NeuroAgent

DFL-870 Routing Configuration: Complete Guide

How to properly configure routing on DFL-870 firewall between subnets. Learn the necessary firewall rules to ensure communication between local networks.

#dfl-870-router-setup#d-link-networking#firewall-rules-configuration#nat-configuration#network-security#network-troubleshooting#subnet-routing
Question

How to properly configure routing on a DFL-870 firewall?

Problem:
All 6 ports are configured with local IP addresses (e.g., 10.98.8.118, 10.99.34.118, etc.). The device is planned to be used as a simple router between these local networks (LAN). From devices within their own subnet, the ports are accessible for ping, however ping does not work from neighboring subnets. What rules need to be established to ensure routing between subnets?

NeuroAgent

Setting Up Routing on D-Link DFL-870

Setting up routing on D-Link DFL-870 requires enabling the firewall function, configuring NAT rules, and rules for traffic passing between subnets. The problem with inaccessibility of neighboring subnets is usually related to the absence of proper routing rules or blocking of network interaction at the firewall level.

Contents

Basic Principles of Routing Configuration

D-Link DFL-870 is a professional firewall with routing functions that can operate in router mode between multiple subnets. To ensure full routing between subnets, several key steps must be performed.

Main components that require configuration:

  • Device-level routing - the device must know how to deliver packets between different interfaces
  • Firewall rules - allow traffic to pass between subnets
  • Address translation (NAT) rules - if internet access is required from internal networks
  • Dynamic routing protocols - for automatic updating of routing tables

Important: When configuring a firewall, always start with the most strict security rules and gradually add permissions, minimizing risks.

Interface and Subnet Configuration

To begin, you need to ensure that all network interfaces are properly configured and belong to the appropriate subnets.

Interface Configuration Steps:

  1. Access to the web interface - connect to the device’s web interface via IP address (usually 192.168.1.1)
  2. Navigate to network settings - find the “Network” or “Interfaces” section
  3. Configure each interface:
    • Set the interface operating mode (Routed or Bridged)
    • Assign an IP address and subnet mask for each port
    • Specify the default gateway if internet access is required

Example Interface Configuration:

Interface IP Address Subnet Mask Description
LAN1 10.98.8.118 255.255.255.0 Subnet 1
LAN2 10.99.34.118 255.255.255.0 Subnet 2
LAN3-6 Other subnets

After configuring interfaces, you need to ensure that the device can exchange packets between them at the L2 (Layer 2) switching level.

Firewall Rules Configuration

The main problem with inaccessibility of neighboring subnets is related to traffic blocking at the firewall level. To allow routing between subnets, you need to create appropriate rules.

Types of Rules That Require Configuration:

  1. Traffic passing rules between subnets - allow ICMP (for ping), TCP and UDP traffic
  2. Source and destination rules - specify which subnets can exchange traffic
  3. Port and protocol rules - for specific services

Example Rule for Allowing Ping Between Subnets:

bash
// Rule for allowing ICMP (ping)
Source: 10.98.8.0/24
Destination: 10.99.34.0/24
Protocol: ICMP
Action: ALLOW

Steps for Creating Rules:

  1. Navigate to the firewall section - Firewall > Access Rules
  2. Create a new rule:
    • Specify source
    • Specify destination
    • Select protocol (ICMP, TCP, UDP)
    • Set action (ALLOW/DENY)
  3. Save and apply rules

Recommendation: Create rules with minimum necessary privileges. If access to specific ports is required, restrict rules to specific ports rather than all traffic.

NAT and Address Translation Setup

If internet access from internal subnets is required, you need to configure network address translation (NAT).

Types of NAT Configuration:

  1. Source NAT - translation of outgoing addresses
  2. Destination NAT - translation of destination addresses
  3. Static NAT - static address mapping

Example Source NAT Configuration:

bash
// Rule for internet access from subnet 10.98.8.0/24
Source Interface: LAN1 (10.98.8.118)
Destination Interface: WAN
Source Network: 10.98.8.0/24
Translation Type: Source NAT
Action: ALLOW

Default Routing Configuration:

If the device is to provide internet access, a default gateway must be configured:

bash
// Default route
Destination: 0.0.0.0/0
Gateway: [Provider gateway IP address]
Interface: WAN
Metric: 1

Testing and Routing Diagnostics

After configuring rules, you need to verify routing functionality and identify possible problems.

Diagnostic Commands:

  1. Check routing table:

    bash
    show route

  2. Check interface status:

    bash
    show interface

  3. Test ping between subnets:

    bash
    ping 10.99.34.118 from 10.98.8.x

Logging for Diagnostics:

Enable firewall event logging to analyze problems:

bash
// Logging configuration
Log Level: INFO
Log Destination: Local/Remote Syslog
Log Firewall Events: ENABLED

Common Problems and Solutions

Problem 1: Ping Doesn’t Work Between Subnets

Cause: ICMP traffic blocked by firewall

Solution: Create a rule allowing ICMP traffic between required subnets

Problem 2: Traffic Is Blocked But Rules Allow It

Cause: Incorrect rule order or missing routing

Solution: Check rule order and presence of routes between interfaces

Problem 3: No Internet Access from Internal Networks

Cause: Missing NAT rules or incorrect gateway configuration

Solution: Configure Source NAT and check default route

Problem 4: Device Doesn’t See Other Subnets

Cause: No direct connection or incorrect interface configuration

Solution: Check physical connection and interface IP address settings

Tip: For complex configurations, use debug mode for detailed analysis of packets and their passage through the firewall.

Sources

  1. D-Link DFL-870 Official Documentation
  2. Firewall Configuration Best Practices
  3. Network Routing Fundamentals

Conclusion

Setting up routing on D-Link DFL-870 requires a sequential approach and attention to detail. Key points to consider:

  1. Proper interface configuration - each interface should be correctly configured with the appropriate IP address and subnet mask
  2. Firewall rules - creating allowing rules for traffic between subnets
  3. NAT translation - if internet access is required from internal networks
  4. Continuous monitoring - regular verification of functionality and problem diagnostics

To solve a specific problem with inaccessibility of neighboring subnets, it is recommended to check:

  • Presence of proper firewall rules
  • Routing configuration between interfaces
  • Physical connection and port operation
  • Device firmware version and availability of updates

For complex problems, it is recommended to refer to the official D-Link documentation or the manufacturer’s technical support.

How to check the routing table on DFL-870 and diagnose connection problems?What security settings should be applied when routing between subnets on DFL-870?How to configure NAT for internet access from internal subnets through DFL-870?Why doesn't ping work between subnets on DFL-870 despite correct interface configuration?How to create static routes between subnets on DFL-870 for specific services?What CLI commands are used for diagnosing and configuring routing on DFL-870?
Ask NeuroAgent