DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Does LAN to LAN use firewall?

  • Andrew
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
18 Jul 2011 14:32 #68652 by Andrew
Does LAN to LAN use firewall? was created by Andrew
Does LAN to LAN VPN traffic get filtered by the Firewall?

Andrew

Please Log in or Create an account to join the conversation.

More
26 Jul 2011 21:03 #68753 by nobody
Replied by nobody on topic Re: Does LAN to LAN use firewall?
Depends on the model and version of the router.
In the more modern drayteks I would tend to say yes unless otherwise noted in the Firewall settings.
older routers (2900,2300) there was a checkbox in the WebUI to enable the firewall on VPN connections traffic.

Please Log in or Create an account to join the conversation.

  • Andrew
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
26 Jul 2011 21:15 #68756 by Andrew
Replied by Andrew on topic Re: Does LAN to LAN use firewall?
It's a
Model Name : Vigor2820Vn
Firmware Version : 3.3.5.2_232201
Build Date/Time : Apr 7 2011 18:10:43
ADSL Firmware Version : 232201_A Hardware: Annex A

Andrew

Please Log in or Create an account to join the conversation.

More
26 Jul 2011 21:28 #68757 by nobody
Replied by nobody on topic Re: Does LAN to LAN use firewall?
I think, yes (because I dont see a checkbox), but no warranties.

Please Log in or Create an account to join the conversation.

  • Andrew
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
28 Jul 2011 10:55 #68792 by Andrew
Replied by Andrew on topic Re: Does LAN to LAN use firewall?
Having checked it I think the firewall is only used on the WAN ports. Is there any way that traffic from a VPN tunnel can be filtered/firewalled?

Andrew

Please Log in or Create an account to join the conversation.

More
28 Jul 2011 11:27 #68793 by nobody
Replied by nobody on topic Re: Does LAN to LAN use firewall?
Are your sure ?
thats why I said, no warranty - for me, it works ( Draytek 2950).

Example rule:
Goal: block smtp outgoing traffic with the exeption of 1 server machine.
2 rules:
1st rule:
Allow explicit one ip for traffic to port 25:
Some filterset WHICH IS ENABLED in the filter general setup als the Start filter set, or a filter set which is linked by another filter set
Some rule:

check enabled
Name: smtpOutOK
Direction: LAN ->WAN
source IP: 192.168.0.10
DestIP: any
Service Type: Port, from an to 25
Filter: pass immediately


2nd rule following the first in the same filterset
check enabled
name: blocksmtp
Direction: LAN -> WAN
SourceIP: any
DestIP: any
SErvice type: TCP, port: from any to 25
Filter: block immediately





works for me.

Maybe try with this rule in your Vigor:
backup your configuration,
clear all filter sets
in the Firewall general setup, look for the deault data filter set.
Choose this set.
setup the filter as above and then try to connect with telnet to port 25 to a known smtp server connected through VPN.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami