DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2920 faulty or is it me?

  • broadlybanned
  • Topic Author
  • Offline
  • New Member
  • New Member
More
26 Sep 2012 00:08 #73630 by broadlybanned
2920 faulty or is it me? was created by broadlybanned
I've been trying for days to get this v2920 working without success, I've tried to understand the pigeon-english manual and find it NO HELP. If I leave it disconnected from the WAN for a day it blocks me out from the admin page and I have to do a factory reset, and reload my config, but I can't leave it connected as it doesn't work! Here's my problem 1:

If I set the firewall default rule (firewall>general>default tab) to block - it blocks everything. If I set it pass, it passes everything and IGNORES my other rules! so what's wrong with my other rules? These are basically: I have set the default call and data filter sets to "block all to all if no further matches" and chained to the next filter set. In next filter set I have set the first rule to block if no further matches and then a subsequent rule ("pass if no further matches") to allow only the web proxy to HTTP out. In the next filter set I have set the first rule to block if no further matches and a subsequent rule ("pass if no further matches") allows only secure email from LAN clients. Therefore, according to the rules (OK my interpretation of them): ALL LAN clients EXCEPT the web proxy should be BLOCKED from sending HTTP through the firewall, but they are not blocked - I can dial up a web page straight out from a laptop on the LAN!
Also I notice that if I try to use the drop-down at the bottom of the filter set to specify the next filter set, it doesn't get accepted and the status shows "invalid", so instead I've set the next filter set from within the last rule in the filter set (e.g. rule = "pass if no further matches" then use the next drop-down to branch to the next filter set). Not sure if I understand how to chain filter sets correctly....

The rules mostly use IP objects and groups for sources and destinations and service objects and groups for all services/protocols. In the user management bit its set to "rule-based" rather than "user-based" (don't understand which is best) as I haven't specified any user profiles, and the web proxy deals with authentication and ACLs anyway. I've configured iptables firewalls for years and this thing is just plain confusing.

But I've paid good money for it so can someone please pass me the secret howto? :? How do I configure this thing to block all LAN clients except the web proxy from sending out HTTP?

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami