IOT VLAN not reaching internet

sven72

@silence I actually now get internet access (since the change you suggested at the top, to point to This Firewall)..!
So I am now even more confused.

nameserver 127.0.0.53
options edns0 trust-ad
search home.arpa

$ dig kernel.org

; <<>> DiG 9.16.15-Ubuntu <<>> kernel.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37302
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;kernel.org.			IN	A

;; ANSWER SECTION:
kernel.org.		596	IN	A	198.145.29.83

;; Query time: 156 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: sam. janv. 08 13:21:36 HKT 2022
;; MSG SIZE  rcvd: 55

A Former User

@sven72 said in IOT VLAN not reaching internet:

I am now even more confused.

Ok Publish your firewall logs again to confirm that everything is in order.

sven72

@silence well not much change there, I now suppose the TV has G's DNS hardcoded somewhere which is very annoying.
And on the TV as I could find some advanced Wi-Fi setting, the DNS points to 192.168.112.1.

A Former User

@sven72, You can enable logs in the first rule to be able to see the firewall logs.

and you can now disable the same option for the second rule. If you wish

sven72

@silence I think with your help I found that the TV tries constantly something it should not do - hence the block all DNS rule makes sense ...

A Former User

@sven72, Exactly, if you have any other questions, what can I help you with?

I am here to serve you

sven72

@silence This is very kind, thanks for your help and advice, and likewise @johnpoz

A Former User

@sven72, Don't worry too much about the logs, it always shows up like this for me, allowed, blocked, allowed, blocked ajajjaa

johnpoz

@sven72 said in IOT VLAN not reaching internet:

I found that the TV tries constantly something it should not do

Exactly.. I would setup your rules not even to log that noise.. That amount of spam flooding your logs will make it difficult to notice stuff you would want to notice.

sven72

@johnpoz well I disabled the logging but indeed, this is not the best approach, is there a way to discard a specific entry in the log to avoid it swamping the interesting part john? Thanks

johnpoz

@sven72 yes just setup rule to block it but not log it.

A Former User

@sven72 said in IOT VLAN not reaching internet:

well I disabled the logging but indeed, this is not the best approach, is there a way to discard a specific entry in the log to avoid it swamping the interesting part john? Thanks

Do you already have it ready? if you need help feel free to post your question.

johnpoz

@sven72 said in IOT VLAN not reaching internet:

well I disabled the logging but indee

I never said turn off all logging, rules you create by default do not log. Only stuff that falls through to the default deny would be logged by default.

So just create a rule that blocks that host from going to 8.8.8.8 and don't log it in the rule.

Example my work laptop generates lots of noise trying to get to stuff it can't get to when on home network.. I have no desire to see that, so there is a rule no logging for my work laptop trying to go to any private IPs that is not logged.

You can see the specific rules above and blow it are set to log