logread.tar (150 KB)
Here is the log file. Thanks.
I found:
-A zone_lan_prerouting -p tcp -m tcp --dport 53 -m comment --comment "!fw3: Force DNS" -j REDIRECT --to-ports 53
-A zone_lan_prerouting -p udp -m udp --dport 53 -m comment --comment "!fw3: Force DNS" -j REDIRECT --to-ports 53
This rule is not necessary while VPN is on.
You can drag these two Firewall - Port Forwards rules before the Force DNS rules. i.e. give them higher priority. Or disable "Force DNS" rules.
1 Like
how I can delete those rules "dns for vpn" and "dns for vpn guest" ? those rules are create when the wireguard/openvpn is up, on my case I use wireguard but I did not understand the case selection into the script route_policy..I'm trying to figuring out if I can set a conditional, by using the adguard port 3053.
Change the priority of the rule from the GUI in luci, it does not work after a router reboot, the change as you know are not persistence.
my workaround by now it's the following command at the system boot:
sed -i '/config redirect '\''dns_vpn_guest'\''/,/option enabled/ s/option enabled '\''1'\''/option enabled '\''0'\''/' "/etc/config/firewall"
sed -i '/config redirect '\''dns_vpn'\''/,/option enabled/ s/option enabled '\''1'\''/option enabled '\''0'\''/' "/etc/config/firewall"
This is not a solution, it's a workaround.
If you drag adguard port 3053 firewall rule above, it will have higher priority than "dns for vpn" rule. That's the same function as disabling them.
This will be persistent after reboot.
I did it, but the change as I mentioned before is not persistence after a reboot, I don't know if there is something wrong from my router (GL-AX1800 Flint), already upgraded. Thus I setup those commands at startup and it works, thank you.