DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Please help my tired old brain understand the firewall 2820!

  • gbrown100
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
05 Jan 2011 21:56 #65481 by gbrown100
Hi All,

I am more used to configuring NetGear which combines inbound port forwarding and firewalling...

So in the 2820:

If I want to tunnel say SMTP to an internal server IP 192.168.1.100:

Create an Open Port from WAN IP to 192.168.1.100 and allow port 25

This allows all smtp traffic from the wan ip through to 192.168.1.100. Because there is no Data Filter specifically affecting this (can't get used to lack of default deny rule) all traffic is allowed.

If I want to allow SMTP to an internal server 192.168.1.100 but ONLY from another external IP:

1. Create an Open Port from WAN IP to 192.168.1.100 and allow port 25
2. Create a Data Filter allowing port 25 from the Public IP I want to allow
3. Create a second data filter that blocks all Port 25 traffic coming into the WAN.

I assume that is the correct / easiest way to achieve this right?

Thanks

Graham

Please Log in or Create an account to join the conversation.

  • pkecun
  • Visitor
  • Visitor
06 Jan 2011 11:08 #65487 by pkecun
Pretty much..

1. Open port 25 to your internal SMTP server.
2. Create a data filter with 'Block if no further match' - source IP of any, destination IP of your internal SMTP server, service type destination port 25
3. Create a data filter with 'Pass Immediately', source IP of the external IP you want to allow access, destination IP of your internal SMTP server, service type destination port 25.

Good luck.

Please Log in or Create an account to join the conversation.

  • gbrown100
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
06 Jan 2011 13:14 #65498 by gbrown100
Thanks for the response. Funny, those 3 lines made more sense than the entire manual lol. I'll get cracking then!

Please Log in or Create an account to join the conversation.

More
06 Jan 2011 13:49 #65500 by voodle
One other thing to note if you're having trouble with the filter rules - when setting the service type, leave the source port as 1-65535 because that's random 99% of the time, just set the destination port to 25.

Please Log in or Create an account to join the conversation.

More
08 Jan 2011 15:56 #65529 by jrankin
Has anyone written a guide (better than the manual) on the Draytek firewall? I'm sure it is very powerful with its separated direction flows and source/destination ports but it really catches me out sometimes. I'm with the OP on this. Better advice in a few expert posts here than the anywhere in the documentation.

Please Log in or Create an account to join the conversation.

More
09 Jan 2011 23:29 #65544 by maark

jrankin wrote: Has anyone written a guide (better than the manual) on the Draytek firewall? I'm sure it is very powerful with its separated direction flows and source/destination ports but it really catches me out sometimes. I'm with the OP on this. Better advice in a few expert posts here than the anywhere in the documentation.



If you find one please post here :)

Please Log in or Create an account to join the conversation.

Moderators: Sami