Hello Folks (its my first post, be kind!)

I have a Draytek 2830n and am trying to configure it to have a DMZ zone as well as the normal LAN . When I say DMZ, I just need a separate (secure) area to run a publicly facing web server. I need to allow this webserver to communicate on one TCP port with one server in the LAN - for the database/LOB system.

I've so far created VLAN0 (Ports 1,2,3) 192.x.x.x and VLAN1 (Port 4) 10.x.x.x

Checking the "Inter-LAN routing" has allowed traffic to flow between those VLANS.

I've setup a a Port Redirection rule for WAN HTTP traffic to the internal IP address of the server in the DMZ and to my slight surprise it's working great when tested.

All I would like to do now is stop any other traffic between those VLAN's (other than the one port to the database server). I've setup a new firewall filter to "block immediately" with direction LAN/RT/VPN > LAN/RT/VPN but it doesn't seem to be doing anything (can still RDP onto the webserver in the other VLAN).

Can anyone help please? I'm hoping a don't need to rely on windows software firewalls.. :o

Can anyone help?

No-one knows if the Draytek 2830n router allows firewall rules between VLAN's ??!

This worked for me.
Creating a firewall rule that blocks traffic between the subnet address of one vlan and the single address of the other vlan did prevent traffic.