Hi.

I'm tinkering with the firewall on a Draytek 2830n with a view to filtering LAN traffic (not Wan or VPN).
The desire is to prevent a device on the LAN from receiving any traffic from the LAN directed to port 80.

I've had a look at the manual, this site, Whirlpool and a bit of Google but I am not having any success and am a bit confused about what the option LAN/RT/VPN->LAN/RT/VPN does.

So to possibly simplify it, I set up the below:

The device that is subject to the filter is a PC, plugged into LAN port 3 on the Draytek. It's address is 192.168.20.190
The firewall on the Draytek is enabled.

This is in "Filter Set 2", Rule 2 - Rule 1 is the default "xNetBios -> DNS" rule.

Direction: LAN/RT/VPN->LAN/RT/VPN
Source: Any
Destination:192.168.20.190 (single address)
Service Type: Any
Fragments: Don't Care
Filter: Block Immediately

My understanding is that with this rule any traffic to 192.168.20.190 will be dropped, yet in testing the device can be pinged from other devices on the LAN (these are wired, connected through a switch, but on the same subnet).

1) - What is Direction "LAN/RT/VPN->LAN/RT/VPN" for?
2) - What numpty mistake am I making?

Thank you for any insight.

Chris.


Router:
Model Name : Vigor2830n
Firmware Version : 3.6.8.4_sb_211801
Build Date/Time : 2016/01/19 18:28:17

PC:
Windows 7 Pro SP1 32bit (fully patched, firewall disabled)

Switch:
Cisco SG200

Draytek to the rescue!

From technical support:

Thank you for contacting technical support.
The router can filter the traffic by the LAN to LAN filter rule only by creating an additional subnet. It isolates the traffic between the PC in one subnet and the rest of the devices in another subnet.

Seems obvious now.

C