TCP port 853 being routed to wrong interface
USG60W V4.62
routing rules
user-incoming-- source- destination-- Service-- next-hop --SNAT
any--vlan4093--any --- IP192168532-- DNS-- vlan53 -----IP1921685311
any--vlan4093--any--- IP1921685312--DNS-- vlan53---- IP1921685315
any--vlan4093--any--- any-- ---------any--- -wan2----- none
DNS service is port 53 UDP and TCP
Logs
Security Policy Control
Match default rule, DROP [count=3]
192.168.253.1:41822
vlan4093
192.168.53.12:853
vlan53
tcp
ACCESS BLOCK
Security Policy Control
Match default rule, DROP [count=3]
192.168.253.1:40828
vlan4093
192.168.53.2:853
vlan53
tcp
ACCESS BLOCK
The next hop for port 853 should be WAN2
All Replies
-
Hi @PeterUK,Is this issue been there all these while? Or it only happens occasionally? And when it happens, what did you do to recover it?Could you send me your configuration file in PM for further checking.0
-
I'm not sure when this bug happened I know every time I turn the WiFi on my phone it happens port 853 is DNS over TLS.
0 -
Its one of them things you think its wrong when in fact its correct!
Because I have a 192.168.53.0/27 it routes to that no matter what routing rules you have unless you use Overwrite Direct Route.
Case closed
0
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 893 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight