Hi everyone,
Once again, I struggle to understand how OpenWRT 20.03's firewall works.
I have a synology NAS whith Plex on it.
It is "flooding" the network with UDP packets on UDP ports 32410, 32412, 32413 and 32414.
Whether or not it is legitimate, I do not care for now.
What bothers me is that it seems like OpenWRT is blocking this traffic as my logs are filled with these :
reject lan in: IN=br-lan OUT= MAC=ff:ff:ff:ff:ff:ff:00:xx:xx:xx:xx:xx:xx:00 SRC=10.22.22.192 DST=10.22.22.255 LEN=49 TOS=0x00 PREC=0x00 TTL=64 ID=36463 DF PROTO=UDP SPT=51347 DPT=32412 LEN=29
reject lan in: IN=br-lan OUT= MAC=ff:ff:ff:ff:ff:ff:00:xx:xx:xx:xx:xx:xx:00 SRC=10.22.22.192 DST=10.22.22.255 LEN=49 TOS=0x00 PREC=0x00 TTL=64 ID=38848 DF PROTO=UDP SPT=42063 DPT=32414 LEN=29
reject lan in: IN=br-lan OUT= MAC=ff:ff:ff:ff:ff:ff:00:xx:xx:xx:xx:xx:xx:00 SRC=10.22.22.192 DST=10.22.22.255 LEN=49 TOS=0x00 PREC=0x00 TTL=64 ID=41083 DF PROTO=UDP SPT=51347 DPT=32412 LEN=29
First, I do not understand why the firewall is blocking traffic inside a single zone.
Just to be sure, I set up rules to specifically allow this traffic.... And it does nothing.
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option output 'ACCEPT'
option forward 'REJECT'
option log '1'
option log_limit '5/second'
option input 'REJECT'
config rule
option name 'Allow Plex GDM network discovery 0'
list src_ip '10.22.22.192'
option target 'ACCEPT'
option dest_port '32410'
list proto 'udp'
option src 'lan'
option dest 'lan'
list dest_ip '10.22.22.0/24'
...
config rule
option name 'Allow Plex GDM network discovery 4'
list src_ip '10.22.22.192'
option target 'ACCEPT'
option dest_port '32414'
list proto 'udp'
option src 'lan'
option dest 'lan'
list dest_ip '10.22.22.0/24'
I tried to disable SYN-flood protection but it did nothing either...