Hi~ I'm just a beginner with openwrt.
My network structure is Internet Service Provider Router - My Router - openwrt(ADguardHome) on RP3.
I was surprised to open the AD Guard Home dashboard today.
A strange IP address is appearing in the internal client list.
Like the picture below.
The list of IPs displayed as clients is as follows.
89.248.167.139
106.75.169.79
103.203.59.3
167.248.133.135
167.248.133.60
64.62.197.216
45.79.184.52
After looking at a few, I can see that they are network scanning companies. But I don't understand how they can be my internal clients.
Can someone explain this case?
I am very perplexed.
Taking in consideration that RPi3 has one LAN port only, are you using that to connect to the lan network of your router?
Are you allowing any traffic from the ISP router/ your router inbound?
RP3 is OpenWrt connected to my main router (192.168.1.1) by wire and is used only as ADGUARDHOME.
The ISP router provided by the Internet company is a device I cannot access.
My main router (192.168.1.1) is in the default state without any inbound settings.
A quick way to verify is to connect from the internet on your public IP and try to query something. At the same time monitor on RPi what you can see coming. opkg update; opkg install tcpdump; tcpdump -i eth0 -n port 53
The port forward of port 53 means that you are allowing hosts on the internet to use dns on your network. Seems logical that you would see external hosts show up in your client list.
Is there a reason you have opened this port? Normally you do not want to run any port forwards for services that don’t need inbound connectivity from the internet.
When internal clients connect to the main router (192.168.1.1) and request DNS, port forwarding is done so that the main router leads to OpenWrt (192.168.1.2). Is this a risk factor?
If port forwarding is to forward ports only for external access, I guess I was wrong.
I found that forwarding was also needed for access from internal clients.
If so, can I just delete the forwarding and set the DNS server setting to "192.168.1.2"?
Since the port forwarding screenshot is not in English, I can't read the headings (I wish I could... language was never my strength)... but it does look like that is a standard port forwarding screen for many routers.
What that is doing is explicitly allowing inbound access on port 53 (i.e. from the internet) to 192.168.1.2:5353. This does not affect the way that LAN clients get their DNS. I would recommend disabling these rules.
You probably want to set the DNS on your router's DHCP server to point to 192.168.1.2, but if it is running over port 5353 (and not port 53), it might not work as expected.
The only thing connected to the ISP router must be the WAN port of your main router. If the ISP router has WiFi access points, turn them off or if they can't be turned off, don't connect anything to them. Treat the ISP router as an untrusted part of the Internet and keep it entirely on the WAN side of your OpenWrt firewall.
This necessarily means the IP range use by the ISP router (often 192.168.1.0/24) must not overlap the LAN range used by your main router. If the ISP router is 192.168.1.1 (using IPs in the range 192.168.1.X) and you cannot change it, you need to set the OpenWrt LAN to something different, such as 192.168.10.1.
One memory came to mind because of your kind explanation.
I have operated a real DNS server inside in the past.
At this time, the exposed IP is the public IP of the current main router.
So, a large network scan company tried to scan with the cached IP, and it is guessed that it was redirected to 5353 of 192.168.1.2 by the port forwarding of my main router.
I will delete port forwarding according to your kind guide.
And to use ADGUARDHOME service, I need to set the DNS server of the main router to 192.168.1.2.
Then, even if an external network scan comes in, it doesn't seem to be redirected to 192.168.1.2.
Thanks for the friendly guide.
Your advice makes sense to protect the firewall settings (here 192.168.1.2) by changing the IP band.
Let's try that too.
