On Fri, Nov 06, 2009 at 01:25:22AM +0000, Wayne Stallwood wrote:
Chris G wrote:
Typically, after (or perhaps because of) explaining it all I hit on a solution, or at least a way to get to one. I turned the firewall off (not for long!) and it worked. So I have been removing and adding firewall rules one by one to find the culprit. It's something subtle to do with having two firewall rules for the same TCP port number but I can at least get it to work now without relaxing the firewall rules all that much and I think with a little further experimentation I'll heve it tied down tightly again.
As a thought and to simplify your setup somewhat why don't you get a router that can do no-nat (the 2wire stuff can't ISTR) like a netgear DG834
Then your drayteks wan port could have the external ipaddress of your 2nd line and you could operate on one set of firewall rules and avoid the 2 layers of NAT you have to traverse for the 2nd connection.
The 2Wire can do 'no NAT' I think, it calls it DMZplus and presents the 'outside' IP to the LAN port on the Draytek. It was the mode I tried originally but didn't work (because of the issue with the 2820n firewall). I guess I can switch back to using it, as you say it does make much more sense in my situation.