Right, so I have my multiple IP addresses configured. And multi-NAT setup.

Now I needed to have outgoing IPs for some servers going out on their external facing IP, so I set them as DMZ hosts, which I discovered no-longer passes through the NAT rules. Oops, every port exposed, not good.

So I went into the firewall filter and configured a bunch of rules to let good ports through, chaining the filter rules, so anything not covered would get dropped.

But it doesn't work, the DMZ hosts still can be accessed using what should be blocked ports.

The Draytek documentation only covers filtering outbound traffic.

I've made sure that the default Data Filter continues to my new rule sets, but no luck.

I changed the default Data Filter to have a block all if no further matches rule and that just stopped all traffic inbound to the DMZ hosts. Which wasn't good. I added a final ruleset, 12, which blocked all traffic, and made sure everything was pass immediately, but that just blocked everything too.

So, if I have the DMZ hosts setup, how the heck do I firewall everything to those hosts and only let through what I need?

Im also having the same problem..I have set up a WAN alias for one of our other public IPs and have mapped one of the aliases to an internal PC and put it in the DMZ.

I have been trying to write a ruleset to block traffic but I cant seem to stop traffic going through to the DMZ...

I have tried using the internal IP and the WAN IP, all ports, single ports, block immediately and so on.

Anyone have any ideas..?

Thanks
Rolf

Any luck with this?

We have a similar problem with open ports and single NAT - incoming traffic isn't filtered at all.

Its a bit of a show stopper for us really.