Skip to Content

Solution to the DSL-500T Router problem

whirlpool's picture

Solution to the DSL-500T Router problem

The only DLink ADSL router in the market, as of January 2005, in Cairo is the model DSL-500T. It is sold at around 340 EGP from a DLink distributer at a new computer mall in Heliopolis named Souq El 3asr (brands).

Before buying this model, I heard that there might be some issues with ssh connections. However, I knew that T models of DLink routers run GNU/Linux, so I didn't bother since Linux is an open platform, we are familiar with, we can hack and troubleshoot up to compiling a new kernel.

I also wanted a model that has an easy to configure firewall.

The problem

After configuring the connection and setting everything up and testing web and other services I decided to set my main PC to IP address and leave the rest as DHCP. I also decided to port forward ssh and bittorent ports to

The web and all other services were working flawlessly. Except for outgoing ssh and outgoing ftp (didn't test incoming ftp).

I decided to fiddle with the router web interface. Removing the port forwarding that I configured earlier. Nothing changed. I can not ssh or ftp to any machine.

There was no problem when using connecting through ssh via putty on a another windows box in my network.

Solving the problem

But still I can not ssh to any box. Even the login prompt doesn't appear when I try ssh.

Alaa, told me that he will help me solve the thing.

He telneted to the box and checked the active iptables rules. One of them explicitly dropped all outgoing ssh connections from!

DROP tcp -- anywhere tcp dpt:ssh

We tried to change the ip for his machine from to; ssh worked.

He returned back his ip to and then deleted this rule.

ssh worked !

The problem now is to know how the router makes this rule and find a way to avoid it. Alaa told me it was my homework.

So I decided to change my PC's ip address and thats it. So I opened the web interface. Created a new ip to forward ssh and bittorrent to. I saved the configuration, and restarted the router. All this while I was spying on the iptables rules on the router. After the changes the annoying rule was deleted.

I decided to bring things back to So I deleted the using the router's interface. Configured the port forwarding back to Restarted the router, check iptables. The rule has gone forever.

ssh worked.


DLink has no firmware updates nor any answer to this problem.

The solution in brief

Fixing the ftp

On your linux box as root type this iptables --table mangle --append OUTPUT --jump DSCP --set-dscp 0x0

Fixing the ssh

  • Open the web interface.
  • Click ADVANCED -> Port Forwarding
  • Created a new ip and delete the old one (
  • Now forward ssh and bittorrent. (If you wish)
  • Save the configuration
  • Restart the router.

Do the above while telnetting and checking the iptables rules on the router. $telnet Trying Connected to ( Escape character is '^]'. login: root password: your-web-interface-password

  1. iptables -L

    After the above steps the annoying rule should be gone.



Alaa's picture

now we need a guru

now we need a network guru to tell us what one looses by setting TOS value for ftp packets to 0??

the ftp solution is not a solution its a hack, there is a bug somewhere responsible for this.

whirlpool, I suggest you try to give other tcp traffix TOS 10 and see if you'll face similar problems.

this was a case study in how statistics and corelation are not enough to diagnose problems, whirlpool originaly thought that ssh connections from putty worked fine (correct but it turned out it was because of the IP).


"i`m feeling for the 2nd time like alice in wonderland reading el wafd"

ezabi's picture


Now the fact that we set the dscp value of the FTP traffic to 0x0 is somehow irrelevant because FTP traffic usually has the lower priority, so explicitly specifying that it has the lowest has no indication. It would be interesting to see the effect of increasing not other tcp traffic but FTP traffic to 10(0xa) and see what happens would the peer accept that or not.

Alaa's picture

shorewall TOS rules

Type of service. Must be one of the following:
  • Minimize-Delay (16)
  • Maximize-Throughput (8)
  • Maximize-Reliability (4)
  • Minimize-Cost (2)
  • Normal-Service (0)


"i`m feeling for the 2nd time like alice in wonderland reading el wafd"

whirlpool's picture

yes we do need one

now we need a network guru... whirlpool, I suggest you ...

ahem, sorry I don't classify as one.

Alaa's picture

but you can do an experiment

I know you're not a network guru, what I'm saying is give say the HTTP packaets TOS or DSCP or whatever value 10 and see if you'll fail to connect to websites or not.

I'm trying to find out if the DSL-500T barfs on TOS 10 or if it is another more specific thing.


"i`m feeling for the 2nd time like alice in wonderland reading el wafd"

There is an update for DSL-50

There is an update for DSL-500T on the Dlink' Russian site. it is dated 24/12/2004

Problem with login

i did update for my 500T Firmware for the first time to it and to me, and i upload one of the files but don't remember which one exactly.. after rebooting and successful upgrade the router config page logged off and waiting for the password, whenever i enter the password as admin and user admin it inform that it's invalid, and it's the same to my old password, may anybody help me whith what i shall do??

whirlpool's picture


The russian firmware is unofficial. And there is nothing describing what it fixes in English. I think it is safer to fix the router the way it is described abovein the original post.

re: problem with login

I guess that when u updated the firmware, your password were reset to defaults: "admin:admin" not ur : "admin-custom password" try that if not, u can reset your modem to defaults with the old firmware and get back to the old days!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Dr. Radut | book