Can I check if WAN is leaking/bypassing the firewall?

Because an other issue discussed on the great forum :wink: having cheap ass manageable switches and having vlans on them for WAN and LAN, I was wondering if there is a way / command to check if my WAN is or can bypass my OpenWRT firewall.

There is nothing wrong or not working (at the moment) but just curious.

enter "test my firewall" in search engine of your choice and pick a site which will try to connect to your public ip over known ports (usually this is simple test), or doing full port scan (advanced probe).

Even if some malicious actor tried and succeed to do vlan hopping and somehow sent a packet in your lan, the lan host would use OpenWrt as next hop to send the reply and it would be blocked as invalid.

1 Like

I think a port scan test is not really usefull, because I have several ports open for mailserver / website etc. And not what I mean.

port scan is useful: you can check if other than the ports you deliberately opened are opened.


VLANs are layer youre simply referring to normal port testers as noted.

A malicious actor would also have to be physically connected to perform such VLAN things (or control a local machine that obviously is).

So it's unclear what vulnerability you're attempting to test in a real live sernario. :man_shrugging:

Well...what do you mean? :thinking:

I am aware some switches "leak" (i.e. briefly act as an unmanaged switch) when the device reboots or the network config is reset...but not sure what you're refrencing. In some cases that's a software problem.

BTW, expensive devices sometimes use the same switches manage mutiple WANs and LANs.

1 Like