logread.tar (150 KB)
Here is the log file. Thanks.
I found:
-A zone_lan_prerouting -p tcp -m tcp --dport 53 -m comment --comment "!fw3: Force DNS" -j REDIRECT --to-ports 53
-A zone_lan_prerouting -p udp -m udp --dport 53 -m comment --comment "!fw3: Force DNS" -j REDIRECT --to-ports 53
This rule is not necessary while VPN is on.
You can drag these two Firewall - Port Forwards rules before the Force DNS rules. i.e. give them higher priority. Or disable "Force DNS" rules.