Hi,
I recently erased all of the Virtual Server rules from a D-Link router and added just the ones that I needed (for example I don’t need DNS or NetMeeting, etc.) You can see the defaults on the emulator.
A strange thing I’ve noticed is that the default rules set the private IP for all of the services set 0.0.0.0 but when I try to do the same, it gives the following complaint
Invalid Private IP of LAN Server.
I can set them to a local IP (ie 192.168.x.x) though.
I am curious as to what the deal is. Is that a bug in the router? In fact, I have been wondering about 0.0.0.0 IP address for several years, especially in regards to servers (web servers, etc. often talk about binding to 0.0.0.0).
Thanks.
-
0.0.0.0/0 is a way of expressing "any network." For firewall rules, allowing a connection for a specified port to 0.0.0.0/0 means that it can open that connection on that port to any destination.
Synetech inc. : Right, but there is no subnet specified in the router’s rules (and the subnet specified in the LAN section is not 0—in fact, it doesn’t seem to support CIDR, and it won’t let you enter a subnet of 0.0.0.0).From MarkM -
You cannot redirect to 0.0.0.0 from that router, you would need to enter a specific place to send those packets. I don't know exactly what the default rules do, but they might just be there as hints, and are not used until you set a server IP address.
0.0.0.0 means "any address on this host" which, when in the context of "bind to", it means "listen on all IPv4 addresses on all interfaces."
0.0.0.0/0 means "any network" because a netmask of 0 means "match no bits." Compare to 192.168.100.0/24 which means "match the first 24 bits" -- aka 192.168.100.x. Bits don't need to be on an IP address octet boundry. Also, /32 means EXACT match, so 192.168.100.5/32 means "match only this one address." These are all useful for firewall match rules.
Synetech inc. : Hmm, it seems that those default rules are indeed confusing. I don’t think that having them is a good idea merely as a hint, (hints should be in the manual). Next time that I reset the router, I will check to be sure, but I’m fairly certain that those rules do indeed work (I recall previously using the existing FTP and HTTP rules which are set to 0.0.0.0).Michael Graff : How exactly are you using those rules? Are those for incoming or outgoing connections? From what I can see, they APPEAR to be mapping an incoming connection to your public address to some internal host, and I would have no idea how it could determine WHICH host from 0.0.0.0.Synetech inc. : That’s the big mystery. The VirtualServer list enables one to allow for incoming connections; the Application list allows for port-triggering; the Filters list is the, uh, filter list; and the the Firewall list allows for even more specific filtering. In fact, other D-Link emulators show the same thing:
http://support.dlink.com/emulators/di604/adv_virtual.html
http://suportetecnico.sapoadsl.pt/dlink/ADVANCED/ad_virtual_server.htm
I may end up having to reset my router to test the default rules (and then reconfigure everything all over again). :(From Michael Graff -
I'd say that the pre-configured rules that have 0.0.0.0 don't actually work. All of the rules imply a EXACT match /32 . For you to try to put 192.168.100.0 or 0.0.0.0 is just strange. Why would you think that would work?
Synetech inc. : Because I’m *fairly* sure that the HTTP and FTP servers that I ran worked even though I was using the default rules for ports 80 and 21.From djangofan
0 comments:
Post a Comment