Hello all, i am a LEDE user, started with openwrt BB on my tp-link 740n. Now i own WNDR3700v4. I have read many tutorials and made some configurations. Disabled services which were listening from wan.
I have configured dnscrypt-proxy i force all devices on my network to use this way to resolve domains even if they have hardcoded dns like android has, openvpn (i use protonvpn), hosts file from here to block "Unified hosts + fakenews + gambling + porn" (https://github.com/StevenBlack/hosts), Plus i use adblock with 10015 blocking sites. I chose most necessary of them from the lists.
tcp 0 0 127.0.0.1:5353 0.0.0.0:* LISTEN 1729/dnscrypt-proxy
tcp 0 0 10.0.0.1:80 0.0.0.0:* LISTEN 11713/uhttpd
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3737/dnsmasq
tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 3737/dnsmasq
tcp 0 0 my_global_ip:53 0.0.0.0:* LISTEN 3737/dnsmasq
tcp 0 0 10.0.0.1:443 0.0.0.0:* LISTEN 11713/uhttpd
tcp 0 0 0.0.0.0:dropbear_port 0.0.0.0:* LISTEN 1174/dropbear
tcp 0 0 :::dropbear_port :::* LISTEN 1174/dropbear
udp 0 0 0.0.0.0:34354 0.0.0.0:* 1729/dnscrypt-proxy
udp 0 0 127.0.0.1:53 0.0.0.0:* 3737/dnsmasq
udp 0 0 10.0.0.1:53 0.0.0.0:* 3737/dnsmasq
udp 0 0 my_global_ip:53 0.0.0.0:* 3737/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 3737/dnsmasq
udp 0 0 127.0.0.1:5353 0.0.0.0:* 1729/dnscrypt-proxy
udp 0 0 :::547 :::* 1127/odhcpd
I want to disable that my_global_ip:53 why even does dnsmasq listen from wan? Does this mean that someone can use my router as DNS server?
How do YOU make your LEDE safer, what are your settings/programs to make it safer?