I have a strange issue with one of my Draytek routers, a 2820.

The firewall is treating all connections as though they were LAN/RT/VPN to LAN/RT/VPN. This meant that the rules blocking WAN->LAN on the redirected ports were not triggering and the ports were open to attack!

I turned on syslog for the default PASS and it clearly showed [LAN/RT/VPN->LAN/RT/VPN] for all traffic!

(I wouldn't expect true LAN to LAN traffic to go through the router, unless it's a broadcast.)

I have checked the physical setup and it all seems correct, and I have gone through every bit of the configuration, and restarted the router multiple times, but it just insists that all traffic to and from the WAN is categorised as LAN to LAN. I do not have any VPN or static routes specified, it is really quite a simple setup.

It is setup to use WAN2 via an Openreach VDSL modem to an FTTC connection and works perfectly, apart from the problem with the firewall.

I have had to change all the firewall rules to apply to [LAN/RT/VPN->LAN/RT/VPN].

Any ideas?

The other draytek routers I use, a mix of 2820, 2830, 2850 and 2860 models, all configured similarly all correctly identify WAN traffic and the firewall rules apply as expected.

P.S. It is quite alarming how many external attempts are made to connect to the supposedly firewalled ports (3389 and 5900), and very worrying that the firewall can cease to clock these ports by deciding that WAN addresses are really LAN addresses and the firewall rules no longer apply. Doesn't give a lot of confidence in the firewall!

Thanks,

Geoff