1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DFL-1100
    5. /
  5. 18
Page 86 / 139 Scroll up to view Page 81 - 85
86
DHCP Server
Click on
Status
in the menu bar, and then click
DHCP Server
below it. A window will
appear providing information about the configured DHCP Servers. By default information
about the
LAN
interface
will be show, to see
another one click on
that interface.
Interface
– Name of
the interface the DHCP
Server is running on.
IP Span
– Displays
the configured ranges of
IP’s that are given out
as DHCP leases.
Usage
– Display
how much of the IP
range is give out to
DHCP clients.
Active leases
are
the current computers
using this DHCP server.
It is also possible to end
a computers lease from
here by clicking on
End
lease
after that IP.
Inactive leases
are leases that are not currently in use but have been used by a computer
before, that computer will get that lease the next time it is on the network. If there is no free IP
in the pool these IP’s will be used for new computers.
Page 87 / 139
Users
Click on
Status
in the menu bar, and then click
Users
below it. A window will appear
providing user information.
Currently authenticated users
– users logged in using HTTP/HTTPS authentication,
users logged in on PPTP and L2TP servers will be listed here. Users can be forced to log out
by clicking logout.
Currently recognized privileges
– all users and groups that are used in policies are
listed here. These users and groups will be able to use HTTP and HTTPS authentication.
Interfaces where authentication are available
– here all interfaces where HTTP and
HTTPS authentication is possible is listed.
Page 88 / 139
88
How to read the logs
Although the exact format of each log entry depends on how your syslog recipient works,
most are very much alike. The way in which logs are read is also dependent on how your
syslog recipient works. Syslog daemons on UNIX servers usually log to text files, line by line.
Most syslog recipients preface each log entry with a timestamp and the IP address of the
machine that sent the log data:
Oct 20 2003 09:45:23 gateway
This is followed by the text the sender has chosen to send. All log entries from DFL-1100
are prefaced with "EFW:" and a category, e.g. "DROP:"
Oct 20 2003 09:45:23 gateway EFW: DROP:
Subsequent text is dependent on the event that has occurred.
USAGE events
These events are sent periodically and provide statistical information regarding
connections and amount of traffic.
Example:
Oct 20 2003 09:45:23 gateway EFW: USAGE: conns=1174 if0=core ip0=127.0.0.1
tp0=0.00 if1=wan ip1=192.168.10.2 tp1=11.93 if2=lan ip2=192.168.0.1 tp2=13.27 if3=dmz
ip3=192.168.1.1 tp3=0.99
The value after conns is the number of open connections trough the firewall when the
usage log was sent. The value after tp is the throughput through the firewall at the time the
usage log was logged.
DROP events
These events may be generated by a number of different functions in the firewall. The
most common source is probably the policies.
Example:
Oct 20 2003 09:42:25 gateway EFW: DROP: prio=1 rule=Rule_1 action=drop recvif=wan
srcip=192.168.10.2 destip=192.168.0.1 ipproto=TCP ipdatalen=28 srcport=3572 destport=135
tcphdrlen=28 syn=1
In this line, traffic from 192.168.10.2 coming from the WAN side of the firewall, connecting
to 192.168.10.1 on port 135 is dropped. The protocol used is TCP.
CONN events
These events are generated if auditing has been enabled.
One event will be generated when a connection is established. This event will include
information about protocol, receiving interface, source IP address, source port, destination
interface, destination IP address and destination port.
Page 89 / 139
Open Example:
Oct 20 2003 09:47:56 gateway EFW: CONN: prio=1 rule=Rule_8 conn=open
connipproto=TCP connrecvif=lan connsrcip=192.168.0.10 connsrcport=3179 conndestif=wan
conndestip=64.7.210.132 conndestport=80
In this line, traffic from 192.168.0.10 on the LAN interface is connecting to 64.7.210.132 on
port 80 on the WAN side of the firewall (internet).
Another event is generated when the connection is closed. The information included in the
event is the same as in the event sent when the connection was opened, with the exception
that statistics regarding sent and received traffic is also included.
Close Example:
Oct 20 2003 09:48:05 gateway EFW: CONN: prio=1 rule=Rule_8 conn=close
connipproto=TCP connrecvif=lan connsrcip=192.168.0.10 connsrcport=3179 conndestif=wan
conndestip=64.7.210.132 conndestport=80 origsent=62 termsent=60
In this line, the connection in the other example is closed.
Page 90 / 139
90
Step by step guides
In the following guides example IPs, users, sites and passwords are used. You will have to
exchange the IP addresses and sites to your own. Passwords used in these examples are not
recommended for real life use. Passwords and keys should be chosen so that they are
impossible to guess or find out by eg a dictionary attack.
In these guides for example
Firewall->Users
will mean that
Firewall
first should be
selected from the menu at the top of the screen,
and than the
Users
button to the left of the screen.

Rate

3.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top