tried the V2 and had some strange results, some sort of Script error while flashing.
This was quite terrible at first!
I decided to install the modified firmware (or else... it was not clear to me) and got that:
»prdownloads.sourceforge.net/dlin···download
To install this last firmware, you need the following:
»ciclamab.altervista.org/index_en.htm (also in english language).
Once used the tool to flash the firmware, I than accessed the modem again and it became a full blown router (some sort of D-Link 500). The interface gives not specific name else than Router Family.
By my good surprise, here it is possible to disable the Firewall and NAT services.
And suddelnly I have what I want.
I also test it. It was so late a night that I did not want to test too much 
2 issues (BIG ISSUES)
1) all configuration is possible EXCEPT for the password change!! As soon as I changed the router (modem) password, logged out and trying to login again, bny my surprise there was no way to log in again!
So I flashed it in the same way MANY times (each password change attempt).
2) when testing it over my DSL, the modem succesfully initiate and keep the connection with my ISP... all goes fine.
The Ping tool in the modem also works when pinging www.yahoo.com.
HOWEVER, my computer was not on the NET.
By doing some quick changes at DNS level in the local machine, I managed to resolve the IP address of Yahoo site but still, I could not get response from the site while the modem itself can!
So, I auume (and hope) that this is nothing but a config issue that I should be able to solve quite easily along thge way.
But let the router exposed on the internet with the default pard REALLY bothers me!
So I am stocked now!
Conclusions:
I am disapointed from d-link to be honest.
The original modem that blocks ports... not have the ability to disable the NAT service.. all basic operation that should be enabled by original firmware.
HAPPY that I can change firmware... this gives me hope tnd one that works fine.
Frustrated cause I was basically donhenpasswordue made the all thing falling apart!
From a simple purchase for a basic modem I end up working hard to find my way out of the big brtother restrictions built-in!
Back on track now.
I am still VERY open to ideas and suggestion.
Msome you had si expirience and can tell me wher I gonog for thsword?
Mind that I know about the Save All changes before rebooting,... and it all that.
I rally hope to get more help here.
Thanks to rperkin that lead me to the right path. | |
rooting
@xs4all.nl
| ... I did more tests and try other firmwares..
Back on the one above mentioned, I figured out that IF you change also the user name than the password is accepted BUT not if its ending with some special characters.
Funny enough, when using the same characters in the middle of the password, than it worked!!
This is odd... but worked..
»i.dslr.net/v2/lite/grey/bigsmile.gif
[:D] | |
|
