Blocked a DNS, still my settopbox (tv) makes a connection

Hi tHere,
my first post after a lot of reading on this forum to config my router (coming from dd-wrt), so please bear with me..

I'm using OpenWrt (latest) on my Lynksys WRT3200ACM, and this is working perfectly. (using OpenVPN and VPN policy routing.

For different reasons I blocked dns from Google (8.8.8.8 and 8.8.4.4) in Network->Firewall->Traffic Rules.

SharedScreenshot1080×932 140 KB

(I have a screenshot, but can only upload one picture, because I'm a new user )

What am I doing wrong in the firewall setup?
Changing Destination address in WAN ore VPN instead of Any Zone is giving the same result.

Hi @vgaetera
I followed your link, It did jam my firewall completely I had to restore a backup (I made before the change offcoure) So my firewall is not ok in the first place, or I'm doing someting wrong. Andy idea's?

Wireshark screenshot to make it complete.

SharedScreenshot11730×456 211 KB

Let's check your configuration:

uci show network; uci show firewall; grep -v -e ^# -e ^$ /etc/firewall.*; \
ip address show; ip route show; ip rule show; iptables-save

Can I just put the results here?

Yep, pastebin.com is also fine.

There are no replies from 8.8.8.8 are there?

In other words if you monitor on the LAN side of the router, the box may still make requests to 8.8.8.8, but the router blocked them. The box also tried 84.200.69.80 and received a reply from there.

So, it appears te be working as expected, only I'm not reading the Wireshark data very well?
(this good be very trough, I'm absolutely no expert )

I'll check if there no replies in the data... If that's the case, everyting is working fine.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.