Hello,
I have a problem with port forwarding on an ASUS RT-AC66U. I'm trying to run a DNS server on the LAN behind the router. I've set the port-forwarding on the router to send UDP/TCP port 53 to the IP address of the server. The TCP packets go through fine, but the UDP packets get dropped. So far I've tried:
* Combinations of only UDP / TCP / both through the web-interface.
* Telneting into the router and checking the iptables setup.
The interface is setting up the rules correctly - the nat table is sending everything to a VSERVER chain and inside that chain both udp and tcp port 53 are forwarded to the server.
I'm testing it on the outside with:
$ dig @wan-ip url.in.domain
and
$ dif @wan-ip +tcp url.in.domain
The TCP Query works fine and the UDP gets dropped at the route. I'm running tcpdump on a promiscuous port on the LAN to verify (I can't put a monitor on the WAN easily).
Does anybody know why the router would eat UDP packets on port 53 and how I can disable it? Is there anything else I can do to diagnose it other than switch from standard firmware (3.0.0.4.382_50470) to another distribution and run tcpdump on the router before it hits iptables? Does anybody have ideas of where I could look next?
Thanks,
Andrew
I have a problem with port forwarding on an ASUS RT-AC66U. I'm trying to run a DNS server on the LAN behind the router. I've set the port-forwarding on the router to send UDP/TCP port 53 to the IP address of the server. The TCP packets go through fine, but the UDP packets get dropped. So far I've tried:
* Combinations of only UDP / TCP / both through the web-interface.
* Telneting into the router and checking the iptables setup.
The interface is setting up the rules correctly - the nat table is sending everything to a VSERVER chain and inside that chain both udp and tcp port 53 are forwarded to the server.
I'm testing it on the outside with:
$ dig @wan-ip url.in.domain
and
$ dif @wan-ip +tcp url.in.domain
The TCP Query works fine and the UDP gets dropped at the route. I'm running tcpdump on a promiscuous port on the LAN to verify (I can't put a monitor on the WAN easily).
Does anybody know why the router would eat UDP packets on port 53 and how I can disable it? Is there anything else I can do to diagnose it other than switch from standard firmware (3.0.0.4.382_50470) to another distribution and run tcpdump on the router before it hits iptables? Does anybody have ideas of where I could look next?
Thanks,
Andrew