I've just bought this router to replace my current one. I've managed to get online in bridging mode and both IPv4 and IPv6 are working fine.

Unfortunately I need to do more than that and after two hours have failed to:
* Set up port forwarding to my mail server. I've tried both port forwarding and opening ports. Abject failure.
* Enable NAT loopback - does the router support it?
* IPv6 - again no access to mail server.

I'm not a novice at this. I've been running my own mail server for nearly 20 years and have set many routers up over the years (took me three or four before I found one that could reliably handle IPv6). I could understand if I was having difficulty with the IPv6 filtering because that's different to other routers. But port forwarding should be trivial. The open ports function in particular is laughably obvious but no success.

Surely Draytek haven't shipped a router that is this bad? Please, someone, give me a step by step process on how to forward incoming traffic on port 25 to 192.168.1.11. There must be some laughably obvious 'magic sauce' that I've not found.

There are significant bugs in the DrayTek firmware but none that I've come across in the NAT functionality. Have you got got a firewall rule to allow inbound traffic on port 25 to reach your mail server?

I think I tried that but I'll give it another go. It seems a bit odd to have to add a firewall rule as well as opening/redirecting ports.

Adding a firewall rule didn't make any difference. I've also looked at various official guides and none mention doing anything to the firewall (eg; https://www.draytek.com/support/knowledge-base/5751). I also notice that the firewall appears not to be blocking IPv4 requests anyway. For 'Block routing connections initiated from WAN' only IPv6 is blocked and if I attempt to run Firewall diagnosts for any IPv4 packet it say 'Packet not handled by firewall(6)'.

This is my open port rule:


And these the port redirect rules - currently not enabled.

From looking at the manual I think you may need to use 'Port Redirection' rather than 'Open Ports'. The other option is to enter the IP address of your server in 'DMZ Host' and then use firewall rules to control access - this is my preferred approach as for me it offers greater control compared to the simpler 'Port Redirection' setup.

36bits wrote:
From looking at the manual I think you may need to use 'Port Redirection' rather than 'Open Ports'. The other option is to enter the IP address of your server in 'DMZ Host' and then use firewall rules to control access - this is my preferred approach as for me it offers greater control compared to the simpler 'Port Redirection' setup.

Thanks, I'll think about that.

But I've also noticed this thread where people are implying that this version of the firmware is just borked.

I might ping a missive off to Support but I'm also leading toward just sending it back and getting a refund. Not very impressive for a bit of kit that cost twice as much as the Billion it's replacing. The only reason I'm doing this is because the Billion 8800 occasionally has a brain fart and I was hoping to finally get a router that I could genuinely trust 24/7/52. If this router can't even do something as simple as port forwarding out of the box without me running into bugs then sending it back for a refund might be the best answer.