I have a recently purchased a 2830n. I have one vlan for a 'green' network (just P1 on the 2830) and one vlan for an 'orange' network (everything else at the mo, P2-P3 and the SSIDs). No VLAN tagging. I want to be able to access the internet from both green and orange networks and I want to be able to access the orange network from the green network but not vice versa. Rationale behind this is that the green network is secure and can access everything but nothing can get into it. The orange network has the wifi and servers that open up incoming ports to the internet so they could be compromised but even if they are they cant get into the green network.

For the life of me I cant seem to work out how to get the 2830 to do this but I feel that it should be able to.

In LAN/General Setup I can use Inter-LAN Routing to route between LAN1 and LAN2 but then I cant seem to stop the traffic from LAN2 to LAN1.

I have tried setting up Firewall filter rules to specify that traffic can pass from the subnet on LAN1 to the subnet on LAN2 but to block the traffic the other way but that seems to have no effect at all. With the Inter-LAN routing on the traffic flows in both directions, with it off the traffic doesnt flow.

I'm not very expert in this stuff My last firewall was a smoothwall implementation and it did this straight out of the box.

The documentation for the 2830 seems to be truly dreadful which is a real shame because it seems like a good bit of kit. I guess that may be down to my ignorance

Any help would be greatly appreciated.

Thanks,
Wilf

Hi Wilf. I am running a 2830 with 4 vlans. I am on my 4th set of updated firmware now....some of the earlier versions gave me the same headaches you are having.
Draytek sent me the latest beta fw two weeks ago, and according to my logs, all is now working as it is supposed to...( except for the annoying DNS caching issue )
Unfortunately the file is tagged v2830001_r27662.all and I have no idea if this is Aust specific or where this fits into the release schedule.

Re your question. The routing and firewall rule logic seemed to have way too many triple negatives in the FAQ's, so I set up a test net to learn to drive the box.
After some messing around, I found the best way was to create IP objects and service objects, then build the rules around the objects. I tried a couple of times to do it manually but had inconsistent results.
One important thing I also learned, was to use the supplied subnets and vlan addressing. It appears to me that a number of advanced functions have had these default IP ranges hard coded into the firmware.
If you set up your own addressing... lot of functions seem lost or unstable.

hope this helps

Vince197