Yes.
The latest wireguard status you posted doesn't show any handshake.
Make sure the tunnel is up, install curl
and run these commands:
curl --interface 192.168.1.1 ifconfig.me
curl --interface 192.168.3.1 ifconfig.me
Yes.
The latest wireguard status you posted doesn't show any handshake.
Make sure the tunnel is up, install curl
and run these commands:
curl --interface 192.168.1.1 ifconfig.me
curl --interface 192.168.3.1 ifconfig.me
curl --interface 192.168.1.1 ifconfig.me
103.XXX.XXX.XX
curl --interface 192.168.3.1 ifconfig.me
138.XXX.XX.XXX
wg show
interface: WireGuard_JP
public key: +M1XU=
private key: (hidden)
listening port: 58008
peer: ZQ//=
endpoint: 138.199.21.193:51820
allowed ips: 0.0.0.0/0
latest handshake: 53 seconds ago
transfer: 13.51 MiB received, 624.41 KiB sent
As far i remember it was working before when i did first time, idk what happened now. But it was working weirdly tho, like i had to connect to WireGuard SSID wifi and had to wait a few sec to connect to the internet which worked but now it is not working.
i had to connect to WireGuard SSID wifi and had to wait a few sec to connect to the internet which worked but now it is not working.
You don't expect to get any useful advice based on that, do you?
Run some tests from a (wireguard) client host.
ping 8.8.8.8
ping openwrt.org
nslookup openwrt.org
nslookup openwrt.org 192.168.3.1
nslookup openwrt.org 8.8.8.8
You don't expect to get any useful advice based on that, do you?
It is not like that, i love to get advice.
wireguard
connected that WireGuard SSID wifi to my laptop, and i am getting internet connection somehow,
ping 8.8.8.8 ping openwrt.org
both of them have gave the result as it should.
nslookup openwrt.org
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: openwrt.org
Address: 64.226.122.113
Name: openwrt.org
Address: 2a03:b0c0:3:d0::1a51:c001
nslookup openwrt.org 192.168.3.1
;; communications error to 192.168.3.1#53: timed out
;; communications error to 192.168.3.1#53: timed out
;; communications error to 192.168.3.1#53: timed out
;; no servers could be reached
nslookup openwrt.org 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: openwrt.org
Address: 64.226.122.113
Name: openwrt.org
Address: 2a03:b0c0:3:d0::1a51:c001
Please define "somehow". Based on the test results, it should work with probably some delay in DNS resolution.
Server: 127.0.0.53 Address: 127.0.0.53#53
It appears that your laptop is running its own local DNS server and it (most likely) has some static upstream servers set.
If it only used the DNS server advertised by dhcp it wouldn't work at all because of this
;; communications error to 192.168.3.1#53: timed out
Check why the router is not responding to DNS queries on this interface.
nslookup openwrt.org 192.168.3.1
Now i am getting different error
;; connection timed out; no servers could be reached
Check why the router is not responding to DNS queries on this interface.
um, I am a newbie to openwrt, how do i check it?
which still not getting more than 20 dBm, i installed X-WRT just to check which gave me the 22 dBm
Just FYI:
20 dBm + 2 dB antenna gain = 22
I got 4 antinas. Ok. now how did i got 22 dBm before not now? and how is X-WRT giving me that now and before too.
Please post the result of
uci export dhcp; service log restart; service dnsmasq restart; \
sleep 3; logread -e dnsmasq; head -n -0 -v /etc/resolv* /tmp/resolv* /tmp/resolv*/*; \
cat /tmp/etc/dnsmasq*; netstat -nlp | grep dnsmasq; \
nft list chain inet fw4 input_WireGuard
now how did i got 22 dBm before not now?
I think you misunderstood me, or you're saying there's still an issue. Did OpenWrt ever allow you to configure 22 dBm?
and how is X-WRT giving me that now and before too.
22 dBm - 2 dBm antenna gain == 20
uci export dhcp; service log restart; service dnsmasq restart; \ sleep 3; logread -e dnsmasq; head -n -0 -v /etc/resolv* /tmp/resolv* /tmp/resolv*/*; \ cat /tmp/etc/dnsmasq*; netstat -nlp | grep dnsmasq; \ nft list chain inet fw4 input_WireGuard
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'WireGuard'
option interface 'WireGuard'
option start '100'
option limit '150'
option leasetime '12h'
udhcpc: started, v1.36.1
udhcpc: broadcasting discover
udhcpc: no lease, failing
udhcpc: started, v1.36.1
udhcpc: broadcasting discover
udhcpc: no lease, failing
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: started, version 2.90 cachesize 1000
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.3.100 -- 192.168.3.249, lease time 12h
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using nameserver 10.2.0.1#53
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using nameserver 192.168.0.1#53
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 6 names
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 4 names
Wed Sep 4 12:34:37 2024 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface WireGuard_JP
nameserver 10.2.0.1
# Interface wan
nameserver 192.168.0.1
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
enable-ubus=dnsmasq
expand-hosts
bind-dynamic
local-service
cache-size=1000
edns-packet-max=1232
domain=lan
local=/lan/
addn-hosts=/tmp/hosts
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.d/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq
dhcp-ignore-names=tag:dhcp_bogus_hostname
conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf
bogus-priv
conf-file=/usr/share/dnsmasq/rfc6761.conf
dhcp-range=set:lan,192.168.1.100,192.168.1.249,255.255.255.0,12h
no-dhcp-interface=eth0.1
dhcp-range=set:WireGuard,192.168.3.100,192.168.3.249,255.255.255.0,12h
tcp 0 0 10.2.0.2:53 0.0.0.0:* LISTEN 11893/dnsmasq
tcp 0 0 192.168.0.100:53 0.0.0.0:* LISTEN 11893/dnsmasq
tcp 0 0 192.168.3.1:53 0.0.0.0:* LISTEN 11893/dnsmasq
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 11893/dnsmasq
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 11893/dnsmasq
tcp 0 0 fd44:a49a:16f6::1:53 :::* LISTEN 11893/dnsmasq
tcp 0 0 fe80::4031:3cff:fee6:3cc4:53 :::* LISTEN 11893/dnsmasq
tcp 0 0 ::1:53 :::* LISTEN 11893/dnsmasq
tcp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* LISTEN 11893/dnsmasq
tcp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* LISTEN 11893/dnsmasq
tcp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* LISTEN 11893/dnsmasq
tcp 0 0 fe80::4231:3cff:fee6:3cc4:53 :::* LISTEN 11893/dnsmasq
udp 0 0 127.0.0.1:53 0.0.0.0:* 11893/dnsmasq
udp 0 0 192.168.1.1:53 0.0.0.0:* 11893/dnsmasq
udp 0 0 192.168.0.100:53 0.0.0.0:* 11893/dnsmasq
udp 0 0 192.168.3.1:53 0.0.0.0:* 11893/dnsmasq
udp 0 0 10.2.0.2:53 0.0.0.0:* 11893/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 11893/dnsmasq
udp 0 0 ::1:53 :::* 11893/dnsmasq
udp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* 11893/dnsmasq
udp 0 0 fd44:a49a:16f6::1:53 :::* 11893/dnsmasq
udp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* 11893/dnsmasq
udp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* 11893/dnsmasq
udp 0 0 fe80::4231:3cff:fee6:3cc4:53 :::* 11893/dnsmasq
udp 0 0 fe80::4031:3cff:fee6:3cc4:53 :::* 11893/dnsmasq
table inet fw4 {
chain input_WireGuard {
tcp dport 53 counter packets 0 bytes 0 accept comment "!fw4: WireGuard DNS"
udp dport 53 counter packets 0 bytes 0 accept comment "!fw4: WireGuard DNS"
udp dport 67 counter packets 0 bytes 0 accept comment "!fw4: WireGuard DHCP"
jump reject_from_WireGuard
}
}
Okay, now i have two dual boot OS, NixOS and Windows 11. So when i booted to the windows then connected to the WireGuard SSID wifi which didn't even let me to browse anything, Same as when i tried on my phone. but i think my NixOS is pulling other dns or whatever to connect to the internet which is other devices unable to do.
you're saying there's still an issue. Did OpenWrt ever allow you to configure 22 dBm?
Yes, As i far remembered i used 22 dBm before with openwrt official firmware. First i got that from X-WRT later on i saw changing the country code provides the dBm which i changed on my openwrt firmware, but now it is not showing, is there a way to set that manually or fix the issue?
As i far remembered i used 22 dBm before with openwrt official firmware.
I think you misunderstood me, or you're saying there's still an issue.
Are you experiencing actual lower signal strength?
If you mentioned that already, my apologies.
Are you experiencing actual lower signal strength?
My router is in my room, And it is good to have 22 dBm if i have right?
If you mentioned that already, my apologies.
It's okay, now just i want to fix the issue which is 22 dBm unavailable.
I guess you dont understand the question. I hope you get 22 dBm as well. Hopefully someone else can better explain.
My router is in my room, And it is good to have 22 dBm if i have right?
Yes/no?
I didn't inquire about its location. I'm merely asking if it's the same strength (regardless if it reads 20 or 22). Perhaps my inquiry was unclear. I believe the 20 accounts for +2 or and your orginal firmware didn't. OpenWrt changed in versions past to recalculate that.
The DNS part looks good, but better remove 10.2.0.1 from the wireguard interface and only use the ISP router (192.168.0.1) as the upstream DNS server.
tcp dport 53 counter packets 0 bytes 0 accept comment "!fw4: WireGuard DNS" udp dport 53 counter packets 0 bytes 0 accept comment "!fw4: WireGuard DNS" udp dport 67 counter packets 0 bytes 0 accept comment "!fw4: WireGuard DHCP"
The question is why the firewall does not detect any DNS or DHCP activity originating from the wireguard SSID.
Verify that the IP address obtained by the client is in the 192.168.3.0/24 range.
Temporarily change the zone default input policy to ACCEPT
and try pinging 192.168.3.1 or accessing the router via that address.
Yes/no?
I don't think i had any issues with the Antina signal or whatever for now. but it was good to had 22 dBm if openwrt really changed that then i can't say much. Anyway thank you.
The DNS part looks good, but better remove 10.2.0.1 from the wireguard interface and only use the ISP router (192.168.0.1) as the upstream DNS server.
I did.
The question is why the firewall does not detect any DNS or DHCP activity originating from the wireguard SSID.
Verify that the IP address obtained by the client is in the 192.168.3.0/24 range.
Temporarily change the zone default input policy to
ACCEPT
and try pinging 192.168.3.1 or accessing the router via that address.
About this i will sent some pictures and the results.
now the cli results.
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'WireGuard'
option interface 'WireGuard'
option start '100'
option limit '150'
option leasetime '12h'
udhcpc: started, v1.36.1
udhcpc: broadcasting discover
udhcpc: no lease, failing
udhcpc: started, v1.36.1
udhcpc: broadcasting discover
udhcpc: no lease, failing
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: started, version 2.90 cachesize 1000
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.3.100 -- 192.168.3.249, lease time 12h
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using nameserver 192.168.0.1#53
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using nameserver 192.168.0.1#53
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 6 names
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 4 names
Wed Sep 4 22:32:37 2024 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface WireGuard_JP
nameserver 192.168.0.1
# Interface wan
nameserver 192.168.0.1
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
enable-ubus=dnsmasq
expand-hosts
bind-dynamic
local-service
cache-size=1000
edns-packet-max=1232
domain=lan
local=/lan/
addn-hosts=/tmp/hosts
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.d/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq
dhcp-ignore-names=tag:dhcp_bogus_hostname
conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf
bogus-priv
conf-file=/usr/share/dnsmasq/rfc6761.conf
dhcp-range=set:lan,192.168.1.100,192.168.1.249,255.255.255.0,12h
no-dhcp-interface=eth0.1
dhcp-range=set:WireGuard,192.168.3.100,192.168.3.249,255.255.255.0,12h
tcp 0 0 10.2.0.2:53 0.0.0.0:* LISTEN 26663/dnsmasq
tcp 0 0 192.168.0.100:53 0.0.0.0:* LISTEN 26663/dnsmasq
tcp 0 0 192.168.3.1:53 0.0.0.0:* LISTEN 26663/dnsmasq
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 26663/dnsmasq
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 26663/dnsmasq
tcp 0 0 fd44:a49a:16f6::1:53 :::* LISTEN 26663/dnsmasq
tcp 0 0 fe80::4031:3cff:fee6:3cc4:53 :::* LISTEN 26663/dnsmasq
tcp 0 0 ::1:53 :::* LISTEN 26663/dnsmasq
tcp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* LISTEN 26663/dnsmasq
tcp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* LISTEN 26663/dnsmasq
tcp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* LISTEN 26663/dnsmasq
tcp 0 0 fe80::4231:3cff:fee6:3cc4:53 :::* LISTEN 26663/dnsmasq
udp 0 0 127.0.0.1:53 0.0.0.0:* 26663/dnsmasq
udp 0 0 192.168.0.100:53 0.0.0.0:* 26663/dnsmasq
udp 0 0 192.168.3.1:53 0.0.0.0:* 26663/dnsmasq
udp 0 0 192.168.1.1:53 0.0.0.0:* 26663/dnsmasq
udp 0 0 10.2.0.2:53 0.0.0.0:* 26663/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 26663/dnsmasq
udp 0 0 ::1:53 :::* 26663/dnsmasq
udp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* 26663/dnsmasq
udp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* 26663/dnsmasq
udp 0 0 fe80::4231:3cff:fee6:3cc4:53 :::* 26663/dnsmasq
udp 0 0 fe80::4031:3cff:fee6:3cc4:53 :::* 26663/dnsmasq
udp 0 0 fd44:a49a:16f6::1:53 :::* 26663/dnsmasq
udp 0 0 fe80::4231:3cff:fee6:3cc3:53 :::* 26663/dnsmasq
table inet fw4 {
chain input_WireGuard {
tcp dport 53 counter packets 0 bytes 0 accept comment "!fw4: WireGuard DNS"
udp dport 53 counter packets 128 bytes 8722 accept comment "!fw4: WireGuard DNS"
udp dport 67 counter packets 0 bytes 0 accept comment "!fw4: WireGuard DHCP"
jump accept_from_WireGuard
}
}
@pavelgl I think something worked here.
udp dport 53 counter packets 128 bytes 8722 accept comment "!fw4: WireGuard DNS"
The old results showed 0 and 0.