Hi,
I use a small dedicated OpenWrt machine as a Security Gateway. It is a FQDN public static IP on the WAN and local IP's on the LAN.
I have an Ubuntu server running a DNS server behind the OpenWrt device. I have forwarded port 53 to the server, but when I check externally, port 53 is reported as closed. My ISP claims that the fiber modem does not filter any ports.
Why is my OpenWrt device not forwarding (bidirectional) port 53?
Any suggestions on how to trouble shoot this?
Thanks!
Because firewalls work by only allowing traffic the lan solicited or forwarded to and port 53 is set to reject unsolicited traffic.
But windows firewall does.
How have you confirmed your server is not getting inbound traffic on port 53?
Use "tcpdump" on the router, to see the packets arriving and leaving.
The firewalls I have worked with (mostly ufw and IP tables) let you set rules for both incoming and outgoing traffic.
WIndows? Windows is not being used.
Using multiple online port scanners. Google "port scannner"
Thanks.
I will try that.
UPDATE.
So my Ubuntu DNS/bind9 server worked just fine when on another public, static IOP address. I have moved and now that server is behind the OpenWrt gateway. Multiple peple have said that all I should need to do is forward port 53 TCP and UDP to the server, but that is not working. So I connected my server directly to the fiber modem and it still did not work (no open port 53). This suggested that it is not the OpenWrt gateway, so I apologize since this may be off topic.
If anyone is still willing to suggest some troubleshooting actions, below is the system information and a diagram on the network
OpenWrt
Linux xxxxgate 5.10.110 #1 SMP Fri Jan 13 20:22:20 CST 2023 aarch64 GNU/Linux
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='22.03.3'
DISTRIB_REVISION='r20028-43d71ad93e'
DISTRIB_TARGET='rockchip/armv8'
DISTRIB_ARCH='aarch64_generic'
DISTRIB_DESCRIPTION='OpenWrt 22.03.3 r20028-43d71ad93e'
DISTRIB_TAINTS='busybox'
Ubuntu
Linux xxxxxxx.org 6.5.0-14-generic #14-Ubuntu SMP PREEMPT_DYNAMIC Tue Nov 14 14:59:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 23.10
Release: 23.10
Codename: mantic
Static hostname: xxxxxxx.org
Icon name: computer-desktop
Chassis: desktop 
Machine ID: x
Boot ID: x
Operating System: Ubuntu 23.10
Kernel: Linux 6.5.0-14-generic
Architecture: x86-64
Hardware Vendor: Intel_R_ Client Systems
Fiber Modem
Calix Gigaspire u6x
Use "tcpdump" to detect wether packets arrive, on UDP and TCP, on port 53 and others.
[Solved]
So. Indeed packets were not getting in from the ISP, even though they claimed no packets were being blocked. Another call and I discovered they had blocked incomimg on port 53.
They unblocked it for me.
For those that want to do the same:
I have OpenWrt running as a gateway from a public static FQDN running dnsmasq. I then forward port 53 to a local LAN machine running bind9 under Ubuntu. Works fine.
