DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2820 Treating WAN as LAN
- gbrown
- Topic Author
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
19 Nov 2015 12:46 #84779
by gbrown
2820 Treating WAN as LAN was created by gbrown
I have a strange issue with one of my Draytek routers, a 2820.
The firewall is treating all connections as though they were LAN/RT/VPN to LAN/RT/VPN. This meant that the rules blocking WAN->LAN on the redirected ports were not triggering and the ports were open to attack!
I turned on syslog for the default PASS and it clearly showed [LAN/RT/VPN->LAN/RT/VPN] for all traffic!
(I wouldn't expect true LAN to LAN traffic to go through the router, unless it's a broadcast.)
I have checked the physical setup and it all seems correct, and I have gone through every bit of the configuration, and restarted the router multiple times, but it just insists that all traffic to and from the WAN is categorised as LAN to LAN. I do not have any VPN or static routes specified, it is really quite a simple setup.
It is setup to use WAN2 via an Openreach VDSL modem to an FTTC connection and works perfectly, apart from the problem with the firewall.
I have had to change all the firewall rules to apply to [LAN/RT/VPN->LAN/RT/VPN].
Any ideas?
The other draytek routers I use, a mix of 2820, 2830, 2850 and 2860 models, all configured similarly all correctly identify WAN traffic and the firewall rules apply as expected.
P.S. It is quite alarming how many external attempts are made to connect to the supposedly firewalled ports (3389 and 5900), and very worrying that the firewall can cease to clock these ports by deciding that WAN addresses are really LAN addresses and the firewall rules no longer apply. Doesn't give a lot of confidence in the firewall!
Thanks,
Geoff
The firewall is treating all connections as though they were LAN/RT/VPN to LAN/RT/VPN. This meant that the rules blocking WAN->LAN on the redirected ports were not triggering and the ports were open to attack!
I turned on syslog for the default PASS and it clearly showed [LAN/RT/VPN->LAN/RT/VPN] for all traffic!
(I wouldn't expect true LAN to LAN traffic to go through the router, unless it's a broadcast.)
I have checked the physical setup and it all seems correct, and I have gone through every bit of the configuration, and restarted the router multiple times, but it just insists that all traffic to and from the WAN is categorised as LAN to LAN. I do not have any VPN or static routes specified, it is really quite a simple setup.
It is setup to use WAN2 via an Openreach VDSL modem to an FTTC connection and works perfectly, apart from the problem with the firewall.
I have had to change all the firewall rules to apply to [LAN/RT/VPN->LAN/RT/VPN].
Any ideas?
The other draytek routers I use, a mix of 2820, 2830, 2850 and 2860 models, all configured similarly all correctly identify WAN traffic and the firewall rules apply as expected.
P.S. It is quite alarming how many external attempts are made to connect to the supposedly firewalled ports (3389 and 5900), and very worrying that the firewall can cease to clock these ports by deciding that WAN addresses are really LAN addresses and the firewall rules no longer apply. Doesn't give a lot of confidence in the firewall!
Thanks,
Geoff
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek