DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Filtering not working / DMZ / MultiNat
- blowdart
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
23 Apr 2007 07:18 #42113
by blowdart
Filtering not working / DMZ / MultiNat was created by blowdart
Right, so I have my multiple IP addresses configured. And multi-NAT setup.
Now I needed to have outgoing IPs for some servers going out on their external facing IP, so I set them as DMZ hosts, which I discovered no-longer passes through the NAT rules. Oops, every port exposed, not good.
So I went into the firewall filter and configured a bunch of rules to let good ports through, chaining the filter rules, so anything not covered would get dropped.
But it doesn't work, the DMZ hosts still can be accessed using what should be blocked ports.
The Draytek documentation only covers filtering outbound traffic.
I've made sure that the default Data Filter continues to my new rule sets, but no luck.
I changed the default Data Filter to have a block all if no further matches rule and that just stopped all traffic inbound to the DMZ hosts. Which wasn't good. I added a final ruleset, 12, which blocked all traffic, and made sure everything was pass immediately, but that just blocked everything too.
So, if I have the DMZ hosts setup, how the heck do I firewall everything to those hosts and only let through what I need?
Now I needed to have outgoing IPs for some servers going out on their external facing IP, so I set them as DMZ hosts, which I discovered no-longer passes through the NAT rules. Oops, every port exposed, not good.
So I went into the firewall filter and configured a bunch of rules to let good ports through, chaining the filter rules, so anything not covered would get dropped.
But it doesn't work, the DMZ hosts still can be accessed using what should be blocked ports.
The Draytek documentation only covers filtering outbound traffic.
I've made sure that the default Data Filter continues to my new rule sets, but no luck.
I changed the default Data Filter to have a block all if no further matches rule and that just stopped all traffic inbound to the DMZ hosts. Which wasn't good. I added a final ruleset, 12, which blocked all traffic, and made sure everything was pass immediately, but that just blocked everything too.
So, if I have the DMZ hosts setup, how the heck do I firewall everything to those hosts and only let through what I need?
Please Log in or Create an account to join the conversation.
- kangarolf
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
11 Aug 2009 11:56 #57145
by kangarolf
Replied by kangarolf on topic Filtering not working / DMZ / MultiNat
Im also having the same problem..I have set up a WAN alias for one of our other public IPs and have mapped one of the aliases to an internal PC and put it in the DMZ.
I have been trying to write a ruleset to block traffic but I cant seem to stop traffic going through to the DMZ...
I have tried using the internal IP and the WAN IP, all ports, single ports, block immediately and so on.
Anyone have any ideas..?
Thanks
Rolf
I have been trying to write a ruleset to block traffic but I cant seem to stop traffic going through to the DMZ...
I have tried using the internal IP and the WAN IP, all ports, single ports, block immediately and so on.
Anyone have any ideas..?
Thanks
Rolf
Please Log in or Create an account to join the conversation.
- simoncog
- Offline
- Junior Member
Less
More
- Posts: 11
- Thank you received: 0
14 Aug 2009 16:09 #57224
by simoncog
Replied by simoncog on topic Filtering not working / DMZ / MultiNat
Any luck with this?
We have a similar problem with open ports and single NAT - incoming traffic isn't filtered at all.
Its a bit of a show stopper for us really.
We have a similar problem with open ports and single NAT - incoming traffic isn't filtered at all.
Its a bit of a show stopper for us really.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek