0

I have a draytek 2830n router in behind the router supplied from my ISP. Lan1 of the ISP router is connected to VLAN2 port of the draytek router.

I am trying to block an individual IP address using the filter setup feature.

I have tried the following configuration and yet the IP address is not been blocked. What am I doing wrong?

Direction: WAN->LAN/RT/VPN
Source IP: {IP I want to block}
Destination IP: Any
Filter: Block Immediately

Firewall Rule Image:

enter image description here

harrymc
  • 455,459
  • 31
  • 526
  • 924
Jonathan Harker
  • 3
  • 2
  • 1
    What kind of connection do you have? What are the "direction" options? My guess is your connectiin uses ppp and thus the data arriving on the wan port is obfusicated. – davidgo Jun 06 '21 at 20:09
  • Thanks @davidgo Connection is set to dhcp client. Access mode is "static or dynamic ip". The options for this setting are PPPoE or PPTP/L2TP. The other direction options are LAN/RT/VPN -> WAN and LAN/RT/VPN -> LAN/RT/VPN. Any way not to have the external IP address obfusicated? – Jonathan Harker Jun 06 '21 at 20:25
  • I've written a response as an answer. – davidgo Jun 06 '21 at 21:28

1 Answers1

0

Without knowing your connection type it is impossible to provide an exact answer, however it appears your connection is using some kind of tunnel - this means that the apparent interface of the traffic is not the WAN Interface.

If you try PPPoE setting rather then WAN, and if that fails, PPTP/L2TP that should do it.

Effectively the PPoE or PPTP interface is a virtual Interface where the external IP address of the source won't be obfusicated.

(Think of the PPPoE or PPTP Interface as a VPN between your ISP and yourself - the WAN Interface is seeing the encrypted traffic while the virtual interface on the router which represents the endpoint provides the unencrypted data)

davidgo
  • 68,623
  • 13
  • 106
  • 163