Chris G wrote:
Typically, after (or perhaps because of) explaining it all I hit on a solution, or at least a way to get to one. I turned the firewall off (not for long!) and it worked. So I have been removing and adding firewall rules one by one to find the culprit. It's something subtle to do with having two firewall rules for the same TCP port number but I can at least get it to work now without relaxing the firewall rules all that much and I think with a little further experimentation I'll heve it tied down tightly again.
As a thought and to simplify your setup somewhat why don't you get a router that can do no-nat (the 2wire stuff can't ISTR) like a netgear DG834
Then your drayteks wan port could have the external ipaddress of your 2nd line and you could operate on one set of firewall rules and avoid the 2 layers of NAT you have to traverse for the 2nd connection.
* There is (well was last time I used it) a web interface bug with the netgear's when doing no nat with a single external IP address, even when no-nat is selected they won't let you assign the same address range to the internal interface as the external one so you have to set them up with the wan side disconnected..then it works. Otherwise get the dgteam firmware which has this issue fixed I believe.