Draytek 2925 port forwarding

I am trying to forward port 80 to NAS drive, I have changed the ports in the management setup and added port forwarding rule in NAT/port redirection but 80 still remains closed, has anyone had this problem?

i would strongly advise against using port 80, use https 443,

in port redirect src port 8443 dest port 443 on all interfaces for https

or

in port redirect src port 8080 dest port 80 on all interfaces for http

to access from the outside world, use https://{public ip}:8443 or http and :80 for http

That won't work if you still access the DrayTek web admin on port 80.
But as said above opening port 80 is not good and ideally https access should be used.

Thanks
Dan

I have changed the web admin to 8080 and SSH to 4433 so in theory the redirects on 80 to local ip:80 and 443 to local ip:443 should work but they don't

I use a Wireguard VPN for remote access. The client runs on my Windows 10 laptop. More secure than port forwarding.

Try a port above 1024.

I'm not sure how to explain it not working on port 80, but do you need to disable or redirect SSL VPN as well for port 443?

Also, presume you have set it to TCP, and to All WAN connections within the NAT rule. Made sure you are up to date with the Firmware just in case?

I also presume from your PC connection (internal to the NAS) that connection to the management pages is fine?

Silly question, but you are on a fixed IP on your WAN side that doesn't use anything like CGNAT etc etc? Or you have DDNS setup etc?

Got anything else forwarding using NAT, so you know all is well with the router?

By default the SSl VPN is on port 443 so have changed to 4433
Firmware is the latest.
Ports are open on NAS drive
Fixed IP address
No other ports forwarded
It worked on aTP Link router but have changed as all IPv6 is open on the internet

I would strongly advise not publishing the WebGUI of your NAS to the public internet. It's a far more secure solution to VPN into your Draytek and access your NAS.

If you wish to proceed anyway, your Draktek will be using the most of the standard ports so you'll need to publish a non-standard port. You'll also want to use the Firewall to restrict who can access that port once open. For example, block all Countries except the country you reside in would be a great place to start. Lock it down further if you can.

In reply to a post by nofappingway:

IYou'll also want to use the Firewall to restrict who can access that port once open. For example, block all Countries except the country you reside in would be a great place to start.

Not possible to use a firewall to bock by country. The internet is not organised in that way.