Ip/Mac Binding - D-Link DFL-500 User Manual

Hide thumbs Also See for DFL-500:

Manual (122 pages)

User manual (114 pages)

Quick install manual (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

Table of Contents

Set the Forwarded IP to the IP address of the server to which to send the packets.

In the Forwarded Service Port list, select the service used by the packets when they are forwarded to the

server. Usually you would select the same service as you selected in the External Service Port list, but

you can select a different service port to have the DFL-500 change the destination port of packets before

they are forwarded to the server.

Select OK to save your changes.

Port forwarding configuration example

IP/MAC binding

IP/MAC binding protects the DFL-500 from IP Spoofing attacks. IP Spoofing attempts to use the IP address of

a trusted computer to access the DFL-500 from a different computer. The IP address of a computer can easily

be changed to a trusted address, but MAC addresses are added to ethernet cards at the factory and cannot

easily be changed.

You can enter the IP addresses and corresponding MAC addresses of trusted computers into the DFL-500

firewall configuration. When a packet arrives from a trusted IP address, it is checked to determine whether the

MAC address that the packet originated from matches the MAC address in the table. The DFL-500 checks all

packets received by the DFL-500 external interface. This includes packets addressed to the external interface

and packets passing through the firewall.

Note: IP/MAC binding is not supported in Transparent mode.

You can configure IP/MAC binding so that the DFL-500 lets traffic with a source address not found in the

IP/MAC binding table pass through the firewall. Any traffic with a source address that is defined in the IP/MAC

binding table must have the correct MAC address or it is blocked. You can also configure the DFL-500 to

block all traffic with a source address that is not found in the IP/MAC binding table, and to only allow traffic

with a source address in the IP/MAC binding table if the IP address and MAC address pair matches an entry

in the table.

MAC addresses are only carried on the local network where they originate, and are not passed from one

network to another.

This section describes:

Adding IP/MAC binding addresses

Enabling IP/MAC binding

DFL-500 User Manual

Table of Contents

Ip/Mac Binding - D-Link DFL-500 User Manual

IP/MAC binding

Related Manuals for D-Link DFL-500

Related Content for D-Link DFL-500

Table of Contents