TCP port 853 being routed to wrong interface
USG60W V4.62
routing rules
user-incoming-- source- destination-- Service-- next-hop --SNAT
any--vlan4093--any --- IP192168532-- DNS-- vlan53 -----IP1921685311
any--vlan4093--any--- IP1921685312--DNS-- vlan53---- IP1921685315
any--vlan4093--any--- any-- ---------any--- -wan2----- none
DNS service is port 53 UDP and TCP
Logs
Security Policy Control
Match default rule, DROP [count=3]
192.168.253.1:41822
vlan4093
192.168.53.12:853
vlan53
tcp
ACCESS BLOCK
Security Policy Control
Match default rule, DROP [count=3]
192.168.253.1:40828
vlan4093
192.168.53.2:853
vlan53
tcp
ACCESS BLOCK
The next hop for port 853 should be WAN2
All Replies
-
Hi @PeterUK,Is this issue been there all these while? Or it only happens occasionally? And when it happens, what did you do to recover it?Could you send me your configuration file in PM for further checking.0
-
I'm not sure when this bug happened I know every time I turn the WiFi on my phone it happens port 853 is DNS over TLS.
0 -
Its one of them things you think its wrong when in fact its correct!
Because I have a 192.168.53.0/27 it routes to that no matter what routing rules you have unless you use Overwrite Direct Route.
Case closed
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 115 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 900 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 832 Nebula FAQ
- 402 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight