I'm having difficulty getting the firewall on a Draytek Vigor 3220 to pass incoming connections to port 25. I've used Open Ports to send port 25 connections to the local computer with our mail server on it. This is working as expected when the default rule on the firewall is set to pass all packets.

I've set a rule to pass TCP packets from WAN to LAN from any source IP address and port to any destination IP address on port 25. However, this doesn't seem to be being triggered, and when the default rule is set to block, the connection fails.

The firewall log tells me that the packets are being blocked by the default rule (13.1), not by any of the filters. Here's an example (using a test connection from mxtoolbox.com):

[FILTER][Block][WAN->LAN/DMZ/RT/VPN, 0:56:47 ][@S:R=13:1, 18.205.72.90:23355->192.168.0.2:25][TCP][HLen=20, TLen=52, Flag=S, Seq=3276758857, Ack=0, Win=8192]

I've checked and ensured that all filter sets are being activated in turn, and other rules are behaving correctly. No other rule involves passing on to any other rule or filter set, so I don't think it can be skipping the rule.

What can I do to test the firewall rule in more depth to figure out why it's not catching and passing these packets?

I have another filter which opens a different incoming port, and that one is working fine: packets are being passed through and received at the destination computer. But I can't see any difference in the rule setup.