IOT VLAN not reaching internet
-
@silence It is not, I did not configure any, as I thought the DNS queries (and only them) would go to the firewall itself, that I thought was using the General Setup.
And I still wonder where that G DNS comes from ..? -
@johnpoz said in IOT VLAN not reaching internet:
Huh? Sorry but that makes zero sense.
Maybe not the right terminology then, here is what I meant:
@johnpoz said in IOT VLAN not reaching internet:
You have a block all DNS rule above where you allow any..
Thinking process is that I would first allow all to ensure this thing is working, yes the tagging etc. makes it very cumbersome even with the manual.
Then force any DNS query onto what I thought would be the default, the General Setup, hence the conversation with Silence at the top re what is only allowed to. -
@sven72 said in IOT VLAN not reaching internet:
still wonder where that G DNS comes from ..?
Can you connect your pc in this same vlan and then test?
-
@silence I actually now get internet access (since the change you suggested at the top, to point to This Firewall)..!
So I am now even more confused.nameserver 127.0.0.53 options edns0 trust-ad search home.arpa$ dig kernel.org ; <<>> DiG 9.16.15-Ubuntu <<>> kernel.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37302 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;kernel.org. IN A ;; ANSWER SECTION: kernel.org. 596 IN A 198.145.29.83 ;; Query time: 156 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: sam. janv. 08 13:21:36 HKT 2022 ;; MSG SIZE rcvd: 55 -
@sven72 said in IOT VLAN not reaching internet:
I am now even more confused.
Ok Publish your firewall logs again to confirm that everything is in order.
-
@silence well not much change there, I now suppose the TV has G's DNS hardcoded somewhere which is very annoying.
And on the TV as I could find some advanced Wi-Fi setting, the DNS points to 192.168.112.1.
-
@sven72, You can enable logs in the first rule to be able to see the firewall logs.
and you can now disable the same option for the second rule. If you wish
-
@silence I think with your help I found that the TV tries constantly something it should not do - hence the block all DNS rule makes sense ...
-
@sven72, Exactly, if you have any other questions, what can I help you with?
I am here to serve you
-
@silence This is very kind, thanks for your help and advice, and likewise @johnpoz
-
@sven72, Don't worry too much about the logs, it always shows up like this for me, allowed, blocked, allowed, blocked ajajjaa
-
@sven72 said in IOT VLAN not reaching internet:
I found that the TV tries constantly something it should not do
Exactly.. I would setup your rules not even to log that noise.. That amount of spam flooding your logs will make it difficult to notice stuff you would want to notice.
-
@johnpoz well I disabled the logging but indeed, this is not the best approach, is there a way to discard a specific entry in the log to avoid it swamping the interesting part john? Thanks
-
@sven72 yes just setup rule to block it but not log it.
-
@sven72 said in IOT VLAN not reaching internet:
well I disabled the logging but indeed, this is not the best approach, is there a way to discard a specific entry in the log to avoid it swamping the interesting part john? Thanks
Do you already have it ready? if you need help feel free to post your question.
-
@sven72 said in IOT VLAN not reaching internet:
well I disabled the logging but indee
I never said turn off all logging, rules you create by default do not log. Only stuff that falls through to the default deny would be logged by default.
So just create a rule that blocks that host from going to 8.8.8.8 and don't log it in the rule.
Example my work laptop generates lots of noise trying to get to stuff it can't get to when on home network.. I have no desire to see that, so there is a rule no logging for my work laptop trying to go to any private IPs that is not logged.
You can see the specific rules above and blow it are set to log
