1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Configure D-Link DFL-200 as firewall and WRT54GS for DHCP etc?

Discussion in 'Cisco/Linksys Wireless Routers' started by hossfeathers, Nov 1, 2006.

  1. hossfeathers

    hossfeathers LI Guru Member

    I have a WRT54GS (latest Linksys firmware) that I've been using for firewall, DHCP, and wireless, and just bought a D-Link DFL-200 to go between the WRT54 and the cable modem. I'd appreciate any config tips, as I'm not succeeding in the first round.

    My plan was to have the D-Link DFL-200 receive the signal from the cable modem, and use it's DMZ port for test http server etc. I thought I'd keep the DHCP with the WRT54GS simply because I'm used to it's setup, but if it is ultimately simpler to use the DFL-200 for DHCP, I'd be willing.

    What I've tried and does not yet work: cable modem sends to DFL-200 WAN port. DFL-200 IP is, and DHCP services are turned off. Then LAN port 1 on the DFL-200 is connected to the WRT54GS WAN port. The WRT54GS is configured with IP All of the workstations and the netgear switch are connected to the WRT54GS. However in this config all I can browse to is the WRT54GS interface at, I can't get to the DFL-200 or the internet.

    I'm missing something....do I need to 'tell' the WRT54 about the IP address of the DFL-200? I'm not sure of the DFL-200 featureset, but one thing I wonder about too is if I need to turn off any NAT it might bring to bear...bridging? I just read about this on another post but I don't see a way to configure that on the DFL-200 interface.

  2. ifican

    ifican Network Guru Member

    Actually your just about there for your current config/attempt. All you would need to do is turn on dhcp on the dfl-200, yes as you have stated would give you double nat but for the most part that is not a big issue to overcome and will be relatively seemless. The reason that your current config does not work is exactly what you have already figured out, your wrt does not know how to get to your dfl-200. Unless you have a really good reason for not using double nat, you can turn on dhcp on the 200, hang your sever off the dmz port and run your inside network off of the wrt, in my opinion this is safer anyway as if your http server gets compromised you have the firewall of the wrt to protect your inside hosts.
  3. hossfeathers

    hossfeathers LI Guru Member

    Thanks for the advice again. I have not had success so far though. First I had to turn my cable modem off for a couple hours, it would not talk to the DFL-200 at all after an initial session. I think I've had that issue before, for some reason the modem loses interest in new upstream (if that's the right term) MAC addresses unless it's turned off for a bit. Anyways now the DFL-200 itself and any pc cabled to it can get to the internet.

    I turned on DHCP services on the DFL-200. First I used a range of, thinking a different range would be the best (wrt54 has, and later I set the DFL-200 to the same range as the WRT54. But the WRT will not hand out connections. I can manage it at via any pc that is directly connected to it, but can't reach the DFL or the internet.

    There is a setting for Gateway vs Router in the WRT54GS Advanced Routing section that I'm looking at, should it now be set to router, not gateway? If so clues re the settings would be appreciated.
  4. ifican

    ifican Network Guru Member

    You could run it as router but theres no need, what it looks like is even though you are using what appears to be different ip ranges, that in actuality you are not. Check the subnet mask for both devices, i bet they are both in which case you are actually trying to use the same "network" on both sides - 255. All you need to do is change the base ip on either of the devices (whichever you feel most comfortable with). Leave one set the way it is and change the other to 192.168.x.0 (x being any number from 0-254 other then the number 1).
  5. hossfeathers

    hossfeathers LI Guru Member

    Thank you, that made the difference. The WRT54gs has a ip of, and both LAN and internet are working.

    Additional questions.

    Any way to force a particular pc to be assinged For some reason the WRT does not seem to be assigning that number (per ip table).

    Also, the WRT54 still has 'old' values like listed on the status/router page for internet configuration type, is that 'right', ie is that the 'link' to the DFL-200?

    Then, when I set up the server on the DMZ (windows 2003, linux) it's a bit different than my prev simple port forwarding. Do I have to take addtl steps to close down open ports, besides handling at the software firewall level? I've not even checked what the DFL says about ports to the DMZ, so I'll be reading about that.
  6. ifican

    ifican Network Guru Member

    Do manually assign an ip on your main setup page you should have a button or field for manually assigning ip address. In that field you have an option to assign a particular ip via mac address. Personally that is the way i like to assign static ip's vs setting up the machine manually, but either way will work. If you are seeing the 1.103 on the status page and its listed as wan or internet address, then yes that is the address for the wrt itself that it recieved from the dfl.

    With any DMZ you want to be careful as generally its unfiltered. The DFL I believe is really no different then any standard soho dmz which is a software dmz, it does do minimal firewall filtering but its more so to stop DDOS and other type attacks. But as you have mentioned for the most part any unsolicited request that arrives at the wan side interface will get forwarded to the dmz port sight unseen. So make sure you have firewall (for windows) (linux is usually good about keeping ports blocked by default) and all up to date patches installed.
  7. hossfeathers

    hossfeathers LI Guru Member

    Re the IP assignment, I was more wondering why DHCP does not use the address, since it's available? I've tried ipconfig /release and /renew but .100 never gets assigned.

    Curious, both the wrt and the dfl are acting as dhcp servers, but they don't collide because they are operating in different subdomains?

    Thanks for all of your help.

Share This Page