DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
DrayOS Firewall advice
- ccarmock
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 80
- Thank you received: 0
14 Mar 2022 20:38 #100814
by ccarmock
DrayOS Firewall advice was created by ccarmock
I have transitioned from using a Draytek Liux router to a DrayOS based one (2960 to 3910) and getting used to the differences.
Firstly I want to see in syslog any traffic from the WAN ports that is not allowed by the firewall, so have created a Block immediately catchall rule at the bottom of my filter set. Firstly this now seems to be blocking some but not all return traffic - ie if a client VPN is used I see traffic being blocked from the remote VPN server tot he PC if this catch all rule is enabled. However other traffic, liek return web traffic gets through OK. Disabling it stops this blocking.
I assume DrayOS firewalls do not need a catchall rule, however without one how would I ensure that SYSLOG captures all unintended traffic.
Secondly with this catch all in place - ie blocking immediately any traffic that is not explicitly allowed in an earlier rule, I have tried the Firewall -> Diagnose function. for instance to see what would happen in a WAN->LAN direction say for ICMP from 8.8.8.8 to any internal address - which isn't allowed in my rule set so should match my catchall block. However diagnose just says "This packet is not handled by the firewall" This I find confusing, since it will match my catchall rule so I would expect diagnose to say that. Any advise appreciated.
Firstly I want to see in syslog any traffic from the WAN ports that is not allowed by the firewall, so have created a Block immediately catchall rule at the bottom of my filter set. Firstly this now seems to be blocking some but not all return traffic - ie if a client VPN is used I see traffic being blocked from the remote VPN server tot he PC if this catch all rule is enabled. However other traffic, liek return web traffic gets through OK. Disabling it stops this blocking.
I assume DrayOS firewalls do not need a catchall rule, however without one how would I ensure that SYSLOG captures all unintended traffic.
Secondly with this catch all in place - ie blocking immediately any traffic that is not explicitly allowed in an earlier rule, I have tried the Firewall -> Diagnose function. for instance to see what would happen in a WAN->LAN direction say for ICMP from 8.8.8.8 to any internal address - which isn't allowed in my rule set so should match my catchall block. However diagnose just says "This packet is not handled by the firewall" This I find confusing, since it will match my catchall rule so I would expect diagnose to say that. Any advise appreciated.
Please Log in or Create an account to join the conversation.
- ccarmock
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 80
- Thank you received: 0
15 Mar 2022 21:45 #100820
by ccarmock
Replied by ccarmock on topic Re: DrayOS Firewall advice
Adding a bit more to this - so far I have not been able to get the Firewall -> Diagnose to say anything other than 'Packet is not handled by the firewall. I have tried setting direction to be From WAN and entering details that match a specific firewall rule for a specific port, and IP address and even though the firewall rule is active I get the 'This packet is not handled by the firewall.
Possibly my understanding but I interpreted this Diagnose option as one that teted a packet against all firewall rules.
This is on a 3910 running firmware 3.9.7.2
Possibly my understanding but I interpreted this Diagnose option as one that teted a packet against all firewall rules.
This is on a 3910 running firmware 3.9.7.2
Please Log in or Create an account to join the conversation.
- pharcyder
- Offline
- Member
Less
More
- Posts: 165
- Thank you received: 1
23 Mar 2022 15:26 #100868
by pharcyder
Replied by pharcyder on topic Re: DrayOS Firewall advice
The IP address of the internal device needs to be the Router's WAN IP, not the private IP address of the internal device.
Also, if you have multiple WANs UP, the diagnose function doesn't seem to work at all (at least I can't get it to work).
Also, if you have multiple WANs UP, the diagnose function doesn't seem to work at all (at least I can't get it to work).
Please Log in or Create an account to join the conversation.
- ccarmock
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 80
- Thank you received: 0
23 Mar 2022 19:58 #100869
by ccarmock
Replied by ccarmock on topic Re: DrayOS Firewall advice
Ah thank you that will help - I was morroring source & destination as per the firewall rules
I do have multiple WAN links up so will have to check if that's causing an issue also.
I do have multiple WAN links up so will have to check if that's causing an issue also.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek