Wifi : Connection refused due to timeout

Installing and Using OpenWrt Network and Wireless Configuration
1

Helloo, suddenly I'm not able to connect to the 2,5 GHz wifi anymore. I didnt change anything.

And the log is at least not really helping, I think. I would like to know what causes this problem!

[18.05.2026, 21:08:02 MESZ] daemon.info: hostapd: phy0-ap0: STA XX:e6:XX:da:XX:08 IEEE 802.11: authenticated
[18.05.2026, 21:08:02 MESZ] daemon.info: hostapd: phy0-ap0: STA XX:e6:XX:da:XX:08 IEEE 802.11: associated (aid 1)
[18.05.2026, 21:08:02 MESZ] daemon.notice: hostapd: phy0-ap0: AP-STA-CONNECTED XX:e6:XX:da:XX:08 auth_alg=open
[18.05.2026, 21:08:02 MESZ] daemon.info: hostapd: phy0-ap0: STA XX:e6:XX:da:XX:08 WPA: pairwise key handshake completed (RSN)
[18.05.2026, 21:08:02 MESZ] daemon.notice: hostapd: phy0-ap0: EAPOL-4WAY-HS-COMPLETED XX:e6:XX:da:XX:08
[18.05.2026, 21:08:20 MESZ] daemon.notice: hostapd: phy0-ap0: AP-STA-DISCONNECTED XX:e6:XX:da:XX:08
[18.05.2026, 21:08:20 MESZ] daemon.info: hostapd: phy0-ap0: STA XX:e6:XX:da:XX:08 IEEE 802.11: disassociated
[18.05.2026, 21:08:21 MESZ] daemon.info: hostapd: phy0-ap0: STA XX:e6:XX:da:XX:08 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

Here is my scheme:

Schema V02.2
Schema V02.21123×794 73 KB

  1. IPv6 Prefix delegate is off. There is no default route anymore. Everything behind the ISP is communicating via IPv4.

  2. wifiintern port is functioning.

  3. DNS over TLS is working on wifiintern (the one that goes through lan)

  4. No other device is able to connect to the wifiextern port.

When trying to connect, it nearly immediately refuses connection again. :frowning:

Here are my logs:

/ # nft list chain inet fw4 forward_lan
table inet fw4 {
        chain forward_lan {
                ip daddr @Facebook-IPv4Set counter packets 0 bytes 0 jump reject_to_wan comment "!fw4: Facebook-BlockIPv4Set"
                ip6 daddr @Facebook-IPv6Set counter packets 0 bytes 0 jump reject_to_wan comment "!fw4: Facebook-BlockIPv6Set"
                ip daddr @Google-IPv4Set counter packets 8 bytes 480 jump reject_to_wan comment "!fw4: Google-BlockIPv4Set"
                tcp dport 80 counter packets 0 bytes 0 jump accept_to_wan comment "!fw4: http"
                tcp dport 443 counter packets 54 bytes 3280 jump accept_to_wan comment "!fw4: https"
                tcp dport 115 counter packets 0 bytes 0 jump accept_to_wan comment "!fw4: sftp (VSC)"
                tcp dport { 25, 465, 993, 4190 } counter packets 0 bytes 0 jump accept_to_wan comment "!fw4: smtps, imap"
                tcp sport 631 tcp dport 631 ct helper "sane" counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: allow-IPP-cups"
                tcp dport { 22, 7777 } counter packets 0 bytes 0 jump accept_to_wan comment "!fw4: ssh"
                udp dport 123 counter packets 0 bytes 0 jump accept_to_wan comment "!fw4: ntp"
                tcp dport 5222 counter packets 0 bytes 0 jump accept_to_wan comment "!fw4: xmpp"
                tcp dport 11371 counter packets 0 bytes 0 jump accept_to_wan comment "!fw4: openPGP Schlüsselserver"
                counter packets 16 bytes 20480 jump drop_to_wan comment "!fw4: Blocke alles"
                jump accept_to_wan comment "!fw4: Accept lan to wan forwarding"
                ct status dnat accept comment "!fw4: Accept port forwards"
                jump accept_to_lan


/ # cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        list ipaddr '127.0.0.1/8'

config globals 'globals'
        option dhcp_default_duid '000405a025a0d8cc49b1ba509b4d81c524c0'
        option ula_prefix 'fdff:1e9:7b12::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'
        option ipv6 '1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option multipath 'off'
        list ipaddr '192.168.100.1/24'
        option delegate '0'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option peerdns '0'
        option multipath 'off'
        option broadcast '1'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option norelease '1'
        option peerdns '0'
        option multipath 'off'
        option reqprefix 'no'
        option force_link '1'
        option sourcefilter '0'

config interface 'wifiintern'
        option proto 'static'
        option multipath 'off'
        list ipaddr '192.168.200.1/24'
        option delegate '0'

config interface 'wifiextern'
        option proto 'static'
        option multipath 'off'
        list ipaddr '192.168.225.1/24'
        option delegate '0'

/ # cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option band '2g'
        option channel '6'
        option htmode 'HE40'
        option txpower '5'
        option country 'DE'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'SSIDfromBERND'
        option encryption 'psk2'
        option key 'HHHHKEY'
        option network 'wifiextern'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option band '5g'
        option channel '136'
        option htmode 'HE40'
        option txpower '2'
        option country 'DE'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'SSIDfromSID'
        option encryption 'sae'
        option key 'KEY'
        option network 'wifiintern lan'
        option ocv '0'
``





/ # cat /etc/config/dhcp

config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '10000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option noresolv '1'
option min_cache_ttl '3600'
option max_cache_ttl '86400'
list server '127.0.0.1#5354'
list server '::1#5354'
option stripmac '1'
option stripsubnet '1'
option nonegcache '1'
list address '/ams1.dns4all.eu/'
list interface 'lan'
list listen_address '192.168.100.1'
option logdhcp '1'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra 'server'
option dhcpv6 'server'
option dhcpv6_pd_preferred '1'
option ra_preference 'medium'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option dns_service '0'

config dhcp 'wan'
option interface 'wan'
option ignore '1'
option ra 'relay'

config odhcpd 'odhcpd'
option leasefile '/tmp/odhcpd.leases'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '5'
option piodir '/tmp/odhcpd-piodir'
option hostsdir '/tmp/hosts'

config dhcp 'wifiextern'
option interface 'wifiextern'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'

Naja, very long firewall rules.

Summary 
/ # cat /etc/config/firewall

config defaults
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option synflood_protect '1'
option drop_invalid '1'
option flow_offloading '1'
option flow_offloading_hw '1'

config zone
option name 'wifiextern'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'wifiextern'

config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wifiintern'

config zone
option name 'wan'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
list icmp_type 'echo-request'
option dest '*'
option src 'wan'

config rule
option name 'Allow-Ping'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
list icmp_type 'echo-request'
option dest 'wan'
option src '*'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'

config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'

config rule
option src 'lan'
option name 'Facebook-BlockIPv4Set'
option family 'ipv4'
option ipset 'Facebook-IPv4Set'
option target 'REJECT'
option dest 'wan'
list proto 'all'

config rule
option src 'lan'
option name 'Facebook-BlockIPv6Set'
option family 'ipv6'
option ipset 'Facebook-IPv6Set'
option target 'REJECT'
option dest 'wan'
list proto 'all'

config rule
option src 'lan'
option name 'Google-BlockIPv4Set'
option family 'ipv4'
option ipset 'Google-IPv4Set'
option target 'REJECT'
option dest 'wan'
list proto 'all'

config rule
option src 'lan'
option name 'Github-BlockIPv4Set'
option family 'ipv4'
option ipset 'Github-IPv4Set'
option target 'REJECT'
option dest 'wan'
list proto 'all'
option enabled '0'

config rule
option dest 'wan'
option name 'DebugIPSets'
option family 'ipv4'
option ipset 'Debug'
option target 'REJECT'
option src 'lan'
option enabled '0'

config rule
option src 'lan'
option dest 'wan'
option name 'http'
list proto 'tcp'
option dest_port '80'
option target 'ACCEPT'

config rule
option src 'lan'
option dest 'wan'
option name 'https'
list proto 'tcp'
option dest_port '443'
option target 'ACCEPT'

config rule
option src 'lan'
option dest 'wan'
option name 'sftp (VSC)'
list proto 'tcp'
option dest_port '115'
option target 'ACCEPT'

config rule
option src 'lan'
option dest 'wan'
option name 'smtps, imap'
list proto 'tcp'
option dest_port '25 465 993 4190'
option target 'ACCEPT'

config rule
option src 'lan'
option dest 'lan'
option name 'allow-IPP-cups'
option dest_port '631'
option target 'ACCEPT'
option src_port '631'
option helper 'sane'
list proto 'tcp'

config rule
option src 'lan'
option dest 'wan'
option name 'ssh'
list proto 'tcp'
option dest_port '22 7777'
option target 'ACCEPT'

config rule
option src 'lan'
option dest 'wan'
option name 'ntp'
option dest_port '123'
option target 'ACCEPT'
list proto 'udp'

config rule
option src 'lan'
option dest 'wan'
option name 'xmpp'
list proto 'tcp'
option dest_port '5222'
option target 'ACCEPT'

config rule
option src 'lan'
option dest 'wan'
option name 'openPGP Schlüsselserver'
list proto 'tcp'
option dest_port '11371'
option target 'ACCEPT'

config rule
option src 'lan'
option dest 'wan'
option name 'Blocke alles'
option target 'DROP'
list proto 'all'

config ipset
option name 'Facebook-IPv4Set'
option comment 'Derivate from ASN April 2026'
option family 'ipv4'
option loadfile '/etc/luci-uploads/fbipv4.txt'
option counters '1'
list match 'dest_net'

config ipset
option name 'Google-IPv4Set'
option comment 'Derivate from ASN April 2026'
option family 'ipv4'
option loadfile '/etc/luci-uploads/googleipv4-kuk.txt'
option counters '1'
list match 'dest_net'

config ipset
option name 'Github-IPv4Set'
option comment 'Derivate from ASN April 2026'
option family 'ipv4'
option loadfile '/etc/luci-uploads/githubipv4.txt'
option counters '1'
list match 'dest_net'

config ipset
option name 'Facebook-IPv6Set'
option comment 'Derivate from ASN in April 2026'
option family 'ipv6'
option loadfile '/etc/luci-uploads/fbipv6.txt'
option counters '1'
list match 'dest_net'

config ipset
option name 'Steam-IPv4Set'
option family 'ipv4'
option loadfile '/etc/luci-uploads/steamipv4.txt'
option comment 'Steamsupport'
list match 'dest_net'

config ipset
option name 'Steam-IPv6Set'
option family 'ipv6'
option loadfile '/etc/luci-uploads/steamipv6.txt'
option comment 'Steamsupport'
list match 'dest_net'

config ipset
option name 'Debug'
option comment 'Zum testen'
option family 'ipv4'
option loadfile '/etc/luci-uploads/test.txt'
option timeout '0'
list match 'dest_ip'

config forwarding
option src 'wifiextern'
option dest 'wan'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Allow-DNS-wifiextern'
option dest_port '53'
option target 'ACCEPT'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Allow-DHCP-wifiextern'
option dest_port '67'
option target 'ACCEPT'
list proto 'udp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Allow-Steam-IPv4Set'
option target 'ACCEPT'
option family 'ipv4'
list proto 'all'
option ipset 'Steam-IPv4Set'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Allow-Steam-IPv6Set'
option target 'ACCEPT'
option family 'ipv6'
list proto 'all'
option ipset 'Steam-IPv6Set'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Allow-http-wifiextern'
list proto 'tcp'
option dest_port '80'
option target 'ACCEPT'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Allow-https-wifiextern'
list proto 'tcp'
option dest_port '443'
option target 'ACCEPT'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-Remote'
option dest_port '27015-27050'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-Client-GameTraffic'
list proto 'udp'
option dest_port '27000-27250'
option target 'ACCEPT'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-Client-RemotePlay'
list proto 'udp'
option dest_port '27031-27036'
option target 'ACCEPT'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-Client-RemotePlay'
option dest_port '27036'
option target 'ACCEPT'
list proto 'tcp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-Client-RemotePort'
option dest_port '4380'
option target 'ACCEPT'
list proto 'udp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-DedicatedServers'
option dest_port '27015'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-VoiceChat'
option dest_port '3478'
option target 'ACCEPT'
list proto 'udp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-VoiceChat'
option dest_port '4379'
option target 'ACCEPT'
list proto 'udp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-VoiceChat'
option dest_port '4380'
option target 'ACCEPT'
list proto 'udp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-VoiceChat'
option dest_port '4380'
option target 'ACCEPT'
list proto 'udp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'Steam-VoiceChat'
option dest_port '27014-27030'
option target 'ACCEPT'
list proto 'udp'

config rule
option src 'wifiextern'
option dest 'wan'
option name 'BlockeAlles-WifiExtern'
option target 'DROP'
list proto 'all'

config redirect 'dns_int'
option name 'Intercept-DNS'
option family 'any'
option proto 'tcp udp'
option src 'lan'
option src_dport '53'
option target 'DNAT'

config redirect
option name 'Redirect-DNS-to-router'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option target 'DNAT'
option dest 'lan'
option dest_ip '192.168.100.1'

Anyone an idea why this stops working suddenly?

2

The 2.4 GHz interface is attached to the wifiextern network.

dnsmasq is forced to listen only on the lan interface, so devices connected to the wifiextern network will not get an IP configuration via DHCP.

Note that there are many other errors and useless things that need to be fixed.

3

Thank you! I set up a dhcp server for wifiextern for this reason. But obisually I did something wrong with that. edit: I added wifiextern to listen interfaces in dnsmasq.

What do you mean? If you find anything wrong with that config, please tell me. Thanks! :slight_smile:

4

So, what do you mean, @pavelgl?

If you see any issues/problems or "useless things", please tell me. Thanks!

5

Attaching two networks to the same wifi-iface is not a good practice, because it can cause a mess. Also, according to the wiki, every L3 interface must be a bridge, and wifiintern is not.

And what is wifiintern for, for wireless clients with static addresses assigned?

You have enabled lan=>wan forwarding, so all those permissive firewall rules are redundant/useless.

6

I dont get it. I dont have any networks connected to wifi. There is a wan&wan6, lan and a wifiintern interface. And a br-lan device. Wifiintern is connected to lan and wifiextern is connected to wan directly.

wifiintern (as the scheme shows) is just a name for the 5 GHz wifi from the router.

Cannot find these forwarding rule in luci. The only forward I'm knowingly have is the dns forwarding:

dnsforwarding
dnsforwarding1047×546 50.2 KB

Can you please be more specific? Mostly I'm using LuCI.

7

By the way: the fw4 rules are ok, I tested the most and guess they are not useless. If I'm for example blocking from IP-Sets, its working flawlessly. And If I'm blocking https, I cannot open any https connection. Same with some other rules. So please be more specific, why exactly the rules are redundant and useless if the rules work?

8

This is an interface for which DHCP is not enabled.

You have two interfaces (networks) connected to this wireless interface.

image
image783×124 5.79 KB

Network->Firewall->Zones, Edit the lan zone -> Allow forward to destination zones:

OK, I stand corrected. With all these rules, I overlooked that you created a restrictive (Blocke alles) rule before the default permissive one.

9

It (wifiintern) uses dhcp from lan. Thats correct and work as expected. Otherwise I would have to write lan to wan fw-rules AND wifiintern to wan fw4-rules ... as I have to do now for the wifiextern. Wish I could group and filter the firewall-rules somehow. :slight_smile:

Yes, thanks! I changed this and basically I added two networks because this seem to be ... not right when I saw this setup in the interface list once. This looks "not right" when it says: network device is not present. (It is actually present in real!)

wifinotready
wifinotready736×112 9.09 KB

I changed wifiintern to be only in the network lan and it still works, what means I can connect to this wifi and is getting dhcp from lan in the ip range of the lan-interface. Confusing!

No one ever mentioned this before, so thank you very much for your eagle-eyed audit! Lesson learned. :slight_smile: Could you provide a link to the wiki that says l3 interfaces should have a bridged devices?

And what do you think personally from the scheme, is this a robust setup now?

<3

10

This:
This is why we are here.
You made it feel like a slam?

Yes, but...

Have you tried search?
Do you want me to link a search 4u? Because I'm willing to...

11

Did I! Sorry?

No, you don't need to, but thanks! I could also just search on my own. But I thought its good to ask, if someone was mentioned this explicitly it in the text. For others can use the link, instead of searching on their own. But I'm sure others can use the search also. :slight_smile:

I saw your question regarding DNS tunneling dnsproxy in another post. Do you want still know why this entries are made?

wwellwheredidthiscomefrom
wwellwheredidthiscomefrom458×115 11.9 KB

12

Yes, I want a full dump.

13

:slight_smile:

14

I'm playful today:
Let's see a full dump.

All of it.
or
begone.

I'm, about, your last chance:
'Leaps @ neck; grabs ankle'.

Work with me...

15

Ok, I cannot clearly see if you're making fun, or been serious. Its 40/60. Normally I would'nt response if uncertain, but you're a lil red dog. Cute wet nose and baby eyes that melts hearts, right?

Here's the dump from dnsproxy:

package dnsproxy

config dnsproxy 'global'
option enabled '1'
list listen_addr '127.0.0.1'
list listen_addr '::1'
option http3 '0'
option insecure '0'
option ipv6_disabled '0'
option refuse_any '0'
option verbose '0'
list listen_port '5354'

config dnsproxy 'bogus_nxdomain'
list ip_addr ''

config dnsproxy 'cache'
option enabled '0'
option cache_optimistic '1'
option size '2097152'

config dnsproxy 'dns64'
option enabled '0'
option dns64_prefix '64:ff9b::'

config dnsproxy 'edns'
option enabled '0'

config dnsproxy 'hosts'
option enabled '0'
list hosts_files ''

config dnsproxy 'private_rdns'
option enabled '0'
list upstream '127.0.0.1:53'

config dnsproxy 'servers'
list upstream 'tls://dns.switch.ch'
list bootstrap '185.228.168.9'
list fallback 'tls://doh.cleanbrowsing.org'

config dnsproxy 'tls'
option enabled '0'
option https_port '8443'
option tls_port '853'
option quic_port '853'

/ # logread -e dnsproxy
Wed May 20 20:02:39 2026 daemon.info dnsproxy[2352]: jail: exec-ing /usr/bin/dnsproxy
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.327765 INFO dnsproxy starting version=v0.81.0 revision="" branch="" commit_time=""
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328155 INFO upstream mode is set prefix=dnsproxy mode=load_balance
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328177 INFO cache disabled prefix=dnsproxy
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328189 INFO starting dns proxy server prefix=dnsproxy
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328208 INFO creating udp server socket prefix=dnsproxy addr=127.0.0.1:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328393 INFO listening to udp prefix=dnsproxy addr=127.0.0.1:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328411 INFO creating udp server socket prefix=dnsproxy addr=[::1]:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328532 INFO listening to udp prefix=dnsproxy addr=[::1]:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328550 INFO creating tcp server socket prefix=dnsproxy addr=127.0.0.1:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328833 INFO listening to tcp prefix=dnsproxy addr=127.0.0.1:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328853 INFO creating tcp server socket prefix=dnsproxy addr=[::1]:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.328927 INFO listening to tcp prefix=dnsproxy addr=[::1]:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.329222 INFO entering udp listener loop prefix=dnsproxy addr=[::1]:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.329284 INFO entering listener loop prefix=dnsproxy proto=tcp addr=127.0.0.1:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.329387 INFO entering listener loop prefix=dnsproxy proto=tcp addr=[::1]:5354
Wed May 20 20:02:40 2026 daemon.info dnsproxy[2352]: 2026/05/20 18:02:40.329427 INFO entering udp listener loop prefix=dnsproxy addr=127.0.0.1:5354
16

ty,

I'll look over it.

I'm not cute!!!!!!!!!!!
:wink:

Seriously!!!
I'm rabid!!!!!

ZZZzzzz

I, and others, will look over the dump.

I'M NOT CUTE!!!!!

...16 MORE HOURS...

17

Who/what/why:
Configured that?

If you say AI, 15 hours; it's okay.

If not: please explain, again, what you want fixed?

You, configured this?

counter packets 0 bytes 0 jump reject_to_wan comment "!fw4: Facebook-BlockIPv4Set"
ip6 daddr @Facebook-IPv6Set counter packets 0 bytes 0 jump reject_to_wan comment "!fw4: Facebook-Bl

You are moments away from 'start over'.

18

Huhu,

No nothing. This threat is just for the wifi connection that refused due to a timeout. And its fixed with a solution already. Dnsproxy is working. IP-Sets for Google, Facebook, and others are working like a charm and there's is nothing (probably it is) to work on right now.

Only the openwrt forum I. was involved (the O.I.). The rest was realized with my own brain.

I sended you the dump, because you asked for. :slight_smile: