I have a client that I want to use 192.168.0.5 with a static ip for dns, but the bridge filter wont allow that being on the guest wifi interface wifi4. I have tried a few things but I’m just not getting/understanding the concept. ie this type of thing in various combinations.
Requests to DNS server (dst-port=53) will almost never originate from same port, src-port will be a random number. And you may want to set dst-address to IP address of your official DNS server.
Also think about replies ... bridge filters have no notion about connections. So to make things work, you need allow "forward" packets (dst-address=DNS_server dst-port=53 in-interface=wifi4 src-address=192.168.0.5) and "return" packets (src-address=DNS_server src-port=53 out-interface=wifi4 dst-address=192.168.0.5). And possibly for both tcp and udp (currently you only have two identical rules for udp). So it will be something like 4 accept rules.
In reality I want a dns request to go from device 192.168.0.35 on wifi4 which of course is being blocked by the bridge filter drop rule to a device on ether3 192.168.0.5 port 53 and back again.
Do I need to say where it is going, I thought the ip bit did that. Still confused lol.
It’s very simple I want a client on my guest wifi which is wifi4 to use a dns server on 192.168.0.5 which is on the same router but is being blocked from the Lan segment by the bridge/filter drop rules.
Nothing is simple as you have elected to use bridge filters, which is not trivial.
If you want assistance, then
a. provide a network diagram
b. config
/export file=anynameyouwish (minus serial number, any public WANIP information, keys, dhcp lease lists)
because I use my hands in life not my brains, No I thought it may be a simple task for you guys to give me an answer. It’s a standard config Hap ax2 with guest network added using quick set and then I removed the rubbish I didn’t want. If it is that much of a faff I might as well leave it as is and just use my main wifi instead.
I use the guest wifi for iot stuff and my phone which i wanted to keep seperate ‘cus I don’t trust it!
It's not a phone with shi~~y apps pre-installed, there's nothing rubbish here...
All of this is hampered by the fact that:
you didn't write what you just wrote,
you posted your attempts with the bridge filter, leaving everyone wondering "what's the point?",
instead of posting the current configuration and simply explaining what you needed,
without proposing confusing solutions yourself.
We are trying to help, however it requires communication of the facts and evidence and the best medium is the config, all the rest is hearsay and opinion and assumptions. To quote the movie, HELP ME HELP YOU
The only person giving grief is yourself, we are just pointing out the shortcomings and believe me, we know how to fix your issues, once articulated in a clear logical fashion.
No worries, I’ll just use my standard wifi, it isn’t a problem. I’ll bump into it at some point I’m sure.
i just thought there might be a process or something written already to use another dns server when using “Guest-WiFi” mode. I’ll leave it there as it’s gettings way too silly. You could have fired up and made a wifi guest network clicking the quickset tab faster than spending time berating me. But never mind all good.
First question: which DNS server is the device trying to use? Is it trying to use 192.168.0.5 or something completely different and you're trying to "force" it to use your own DNS server?
When you say wife do you mean that in the 'general sense' of my partner or do you mean wife as in the gender specific meaning?
I would have you over for dinner either way.
The guest wifi IE interface wifi4 in this case is using 192.168.0.254 for dns by default, but as you know access to the Lan is being blocked by the drop rules on the bridge/filter.
