WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Allow DNS requests across VLAN

0 votes
416 views 2 comments
by anonymous

I have a RUTX12 configured with two VLAN (one for IOT and one for Guest access). I'm configuring a custom DNS server (using AdGuard Home) and want to allow the devices on the VLAN to be able to access the DNS server. I've tried to set up a forwarding rule but something is not working. 

When on main LAN i can run dig @10.99.1.4 google.com successfully, but when on the IOT or Guest wifi networks i get no response. I tried to set up similar rules for other services with the same result. What am I missing?

My general firewall rules. IOT and Guest cannot connect to LAN, but isn't the forwarding rule overriding that?

1 Answer

0 votes
by anonymous
Hi Adamnski,

So, if i understood correctly, your DNS server is running on your local LAN, and your need that the vlans IOT and GUEST be able to access your LAN, so their can reach your DNS.

Guess that what is missing, is allowing zone forwarding to your LAN:

-> Click on the pencil on IoT/Guest zones: https://prnt.sc/aCttZRpJj6gT

-> On "Allow foward to destination zones" add "LAN", should look like this: https://prnt.sc/4cU-u1UVw07P

-> Save and apply.

-> Do the same for the other zone.

If it doesnt work, please draw a simple topology with the VLANs IP's and devices. Also please attach a troubleshoot file.

Best regards.
by anonymous
Thanks for the answer!

That would be the easy solution, but the thing is that I do not want to allow forwarding traffic between IOT/GUEST => LAN. What I'm trying to achieve is to allow such traffic ONLY for port 53. For LAN=>IOT/GUEST I want to allow all traffic. Is the only way to do this to allow all traffic and then set up rules to reject traffic except on port 53?

Edit: I tried allowing forward GUEST=>LAN in the firewall and then adding a rule refusing all forwards from GUEST=>LAN and a rule allowing forwards on port 53. But this does not seem to work. As soon as I add GUEST=>LAN in the firewall all traffic is forwarded, without respecting the forward rule.

Edit 2: Could there be something wrong with my traffic rules? I tried adding a rule rejecting any traffic from IOT=>WAN from any destination to any source, but internet still works when connected to the IOT VLAN.
by anonymous
Hi Adamnski,

Got it, based on your scenario i did some testing here and i think maybe the issue is that on the traffic rule you've created, you've set the "Source port: 53" and the router could assign any random available port when making the request, but of course it keeps the destination port 53.

Like on this example ( https://prnt.sc/KcsMqG1l7jvf ), where i tried to use a my phone to reach my computer on port 50000, and as you can see, the router assigned the port 59308 for this request, this way, the traffic rule did not work.

So please try leaving the "source port" field empty and let me know the results.

Best regards.