V
*Vanguard*
Didn't find a more appropriate newsgroup to post this. I've got a DLink
DI-604 NAT router. This is in a home environment. I'm not responsible
nor want to manage the PCs used by other family members. I just want to
manage my PC. As such, I wanted to isolate it on the router from the
other hosts connected to it so I wouldn't have to be concerned about
virus, trojans, or spyware installed on those other PCs. I defined a
rule in the router that isolates my host from any other host connected
to that router but the side effect was that now I cannot edit or delete
any of the firewall rules in the router (without having to reset the
router and lose all of the configuration).
The DLink router provides its own DHCP server used to assign the hosts
connected to it with dynamically assigned IP addresses. The range its
DHCP server can assign IP addresses is 192.168.0.x, where x = 100 to
199. The DLink DI-604 (after updating to its most recent firmware
version) also allows assignment of static IP address assignment to hosts
connected to it by their MAC address. This allows firewall rules to be
defined within the router for specific hosts without worrying that later
they may get a different IP address. Right now, mine is the only host
assigned a static IP address of 192.168.0.100. So the IP addresses
currently used are:
router = 192.168.0.1 (fixed)
my PC = 192.168.0.100 (fixed)
other PCs = 192.168.0.101-199 (dynamic)
Normally I should be able to click on the edit icon to select it and
display its settings in the edit fields where I can change them, or I
can click on the delete icon to delete that rule, or click on the
up/down arrows to change its position in the rules list. However, after
defining the following firewall rule in the router, the page for the
firewall rules becomes unusable and I cannot edit, delete, or re-sort
the rules.
Mode = Enabled
Name = "Isolate Lee's host" (my name is Lee, not the hostname)
Source: LAN, IPaddr = 192.168.0.101 to 192.168.0.199, all ports
Target: LAN, IPaddr = 192.168.0.100, TCP & UDP, all ports
Access: Deny
When active: Always
My static IP address is x.x.x.100. All other hosts will be x.x.x.101 to
x.x.x.199 which covers the rest of the range for the router's DHCP
server. The router itself is at x.x.x.1 so it is NOT within the blocked
IP address range. So this firewall rule should prevent any host
connected to the router (but not the router itself) from communicating
to my host. This is what I see occur on my intranetwork. I can still
open the browser to the router and perform all other configurations.
It's just the firewall rules screen that locks up.
So if I now or later want to add more rules, I have to record every
customized setting in the router, reset the router, make the additional
change plus restore all my other settings, and lastly define this
firewall rule to isolate my host on that router from other hosts
connected to that router. A real pain. I don't see that what I am
defining in a firewall rule should disable just the firewall rules
screen in the router. I can still modify the settings in any other
screen for the router. Maybe another set of eyeballs might notice
something stupid that I'm doing. Or maybe its just some bug in the
Dlink router (I'm still waiting for a response from Dlink).
DI-604 NAT router. This is in a home environment. I'm not responsible
nor want to manage the PCs used by other family members. I just want to
manage my PC. As such, I wanted to isolate it on the router from the
other hosts connected to it so I wouldn't have to be concerned about
virus, trojans, or spyware installed on those other PCs. I defined a
rule in the router that isolates my host from any other host connected
to that router but the side effect was that now I cannot edit or delete
any of the firewall rules in the router (without having to reset the
router and lose all of the configuration).
The DLink router provides its own DHCP server used to assign the hosts
connected to it with dynamically assigned IP addresses. The range its
DHCP server can assign IP addresses is 192.168.0.x, where x = 100 to
199. The DLink DI-604 (after updating to its most recent firmware
version) also allows assignment of static IP address assignment to hosts
connected to it by their MAC address. This allows firewall rules to be
defined within the router for specific hosts without worrying that later
they may get a different IP address. Right now, mine is the only host
assigned a static IP address of 192.168.0.100. So the IP addresses
currently used are:
router = 192.168.0.1 (fixed)
my PC = 192.168.0.100 (fixed)
other PCs = 192.168.0.101-199 (dynamic)
Normally I should be able to click on the edit icon to select it and
display its settings in the edit fields where I can change them, or I
can click on the delete icon to delete that rule, or click on the
up/down arrows to change its position in the rules list. However, after
defining the following firewall rule in the router, the page for the
firewall rules becomes unusable and I cannot edit, delete, or re-sort
the rules.
Mode = Enabled
Name = "Isolate Lee's host" (my name is Lee, not the hostname)
Source: LAN, IPaddr = 192.168.0.101 to 192.168.0.199, all ports
Target: LAN, IPaddr = 192.168.0.100, TCP & UDP, all ports
Access: Deny
When active: Always
My static IP address is x.x.x.100. All other hosts will be x.x.x.101 to
x.x.x.199 which covers the rest of the range for the router's DHCP
server. The router itself is at x.x.x.1 so it is NOT within the blocked
IP address range. So this firewall rule should prevent any host
connected to the router (but not the router itself) from communicating
to my host. This is what I see occur on my intranetwork. I can still
open the browser to the router and perform all other configurations.
It's just the firewall rules screen that locks up.
So if I now or later want to add more rules, I have to record every
customized setting in the router, reset the router, make the additional
change plus restore all my other settings, and lastly define this
firewall rule to isolate my host on that router from other hosts
connected to that router. A real pain. I don't see that what I am
defining in a firewall rule should disable just the firewall rules
screen in the router. I can still modify the settings in any other
screen for the router. Maybe another set of eyeballs might notice
something stupid that I'm doing. Or maybe its just some bug in the
Dlink router (I'm still waiting for a response from Dlink).