Hi all,

Router - Vigor 2820VN
Firmware - beta_0414 (we were given this to try and solve an unrelated problem. Previously 3.3.5.2)

I posted a little while ago about this, and had an answer that I've only just been able to test. Unfortunately, it's not been succesful.

I have a static external IP address that I need to let access a specific port on our internal server. I set up a filter as follows, which is what was suggested. I've been using RDP as a test:

(Under Firewall, Filter Setup, Default Data Filter)

Direction - WAN ->LAN/RT/VPN
Source IP - Specific External IP
Destination IP - Internal Server IP
Service Type - (User Defined. Protocol - Any, Source Port - 3389~3389, Destination Port - 3389~3389)
Filter - Pass Immediately.

The Data Filter is set to use Set #2.

If I set the port up as an Open Port, or a Port Redirection, I can connect from the external address no problem, but of course this defeats the object, as anyone can connect to that port, no problem.

Is there something obvious I'm missing? I'd really appreciate any help that you could provide.

I had an answer from Draytek tech support about this one - I thought I'd post it up here in case it's of help to anyone else.

You would need to use NAT - Open port setup in the first place to allow external users to connect from the Internet.

Then you can setup firewall filter rules such that only allowed IP addresses from Internet gets passed.

In the firewall, add next rule after your pass rule as follows:

Direction : WAN -LAN/RT/VPN
Source IP: Any
Destination IP: Internal Server IP
Service Type: (User Defined. Protocol - Any, Source Port - 1~65535, Destination Port - 3389~3389) Filter : Block Immediately.

Note: Change source ports for service type in the pass rule to
1-65535 .

Hope this would help. Do let me know if further assistance is required.