D-Link DIR-615 features and options

Analyzing logs for this site I've noticed quite a few people looking for information about Dlink DIR-615 features and operation. To help all those people I will review portions of the configuration that majority look for.

All of the important options are in the "Advanced" tab of the router configuration. Let's take a look at them one by one (you can find the configuration sections on the right of the router's administration page).

Virtual Servers: this is a useful but improperly named feature. It should have been called "port address translation" or PAT. Do not confuse it with "port forwarding" which is very close in function, but works a bit differently. Here you would specify a port on the firewall, that needs to be mapped to a different port on one of the computers on the network.

Example: You have several (two in our case) web or ftp servers on the network, but you have one IP address and can't share one port 80 or 21 for connections to all of these servers. The solution is to use port translation! If your first ftp server is at 192.168.1.10 on port 21 you create a rule by filling out the information on the page. The entry for FTP server one would have the same public and private ports since you are trying to make a streight through connection. However, for the second server you would change the public port ( TCP 31 in our case) but set the private port to still be 21.  So when you need to connect to the Server 2 via FTP from outside your network, you would use ftp://*your public IP*:31. When your ftp client connect to the router on port 31, it will know that this connection needs to be redirected to the port 21 on the FTP server 2 at 192.168.1.20

Port Forwarding: Here you literally "forward" a port from outside of your router to the port on one of your computers behind the router. Some applications need to have ports forwarded to be able to work on the internet.

Example: Let's say you run a torrent application to download files. Your client software is configured to run on port 5000. Without forwarding the port, the connections at best will be slow and at worst they won't be established at all. Give a name to the rule, enter the TCP, UDP or both types of protocols required for your connection and then enter the IP address of the computer that runs torrent client. This will direct all connections on port 5000 to computer at 192.168.1.10 in our exapmple. The difference between port translation and port forwarding is that port forwarding can't make connections from outside connect to different port on your computer (lets say connect to port 31 on router , but to 21 on your computer as in example above).

Application rules: This feature automatically opens specified ports on firewall when router senses network traffic going over a specific port.
Example: Your games requires a range of ports to be open for you to play it (TCP 200-250). When you start your game, it makes an outgoing connection to game servers on port 1100.  So these are the values you enter here. Now any computer trying to start the game will "trigger" the router to open ports 200-250 when it creates outbound connection on port 1100.

QoS: This is an advanced feature that should be used only by those who know what it is and how it works. It may create all kinds of strange problems if you enable it without having a clear need or understanding of this feature.

MAC Filter rules: Allows or blocks computer from getting on your network, talking to other computers and internet.
Example: You share a house with other people and don't want them to use your internet connection. Turn MAC filtering ON and ALLOW computers listed below to use your network. Then from DHCP client list select your computer and press the double arrow button to populate the MAC address field. Save the settings. Now only your computer can be on the network protected by this router and only that computer can access internet. Reverse also can be done. For example you want to exclude a computer that contains financial information for your small business from being on the network (for security reasons). You would select ON and DENY option and then select that computer. Now all but that one computer can use your internet connection and talk to each other.

Access control: This is another very powerful feature that should be left untouched unless you have a specific need for it. If you incorrectly configure this section - you may create some random problems on your network. In general this is the feature you would want to use to create and enforce very strict internet usage limits for small kids. We will skip it and move on to other features.

Web Filter: This is one of the most searched for features of this router. Here you would specify websites that are either allowed or prohibited for access on your network. Please note - that is is either or option. You can not make a list that is both - allowed and prohibited sites.
Example: you want to prevent your kids from going to www.playboy.com. Well, just enter playboy.com and select to DENY access. Note that some sites get creative with domain names and internet addresses. If you enter www.playboy.com then only pages that include www.playboy.com will be blocked. Yet, many pages on their website would still be accessible since they would be at store.playboy.com or similar address. To mitigate this problem - just enter playboy.com, which acts as a wild card of sorts.

Inbound Filter: This is very useful feature for those who need to get back into their local network from outside. You are probably worried about allowing too much access, which may get exploited by hackers, so you restrict this router to be accessible only by you from computer at your office.  You will need to enter all the IP addresses for the locations from which you may want to access your protected network.

Firewall settings: this section has general settings for the firewall in your router (portion that actually prevents people from accessing your network from outside).
Enable SPI: you should enable this. SPI - stateful packet inspection means that your router will be looking extra closely at all the traffic coming in and out to make sure none of it is forged or looks suspicious.
NAT Endpoint filtering: for even greater security you can restrict how connections are established.  I'm not going to explain what every option means ( you can read that in the help file or manual). Endpoint Independent is least restrictive but also least troublesome. This option is the best default configuration if you are not overly paranoid. Address restricted will restrict many connections only to the computer that originated them. This is more restrictive, but generally problem free setting. Port and Address Restricted is very strict policy which provides greater security but also has the potential to break applications that need internet connection. Do not use it unless you are very paranoid and know what you are doing.
Enable Anti-Spoof checking - enable this feature, as it tell the router to make sure the data being sent to you is not spoofed by hackers who are pretending to be someone else.
DMZ host: very useful and popular feature that allows you to "expose" one of your computers to the connections from outside.
Example: You have a server with FTP, WEB, mail and more. But since you only have one IP it sits behind the DIR-615 on your local network. Just enable this feature and give the IP of this server and it will "appear" to be located on the internet. Note that enabling this option will remove a lot of protection provided by your router. So make sure any machine in DMZ is fully secured by itself.

Advanced Wireless: settings that affect wireless signal on your router. Default settings are generally the best, do not change anything here unless you know why and what you need to change here. This is for advanced users only.

Advanced Network:

Enable UPnP (universal plug and play). This may help some applications (including windows itself) to establish connection to internet and talk to other devices on the network.
Enable WAN Ping Respond: only enable this if you want to use "ping" to check if your router is online when you are outside of the network. Unless you have a need for this - disable this feature.
WAN port speed - set this to auto. Only change this if you are having problem with your router not setting correct speed and duplex mode.
Enable MultiCast streams - enable this if you hare having trouble sharing mutli-media files, watching movies on your network, or listening to music (such as internet radio stations). In most cases you don't need to enable it, so use it only if you are having trouble with the listed applications.

If you have any questions or comments - feel free to post!