I have a firewall zone 'cams' for iot devices like camera's
I have neutered the permissions that zone but still dnsmasq is answering them it seems.
Thu Mar 3 16:46:27 2022 daemon.info dnsmasq[20131]: 7274 192.168.1.210/50946 query[A] pub-cfg.secu100.net from 192.168.1.210
I see many such syslog entries.
For the cams zone I have
And for firewall rules I have
What should I add to make dnsmasq stop responding to devices in the cams zone?
changing the dest in the firewall rule from any zone to this device also did not do the trick.
Thu Mar 3 17:05:08 2022 daemon.info dnsmasq[20131]: 8199 192.168.1.210/45474 cached secu100.net is 52.28.165.62
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; \
netstat -lnp
wow trendy, do you remember how many times I ran into mysterious issues before?
I think I finally have found the source of all the issues.
It's because I used a single NIC for all things LAN and also used that same NIC for all the VLANS.
I just added a 3rd NIC (I did not even have to restart OpenWrt, the NIC was hot added) and changed the cams interface to use that NIC.
and guess what I found in the logs
Thu Mar 3 23:07:12 2022 kern.warn kernel: [21393.895583] REJECT cams in: IN=eth2 OUT= MAC=4a:f6:6b:f5:54:09:00:12:41:5e:b9:c9:08:00 SRC=192.168.1.210 DST=192.168.1.1 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=7414 DF PROTO=UDP SPT=42861 DPT=53 LEN=45
SWEEEEEEEEET!!! Better late then never but finally there is progress YESSSS
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.