Menu
What's new
By:
Filters Better Search

Enabled firewall but DNS still is filtered

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Turgut Kalfaoglu

Turgut Kalfaoglu

Regular Contributor
Hi. I added an exception rule to the firewall, to allow BOTH TCP and UDP to port 53, from/to all, because I run a DNS server. I enabled 'log dropped packages' and disabled DOS protection. Despite these, I get entries in the logs saying that the destination port 53 has been dropped.

May 26 14:32:32 ns2 kern.warn kernel: DROP IN=eth0 OUT= MAC=a8:5e:45:97:75:c8:08:62:66:d0:bf:c8:08:00 SRC=46.229.168.129 DST=192.168.2.2 LEN=74 TOS=0x00 PREC=0x00 TTL=52 ID=45303 PROTO=UDP SPT=18972 DPT=53 LEN=54
May 26 14:32:32 ns2 kern.warn kernel: DROP IN=eth0 OUT= MAC=a8:5e:45:97:75:c8:08:62:66:d0:bf:c8:08:00 SRC=46.229.168.129 DST=192.168.2.2 LEN=74 TOS=0x00 PREC=0x00 TTL=51 ID=45339 PROTO=UDP SPT=57318 DPT=53 LEN=54​

What do you suggest I do?

Many thanks, -t
 
Btw, I checked the iptables -L -n , and indeed when I insert an exception to the server list, it is NOT reflected to the iptables.

So I just manually added a few entries into /jfss/scripts/services-start like:

/usr/sbin/iptables -I INPUT -p tcp --destination-port 53 -j ACCEPT
/usr/sbin/iptables -I INPUT -p udp --destination-port 53 -j ACCEPT​

But this must be a bug since the GUI changes are not reflected here.
 
Turgut Kalfaoglu said:
Btw, I checked the iptables -L -n , and indeed when I insert an exception to the server list, it is NOT reflected to the iptables.
Click to expand...
It won't show up with that command because Virtual Server / Port Forwarding creates entries in the nat table not the filter table.

Where is the DNS server running, on the router or on a server on the LAN?
 
ColinTaylor said:
It won't show up with that command because Virtual Server / Port Forwarding creates entries in the nat table not the filter table.

Where is the DNS server running, on the router or on a server on the LAN?
Click to expand...

Many thanks for the feedback.. DNS bind is running on the router actually.
-t
 
You must log in or register to reply here.

Similar threads

D
[ASUS AX86U Merlin] Blink Sync Module does not connect (connects to iphone hotspot)
Replies
0
Views
277
dasusm
D
P
Skynet show inbound block on Digital TV Vlan300
Replies
4
Views
413
poudenes
P
E
Need help with system log interpretation
Replies
1
Views
942
Tech9
Tech9
J
AX86U constantly blocking repeated inbound connections
Replies
7
Views
1K
Tech9
Tech9
R
Skynet SkyNet, What's going on? should I be concerned?
Replies
18
Views
2K
Viktor Jaep
Viktor Jaep
Similar threads
Thread starter Title Forum Replies Date
S Cannot ping/skynet will not work while Firewall is Enabled. Asuswrt-Merlin 2
K Problem with firewall enabled Asuswrt-Merlin 17
A Enable Web Access from WAN can't stay enabled Asuswrt-Merlin 2
RMerlin CVE 2023-50868 and CVE 2023-50387 in dnsmasq when DNSSEC is enabled Asuswrt-Merlin 30
R DDNS unable to detect WANIP with Dual Wan Load Balancing enabled Asuswrt-Merlin 0
D Solved Can I reach my TOR enabled Asuswrt-merlin router from within TOR? Asuswrt-Merlin 4
A Asus FTP Server - Android are unable to connect when TLS support is enabled. Asuswrt-Merlin 2
L [Solved] Port Forwarding enabled? Asuswrt-Merlin 5
fffddd URL filtering in the firewall does not take effect Asuswrt-Merlin 7
G Feature request: firewall url filter log Asuswrt-Merlin 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 824 (members: 24, guests: 800)
Top