DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Filter rule does not block traffic

  • incagarcilaso
  • Topic Author
  • Offline
  • Banned
  • Banned
More
22 Apr 2012 12:21 #71982 by incagarcilaso
Replied by incagarcilaso on topic Re: Filter rule does not block traffic
Hi Steve,

This is useful. This is exactly the way I have tried to set it up and is it ever frustrating and such a loss of time. So it looks like it is a bug? In my opinion this is a major bug - if a router cannot work as a firewall what can it do? This should never have shipped with such a bug.

I see your other post below about using LAN to LAN to get it to work so I'll give that a try.

Please Log in or Create an account to join the conversation.

  • incagarcilaso
  • Topic Author
  • Offline
  • Banned
  • Banned
More
22 Apr 2012 12:25 #71983 by incagarcilaso
Replied by incagarcilaso on topic Re: Filter rule does not block traffic

scroucher wrote: Further playing suggests that ALL rules need to be set to LAN --> LAN even if they're coming from a public address to internal. Nice bug!



I'll give this a try. So you are saying that it will work as long as we don't need to differentiate between routes from local domain to Internet, within local domain only or from Internet to local domain? Only the LAN to LAN option will allow these filter rules to work? Does that mean that their default filter rule for NetBios does not work because this is set using LAN to WAN? If this is the case, it is a major security hole, especially if you think it is closed! :o

Please Log in or Create an account to join the conversation.

  • incagarcilaso
  • Topic Author
  • Offline
  • Banned
  • Banned
More
22 Apr 2012 12:33 #71984 by incagarcilaso
Replied by incagarcilaso on topic Re: Filter rule does not block traffic

Frag wrote: In 99% of the cases where this does not work the problem can be traced to the fact that the service type has been configured incorrectly.

You need to set the DESTINATION PORTS ONLY. Do not set the source port as 3389, leave this as 1~65535 so that NAT can assign a pseudo-port.



Thanks for the suggestion. :? I have the firewall service set up as ANY source port to port 3389, but are your referring to the NAT port redirection service setting as opposed to my firewall rule port settings? Are you saying that the NAT port redirection service setting should not specify a single source port? I seem to remember trying to use a port range for the NAT service but it would only accept one. I'll try again.

Please Log in or Create an account to join the conversation.

  • incagarcilaso
  • Topic Author
  • Offline
  • Banned
  • Banned
More
22 Apr 2012 13:11 #71985 by incagarcilaso
Replied by incagarcilaso on topic Re: Filter rule does not block traffic

scroucher wrote: Further playing suggests that ALL rules need to be set to LAN --> LAN even if they're coming from a public address to internal. Nice bug!



Even this work on my 2830Vn. None of the firewall rules work however you try and configure them and following the instructions laid out in the manual and the FAQ. Next to useless as a router without firewall working.

Please Log in or Create an account to join the conversation.

More
22 Apr 2012 16:53 #71987 by scroucher
Replied by scroucher on topic Re: Filter rule does not block traffic
The Lan --> Lan/wan/whatever switch is pointless as you're specifying public or private addresses in the rules.
Steve

Please Log in or Create an account to join the conversation.

Moderators: Sami