DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Configuring inbound connections to a server

  • angusk
  • Topic Author
  • Offline
  • New Member
  • New Member
More
26 Sep 2018 21:39 #7 by angusk
Replied by angusk on topic Re: Configuring inbound connections to a server

hornbyp wrote: The 'NAT rule' tells the router how to remap the traffic and the firewall rule says who/what can make use of it. In your case, since you aren't changing the port numbers with NAT, you'll probably want to set entries in "NAT->Open Ports", rather than "NAT->Port Redirection".




Sorry for the time it has taken for me to reply. I have finally got around to looking at this problem again.

I have gone to NAT->Open Ports and have tried to create a rule in there. I was hoping that it would have been possible to have the blanket rule of "Send everything to the server" as you may have with a DMZ, but when I defined the full port range (1 to 65535) it threw it out saying that there was a clash with some of the managelemt ports. Well, I only have the HTTPS port selected within management, and even then that it manually changed to 9000. Why, when I am not interested in using ports 23, 80, 21, 8069 or 22 for management, would it complain? How should I do what I need to do, particularly when I do actually want to forward ports 21 and 23 to the server anyway?

Angus

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
26 Sep 2018 22:57 #8 by hornbyp
Replied by hornbyp on topic Re: Configuring inbound connections to a server

AngusK wrote: I have gone to NAT->Open Ports and have tried to create a rule in there. I was hoping that it would have been possible to have the blanket rule of "Send everything to the server" as you may have with a DMZ...



The 2862 understands the concept of a DMZ. So why not configure your target Server in "NAT >> DMZ Host Setup" :?:

Please Log in or Create an account to join the conversation.

  • angusk
  • Topic Author
  • Offline
  • New Member
  • New Member
More
10 Nov 2018 18:45 #9 by angusk
Replied by angusk on topic Re: Configuring inbound connections to a server

hornbyp wrote: The 2862 understands the concept of a DMZ. So why not configure your target Server in "NAT >> DMZ Host Setup" :?:


That is exactly what I ended up doing in the end. And that was after a DrayTech support chap told me that what I wanted to be done was not possible with this router. I think he may have just wanted to get me off the phone, though.

If I do that does it mean that ALL traffic goes to the server? Given that I do want basically all unsolicited inbound traffic to go to the server, do I need to worry much about the firewall inbound rules with a DMZ in place? By 'unsolicited' I mean traffic which isn't as a result of another client PC on the network browsing the web and getting that sort of data.

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
13 Nov 2018 00:29 #10 by hornbyp
Replied by hornbyp on topic Re: Configuring inbound connections to a server

AngusK wrote: If I do that does it mean that ALL traffic goes to the server?


I've never used a DMZ Host, but that's how I understand it...

See: https://www.draytek.co.uk/support/guides/kb-vigor-portforwarding-differences

There's another feature, called "True DMZ" (which I also haven't used). It seems to only apply to a direct ADSL/VDSL connection to the Router ... and might be being phased out. (I can find configuration options for WAN1 of my 2860 (which I don't use) ... but the equivalent setting doesn't look to be there in the ' 2862 Live Demo'.

See: https://www.draytek.co.uk/support/guides/kb-vigor-truedmz

He also wrote: Given that I do want basically all unsolicited inbound traffic to go to the server, do I need to worry much about the firewall inbound rules with a DMZ in place?


I would have thought you'd configure the DMZ Host's Firewall functionality instead...

Please Log in or Create an account to join the conversation.