Draytek 2925 block on lan

Ish · 22 Dec 2016 at 23:13

Hi

We have a Draytek 2925. I wasnt to restrict which devices can connect to a certain device on our network.

Let's say the device has the IP 192.168.1.247 and I don't want anything on the LAN to be able to access it.

I setup this firewall rule but it isn't doing anything.

What am I doing wrong?

bremen1874 · 23 Dec 2016 at 01:22

It's getting late, but...

It's a firewall rule LAN -> WAN or WAN -> LAN.

I believe that while the 'LAN/DMZ/RT/VPN -> LAN/DMZ/RT/VPN' direction setting suggests that it'll work within the local LAN it won't. It's more an option for limiting what can travel over a site-to-site connection (via the WAN).

Can you achieve what you want by using a port or tag based VLAN?

Liquidfox · 23 Dec 2016 at 02:16

As above, this is where you need to implement VLANs

Ish · 23 Dec 2016 at 10:18

Ideally I was hoping the firewall rule method would work as it would make things simpler but I can VLAN it as a last resort.

Steveocee · 23 Dec 2016 at 18:06

Can you try setting source IP to 192.168.1.0/24 ??

bremen1874 · 23 Dec 2016 at 18:20

It won't help. It's local LAN traffic within the same subnet and will never hit the firewall or any of its rules.

If the router is reconfigured with a port based VLAN then one of the router's network ports can be using a different subnet. If the limited access device is connected to the second subnet you've got something you can apply rules to.