Hi,
Vigor 2860 only using VDSL WAN1 and LAN1. Works fine with FW 3.8.4.3 and 3.8.4.4.
With 3.8.4.5 and 3.8.4.6 it works normally until the PPPoE link is established. Once the link is up I can't access it's control pages from the LAN.
It doesn't respond to http, https, telnet or ping from the LAN. I can access it's control page via the WAN from another location and it's working as normal otherwise.
Firewall on or off makes makes no difference.
Anyone seen anything like this before?

Update.
Seems other LAN devices _can_ connect to it.
My main machine can't and that is set up as a DMZ host via multi-nat (WAN IP alias).
It was also acting as an http proxy which is why I couldn't connect via http with other lan devices.

So the issue is only with a multi-nat DMZ host on the LAN.

Could you try removing the DMZ host for it and set up an open ports entry instead for that server?
You can do basically the same thing with open ports by opening 1-65535 TCP & UDP to that local IP on the alias IP.

Thanks but I need one-to-one IP Mapping for outgoing traffic as well.

UK support have now reproduced the problem and are escalating it.

smwardle wrote: Thanks but I need one-to-one IP Mapping for outgoing traffic as well.

UK support have now reproduced the problem and are escalating it.

That's good, though unfortunate it's a firmware issue.
If you need IP-mapping as well (until there's a firmware to fix your issue), a Policy Route entry should allow you to select which WAN IP address is used for outbound traffic.

I have found something related to this which I think may reinforce the suspicion that there is a bug in the firmware. I too had all of a sudden lost the ability to ping my router from outside my network (first noticed when my Thinkbroadband Quality Monitor went red).

So I did some digging and uncovered an strange problem...here's what I did.

1. Checked the syslog (which I should have done before) and noticed that the ICMP requests from you were actually hitting a device on my network (192.168.1.4), not the router.

2. Checked the NAT/Port Forwarding settings and noticed that in one case I had indicated that TCP/UDP should be forwarded, but left the ports as default which is 0 (can post screenshots if anyone is interested and I am not being clear).

When I removed TCP/UDP and set it back to null (ie not used), all of a sudden I can ping using Wormly. That is surely a bug in the Draytek firmware which should, at least, stop you entering a protocol without changing the port number from 0.

Or is forwarding TCP/UDP to port 0 for a particular address the same as telling a router to forward ICMP pings to that IP address?

Oddly, I had also added a 4G router to WAN2 in the past few weeks and whilst i was checking noticed that there was an old setting for the WAN2 DMZ, pointing to an IP that is no longer on the network. I thought that must be the issue, but checking it off or leaving it enabled made no difference, only the above fixed the issue.

Hope that adds something to the mix....