DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Configuring inbound connections to a server

  • angusk
  • Topic Author
  • Offline
  • New Member
  • New Member
More
26 Sep 2018 21:39 #7 by angusk
Replied by angusk on topic Re: Configuring inbound connections to a server

hornbyp wrote: The 'NAT rule' tells the router how to remap the traffic and the firewall rule says who/what can make use of it. In your case, since you aren't changing the port numbers with NAT, you'll probably want to set entries in "NAT->Open Ports", rather than "NAT->Port Redirection".




Sorry for the time it has taken for me to reply. I have finally got around to looking at this problem again.

I have gone to NAT->Open Ports and have tried to create a rule in there. I was hoping that it would have been possible to have the blanket rule of "Send everything to the server" as you may have with a DMZ, but when I defined the full port range (1 to 65535) it threw it out saying that there was a clash with some of the managelemt ports. Well, I only have the HTTPS port selected within management, and even then that it manually changed to 9000. Why, when I am not interested in using ports 23, 80, 21, 8069 or 22 for management, would it complain? How should I do what I need to do, particularly when I do actually want to forward ports 21 and 23 to the server anyway?

Angus

Please Log in or Create an account to join the conversation.

More
26 Sep 2018 22:57 #8 by hornbyp
Replied by hornbyp on topic Re: Configuring inbound connections to a server

AngusK wrote: I have gone to NAT->Open Ports and have tried to create a rule in there. I was hoping that it would have been possible to have the blanket rule of "Send everything to the server" as you may have with a DMZ...



The 2862 understands the concept of a DMZ. So why not configure your target Server in "NAT >> DMZ Host Setup" :?:

Please Log in or Create an account to join the conversation.

  • angusk
  • Topic Author
  • Offline
  • New Member
  • New Member
More
10 Nov 2018 18:45 #9 by angusk
Replied by angusk on topic Re: Configuring inbound connections to a server

hornbyp wrote: The 2862 understands the concept of a DMZ. So why not configure your target Server in "NAT >> DMZ Host Setup" :?:


That is exactly what I ended up doing in the end. And that was after a DrayTech support chap told me that what I wanted to be done was not possible with this router. I think he may have just wanted to get me off the phone, though.

If I do that does it mean that ALL traffic goes to the server? Given that I do want basically all unsolicited inbound traffic to go to the server, do I need to worry much about the firewall inbound rules with a DMZ in place? By 'unsolicited' I mean traffic which isn't as a result of another client PC on the network browsing the web and getting that sort of data.

Please Log in or Create an account to join the conversation.

More
13 Nov 2018 00:29 #10 by hornbyp
Replied by hornbyp on topic Re: Configuring inbound connections to a server

AngusK wrote: If I do that does it mean that ALL traffic goes to the server?


I've never used a DMZ Host, but that's how I understand it...

See: https://www.draytek.co.uk/support/guides/kb-vigor-portforwarding-differences

There's another feature, called "True DMZ" (which I also haven't used). It seems to only apply to a direct ADSL/VDSL connection to the Router ... and might be being phased out. (I can find configuration options for WAN1 of my 2860 (which I don't use) ... but the equivalent setting doesn't look to be there in the ' 2862 Live Demo'.

See: https://www.draytek.co.uk/support/guides/kb-vigor-truedmz

He also wrote: Given that I do want basically all unsolicited inbound traffic to go to the server, do I need to worry much about the firewall inbound rules with a DMZ in place?


I would have thought you'd configure the DMZ Host's Firewall functionality instead...

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami