Blocking of unsolicited incoming requests is a side-effect of NAT, which is always enabled on the DrayTek routers.

Network Address Translation (NAT) allows your router to share one internet connection among several computers on your LAN.  When one of your computers sends a request to an internet address (e.g. your browser requests a web page, or your email program asks your ISPs mail server if any mail), the router applies NAT and remembers the original request.

When an incoming packet is processed by NAT:

  1. Solicited packets: The router’s internal NAT Active Sessions table is looked up to see if this is a reply to an outgoing message.  If so, the reply if forwarded to the computer making the original request.
  2. Open/Forwarded Ports: The router checks its table of Open Ports and Port Forwarding rules, and if the port number matches it forwards to the nominated computer.
  3. DMZ (Demilitarised Zone): If a DMZ address is specified, any remaining packets are forwarded to the DMZ address.
  4. If none of the above rules applies, the router doesn’t know where the packet should be sent, and so the packet is ignored.