Issue is really that you are running two NAT routers in series.
To create a modem only, i.e. no firewall mode on the DG834 you need a block of static IP addresses from provider.
Your idea of creating a new security rule might work, if you ensure the IP address the draytek router gets is always the same, e.g. LAN IP Address reservation, or set its WAN side up with a manual IP address.
The security on the draytek (NAT mainly) will provide a similar level of protection to what the DG834 does already.
Have you considered wiring the PS3 and xbox using ethernet directly to the dg834?
Another option would be rely on the security in the 834, and configure the draytek to operate as a wireless access point rather than wireless router.