Community discussions

MikroTik App
 
andreaborchiellini
just joined
Topic Author
Posts: 6
Joined: Fri Nov 04, 2016 6:49 pm

Allow a vlan to access a specific host on a specific port in another vlan

Tue Aug 16, 2022 8:02 pm

Hello,
i've a mikrotik with 2 vlan, what I would like to achieve is that from IOT_VLAN (10.0.2.0/24) it is possible to access my dns server (10.0.1.21) inside MAIN_VLAN (10.0.1.0/24).
I've tried everything these days, it shouldn't be hard, yet even enabling the rules on the firewall I can't get it to work, there's something I'm missing but I can't find it, can you help me?
This is my configuration without any rule to forward to port 53:
# aug/16/2022 18:58:38 by RouterOS 6.49.6
#
# model = RB4011iGS+5HacQ2HnD
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes

/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac disabled=no frequency=auto \
    mode=ap-bridge ssid="Wireless 5GHZ"
set [ find default-name=wlan2 ] band=2ghz-b/g/n disabled=no frequency=auto \
    mode=ap-bridge ssid=Wireless

/interface vlan
add interface=bridge1 name=main_vlan vlan-id=10
add interface=bridge1 name=iot_vlan vlan-id=20

/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0

/interface list
add name=WAN
add name=VLAN

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa2-pre-shared-key=password
add authentication-types=wpa2-psk mode=dynamic-keys name=iot \
    supplicant-identity=MikroTik wpa2-pre-shared-key=password

/interface wireless
add disabled=no mac-address=76:4D:28:09:40:AB master-interface=wlan2 name=\
    wlan3 security-profile=iot ssid="Wireless IOT"

/ip pool
add name=main ranges=10.0.1.50-10.0.1.254
add name=iot_pool ranges=10.0.2.50-10.0.2.254

/ip dhcp-server
add address-pool=main_pool disabled=no interface=main_vlan name=\
    main_dhcp
add address-pool=iot_pool disabled=no interface=iot_vlan lease-time=1w3d \
    name=iot_dhcp

/lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU \
    up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US \
    up-port=1700
add address=eu1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (eu1)" up-port=1700
add address=nam1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (nam1)" up-port=1700
add address=au1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (au1)" up-port=1700
add address=eu1.cloud.thethings.network down-port=1700 name="TTN V3 (eu1)" \
    up-port=1700
add address=nam1.cloud.thethings.network down-port=1700 name="TTN V3 (nam1)" \
    up-port=1700
add address=au1.cloud.thethings.network down-port=1700 name="TTN V3 (au1)" \
    up-port=1700

/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw

/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether2 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether3 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether4 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether5 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=wlan1 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=wlan2 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether6 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether7 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether8 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether9 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=wlan3 pvid=20

/ip neighbor discovery-settings
set discover-interface-list=VLAN

/interface bridge vlan
add bridge=bridge1 tagged=bridge1 vlan-ids=10
add bridge=bridge1 tagged=bridge1 vlan-ids=20

/interface list member
add interface=ether1 list=WAN
add interface=main_vlan list=VLAN
add interface=iot_vlan list=VLAN

/ip address
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
add address=10.0.1.1/24 interface=main_vlan network=10.0.1.0
add address=10.0.2.1/24 interface=iot_vlan network=10.0.2.0

/ip dhcp-server network
add address=10.0.1.0/24 dns-server=10.0.1.21 gateway=10.0.1.1
add address=10.0.2.0/24 dns-server=10.0.1.21 gateway=10.0.2.1

/ip dns
set allow-remote-requests=yes servers=10.0.1.21

/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=accept chain=input protocol=icmp
add action=drop chain=input comment=Drop
add action=accept chain=forward comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "VLAN Internet Access only except IOT" connection-state=new in-interface=\
    main_vlan out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" \
    connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward comment=\
    "permette ad un mac di uscire su internet dalla rete IOT" in-interface=\
    iot_vlan out-interface-list=WAN src-mac-address=XX:XX:XX:XX:XX:XX
add action=drop chain=forward comment=Drop

/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
    out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN protocol=\
    tcp to-addresses=10.0.1.21 to-ports=80
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN protocol=\
    tcp to-addresses=10.0.1.21 to-ports=443

/ip route
add distance=1 gateway=192.168.1.1

/system clock
set time-zone-name=Europe/Rome

/system identity
set name=RouterSwitchAP

/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
    d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive

/tool mac-server
set allowed-interface-list=VLAN

/tool mac-server mac-winbox
set allowed-interface-list=VLAN

/tool user-manager database
set db-path=user-manager
I'm sorry if it's a question asked earlier, but I just can't figure out where I'm wrong, thank you
Last edited by andreaborchiellini on Tue Aug 16, 2022 11:59 pm, edited 1 time in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: Allow a vlan to access a specific host on a specific port in another vlan

Tue Aug 16, 2022 8:19 pm

Add the following two firewall filter rules:
add action=accept chain=forward in-interface=iot_vlan dst-address=10.0.1.21 dst-port=53 protocol=udp
add action=accept chain=forward in-interface=iot_vlan dst-address=10.0.1.21 dst-port=53 protocol=tcp
and move them right above the rule which is the last in your export (unconditional drop in chain=forward). Similar (but not exactly same) could be achieved by replacing in-interface with appropriately set src-address= property.

Remember: configuration in different sections doesn't automatically relate and setting certain IP address as DNS server in DHCP configuration doesn't affect firewall rules at all. Also remember that firewall rules are checked in sequence from top to bottom and matching rule executes, later rules don't have any effect.

Also make sure that any firewall that might be running on 10.0.1.21 (DNS server) allows DNS queries from "alien" subnets - e.g. default windiws firewall restricts most services to clients inside own subnet.
 
andreaborchiellini
just joined
Topic Author
Posts: 6
Joined: Fri Nov 04, 2016 6:49 pm

Re: Allow a vlan to access a specific host on a specific port in another vlan

Tue Aug 16, 2022 11:58 pm

Thank you for your response but unluckily these settings doesn't work, also I had tried them before.
I'm sure dns server respond for all requests from any source, i've also tried to open port 8081 for same server (web interface listening there) and port 80 for another destination (10.0.1.20) and even that doesn't work
add action=accept chain=forward in-interface=iot_vlan dst-address=10.0.1.21 dst-port=8081 protocol=tcp
add action=accept chain=forward in-interface=iot_vlan dst-address=10.0.1.20 dst-port=80 protocol=tcp
I just can't understand, i've placed these setting before last drop rule
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Allow a vlan to access a specific host on a specific port in another vlan

Wed Aug 17, 2022 12:30 am

Turn on filter rules logging and see what rule is accepting the traffic.

Can't see the cause, currently on my smartphone...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Allow a vlan to access a specific host on a specific port in another vlan

Wed Aug 17, 2022 12:36 am

Turn on filter rules logging and see what rule is accepting the traffic.

Can't see the cause, currently on my smartphone...
Blaming it on the smartphone vice the not so smart phone user jajajajaja
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Allow a vlan to access a specific host on a specific port in another vlan

Wed Aug 17, 2022 12:52 am

(1) very minor.
You dont need to state NEW in rules......... its redundant.

(2) Its more conducive to port forwarding success if you shorten the rule , users sometime come from LAN behind the router to access the server..........
add action=accept chain=forward comment="allow port forwarding" \
connection-nat-state=dstnat


(3) Just to confirm you only want a single entry on the iot vlan to have internet access. Not sure if mac address is a sufficient parameter to guarantee this?
This layer 3 firewall rules...
Do you not know the IP address of the single device, can you not make it static in the lease??

(4) So as of now you have not granted any access from the main lan to the IOT lan. You are in control!!

As was stated add the missing firewall rules to allow access to the DNS server, other than that cannot see anything but I have a very tiny monitor........ ;-PP
?? since you had that already in the DNS server for the subnet I am surprized that a forward chain rule is required?? one for experts to answer..............
 
andreaborchiellini
just joined
Topic Author
Posts: 6
Joined: Fri Nov 04, 2016 6:49 pm

Re: Allow a vlan to access a specific host on a specific port in another vlan

Wed Aug 17, 2022 5:03 pm

Turn on filter rules logging and see what rule is accepting the traffic.

Can't see the cause, currently on my smartphone...
did you mean this log? or need to log entire firewall rules?
Aug/17/2022 15:56:13 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61662->10.0.1.21:53, len 60
Aug/17/2022 15:56:17 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:3254->10.0.1.21:53, len 61
Aug/17/2022 15:56:17 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:51013->10.0.1.21:53, len 61
Aug/17/2022 15:56:17 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:40115->10.0.1.21:53, len 60
Aug/17/2022 15:56:17 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:52675->10.0.1.21:53, len 60
Aug/17/2022 15:56:17 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:57737->10.0.1.21:53, len 61
Aug/17/2022 15:56:17 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:48639->10.0.1.21:53, len 61
Aug/17/2022 15:56:17 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:52772->10.0.1.21:53, len 65
Aug/17/2022 15:56:18 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:43392->10.0.1.21:53, len 67
Aug/17/2022 15:56:18 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:29286->10.0.1.21:53, len 67
Aug/17/2022 15:56:18 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:27949->10.0.1.21:53, len 61
Aug/17/2022 15:56:18 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:54644->10.0.1.21:53, len 61
Aug/17/2022 15:56:18 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:30330->10.0.1.21:53, len 60
Aug/17/2022 15:56:18 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:2905->10.0.1.21:53, len 60
Aug/17/2022 15:56:18 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:19682->10.0.1.21:53, len 61
Aug/17/2022 15:56:18 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:27009->10.0.1.21:53, len 61
Aug/17/2022 15:56:19 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64142->10.0.1.21:53, len 61
Aug/17/2022 15:56:20 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:37201->10.0.1.21:53, len 67
Aug/17/2022 15:56:20 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:21820->10.0.1.21:53, len 67
Aug/17/2022 15:56:20 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:37409->10.0.1.21:53, len 61
Aug/17/2022 15:56:20 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:17583->10.0.1.21:53, len 61
Aug/17/2022 15:56:21 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:42558->10.0.1.21:53, len 67
Aug/17/2022 15:56:21 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:52235->10.0.1.21:53, len 67
Aug/17/2022 15:56:21 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:32067->10.0.1.21:53, len 61
Aug/17/2022 15:56:21 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64155->10.0.1.21:53, len 61
Aug/17/2022 15:56:28 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:24016->10.0.1.21:53, len 61
Aug/17/2022 15:56:28 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:14642->10.0.1.21:53, len 61
Aug/17/2022 15:56:29 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:9340->10.0.1.21:53, len 68
Aug/17/2022 15:56:29 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:52873->10.0.1.21:53, len 68
Aug/17/2022 15:56:29 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:1747->10.0.1.21:53, len 61
Aug/17/2022 15:56:29 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:17044->10.0.1.21:53, len 61
Aug/17/2022 15:56:30 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:17655->10.0.1.21:53, len 68
Aug/17/2022 15:56:30 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:37661->10.0.1.21:53, len 68
Aug/17/2022 15:56:30 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56077->10.0.1.21:53, len 67
Aug/17/2022 15:56:30 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59224->10.0.1.21:53, len 67
Aug/17/2022 15:56:31 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61977->10.0.1.21:53, len 61
Aug/17/2022 15:56:32 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61977->10.0.1.21:53, len 61
Aug/17/2022 15:56:34 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61977->10.0.1.21:53, len 61
Aug/17/2022 15:56:39 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61977->10.0.1.21:53, len 61
Aug/17/2022 15:56:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:3333->10.0.1.21:53, len 65
Aug/17/2022 15:56:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50803->10.0.1.21:53, len 65
Aug/17/2022 15:56:43 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:33229->10.0.1.21:53, len 65
Aug/17/2022 15:56:43 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:17184->10.0.1.21:53, len 65
Aug/17/2022 15:56:45 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:62297->10.0.1.21:53, len 65
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:49777->10.0.1.21:53, len 82
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:53336->10.0.1.21:53, len 83
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59586->10.0.1.21:53, len 83
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:60400->10.0.1.21:53, len 69
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59366->10.0.1.21:53, len 59
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65394->10.0.1.21:53, len 68
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:52152->10.0.1.21:53, len 78
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:49933->10.0.1.21:53, len 70
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:54509->10.0.1.21:53, len 64
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:57303->10.0.1.21:53, len 61
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56379->10.0.1.21:53, len 67
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:60202->10.0.1.21:53, len 68
Aug/17/2022 15:56:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:62297->10.0.1.21:53, len 65
Aug/17/2022 15:56:47 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61977->10.0.1.21:53, len 61
Aug/17/2022 15:56:48 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:62297->10.0.1.21:53, len 65
Aug/17/2022 15:56:50 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:28125->10.0.1.21:53, len 61
Aug/17/2022 15:56:50 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:5959->10.0.1.21:53, len 61
Aug/17/2022 15:56:51 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:29925->10.0.1.21:53, len 61
Aug/17/2022 15:56:51 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59403->10.0.1.21:53, len 61
Aug/17/2022 15:56:52 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:60913->10.0.1.21:53, len 61
Aug/17/2022 15:56:52 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:14833->10.0.1.21:53, len 61
Aug/17/2022 15:56:52 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64142->10.0.1.21:53, len 61
Aug/17/2022 15:56:52 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:62297->10.0.1.21:53, len 65
Aug/17/2022 15:56:53 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:24190->10.0.1.21:53, len 61
Aug/17/2022 15:56:53 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:24083->10.0.1.21:53, len 61
Aug/17/2022 15:56:53 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:17309->10.0.1.21:53, len 61
Aug/17/2022 15:56:53 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:48922->10.0.1.21:53, len 61
Aug/17/2022 15:56:54 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:1540->10.0.1.21:53, len 61
Aug/17/2022 15:56:54 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:35102->10.0.1.21:53, len 61
Aug/17/2022 15:56:55 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:51784->10.0.1.21:53, len 67
Aug/17/2022 15:56:55 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:60136->10.0.1.21:53, len 67
Aug/17/2022 15:56:55 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59451->10.0.1.21:53, len 61
Aug/17/2022 15:56:56 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:15264->10.0.1.21:53, len 67
Aug/17/2022 15:56:56 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:36274->10.0.1.21:53, len 67
Aug/17/2022 15:56:56 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65274->10.0.1.21:53, len 61
Aug/17/2022 15:56:56 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59451->10.0.1.21:53, len 61
Aug/17/2022 15:56:56 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50378->10.0.1.21:53, len 65
Aug/17/2022 15:56:56 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63801->10.0.1.21:53, len 65
Aug/17/2022 15:56:57 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50378->10.0.1.21:53, len 65
Aug/17/2022 15:56:57 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63801->10.0.1.21:53, len 65
Aug/17/2022 15:56:58 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59451->10.0.1.21:53, len 61
Aug/17/2022 15:57:00 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50378->10.0.1.21:53, len 65
Aug/17/2022 15:57:00 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63801->10.0.1.21:53, len 65
Aug/17/2022 15:57:00 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:62297->10.0.1.21:53, len 65
Aug/17/2022 15:57:02 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59451->10.0.1.21:53, len 61
Aug/17/2022 15:57:04 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61977->10.0.1.21:53, len 61
Aug/17/2022 15:57:04 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50378->10.0.1.21:53, len 65
Aug/17/2022 15:57:04 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63801->10.0.1.21:53, len 65
Aug/17/2022 15:57:05 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:9687->10.0.1.21:53, len 68
Aug/17/2022 15:57:05 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:51757->10.0.1.21:53, len 68
Aug/17/2022 15:57:06 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:32632->10.0.1.21:53, len 68
Aug/17/2022 15:57:06 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:27271->10.0.1.21:53, len 68
Aug/17/2022 15:57:06 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:26403->10.0.1.21:53, len 61
Aug/17/2022 15:57:06 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:43094->10.0.1.21:53, len 61
Aug/17/2022 15:57:07 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:33894->10.0.1.21:53, len 61
Aug/17/2022 15:57:07 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:62800->10.0.1.21:53, len 61
Aug/17/2022 15:57:09 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64316->10.0.1.21:53, len 61
Aug/17/2022 15:57:10 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64316->10.0.1.21:53, len 61
Aug/17/2022 15:57:10 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59451->10.0.1.21:53, len 61
Aug/17/2022 15:57:12 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50378->10.0.1.21:53, len 65
Aug/17/2022 15:57:12 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63801->10.0.1.21:53, len 65
Aug/17/2022 15:57:12 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64316->10.0.1.21:53, len 61
Aug/17/2022 15:57:16 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64316->10.0.1.21:53, len 61
Aug/17/2022 15:57:16 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63607->10.0.1.21:53, len 70
Aug/17/2022 15:57:17 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:62297->10.0.1.21:53, len 65
Aug/17/2022 15:57:17 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63607->10.0.1.21:53, len 70
Aug/17/2022 15:57:19 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:60560->10.0.1.21:53, len 56
Aug/17/2022 15:57:19 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63607->10.0.1.21:53, len 70
Aug/17/2022 15:57:24 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63607->10.0.1.21:53, len 70
Aug/17/2022 15:57:24 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:60560->10.0.1.21:53, len 56
Aug/17/2022 15:57:25 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64316->10.0.1.21:53, len 61
Aug/17/2022 15:57:25 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:53165->10.0.1.21:53, len 61
Aug/17/2022 15:57:25 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:48400->10.0.1.21:53, len 61
Aug/17/2022 15:57:26 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:38679->10.0.1.21:53, len 61
Aug/17/2022 15:57:26 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:24992->10.0.1.21:53, len 61
Aug/17/2022 15:57:26 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56797->10.0.1.21:53, len 61
Aug/17/2022 15:57:26 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:48329->10.0.1.21:53, len 61
Aug/17/2022 15:57:27 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59451->10.0.1.21:53, len 61
Aug/17/2022 15:57:27 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:26618->10.0.1.21:53, len 61
Aug/17/2022 15:57:27 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:12454->10.0.1.21:53, len 61
Aug/17/2022 15:57:29 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:60560->10.0.1.21:53, len 56
Aug/17/2022 15:57:30 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:46301->10.0.1.21:53, len 67
Aug/17/2022 15:57:30 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:45305->10.0.1.21:53, len 67
Aug/17/2022 15:57:30 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56682->10.0.1.21:53, len 62
Aug/17/2022 15:57:30 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:16505->10.0.1.21:53, len 62
Aug/17/2022 15:57:31 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:58468->10.0.1.21:53, len 62
Aug/17/2022 15:57:31 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:3597->10.0.1.21:53, len 62
Aug/17/2022 15:57:32 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63607->10.0.1.21:53, len 70
Aug/17/2022 15:57:32 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:1856->10.0.1.21:53, len 67
Aug/17/2022 15:57:32 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:49913->10.0.1.21:53, len 67
Aug/17/2022 15:57:33 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:33901->10.0.1.21:53, len 61
Aug/17/2022 15:57:33 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:20361->10.0.1.21:53, len 61
Aug/17/2022 15:57:33 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65399->10.0.1.21:53, len 62
Aug/17/2022 15:57:33 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:57776->10.0.1.21:53, len 67
Aug/17/2022 15:57:33 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50145->10.0.1.21:53, len 67
Aug/17/2022 15:57:34 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65399->10.0.1.21:53, len 62
Aug/17/2022 15:57:34 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:16651->10.0.1.21:53, len 61
Aug/17/2022 15:57:34 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:38240->10.0.1.21:53, len 61
Aug/17/2022 15:57:35 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61094->10.0.1.21:53, len 68
Aug/17/2022 15:57:35 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64678->10.0.1.21:53, len 68
Aug/17/2022 15:57:35 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56349->10.0.1.21:53, len 62
Aug/17/2022 15:57:35 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:55319->10.0.1.21:53, len 62
Aug/17/2022 15:57:36 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65399->10.0.1.21:53, len 62
Aug/17/2022 15:57:36 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50740->10.0.1.21:53, len 61
Aug/17/2022 15:57:36 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61094->10.0.1.21:53, len 68
Aug/17/2022 15:57:36 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64678->10.0.1.21:53, len 68
Aug/17/2022 15:57:36 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56349->10.0.1.21:53, len 62
Aug/17/2022 15:57:36 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:55319->10.0.1.21:53, len 62
Aug/17/2022 15:57:37 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50740->10.0.1.21:53, len 61
Aug/17/2022 15:57:38 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61094->10.0.1.21:53, len 68
Aug/17/2022 15:57:38 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64678->10.0.1.21:53, len 68
Aug/17/2022 15:57:38 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56349->10.0.1.21:53, len 62
Aug/17/2022 15:57:38 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:55319->10.0.1.21:53, len 62
Aug/17/2022 15:57:39 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50740->10.0.1.21:53, len 61
Aug/17/2022 15:57:40 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65399->10.0.1.21:53, len 62
Aug/17/2022 15:57:41 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:10665->10.0.1.21:53, len 68
Aug/17/2022 15:57:41 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:60628->10.0.1.21:53, len 68
Aug/17/2022 15:57:41 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64316->10.0.1.21:53, len 61
Aug/17/2022 15:57:41 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64924->10.0.1.21:53, len 53
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:11823->10.0.1.21:53, len 68
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:38000->10.0.1.21:53, len 68
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:61094->10.0.1.21:53, len 68
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64678->10.0.1.21:53, len 68
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56349->10.0.1.21:53, len 62
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:55319->10.0.1.21:53, len 62
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:31504->10.0.1.21:53, len 65
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:41441->10.0.1.21:53, len 65
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:17677->10.0.1.21:53, len 61
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:35807->10.0.1.21:53, len 61
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:31305->10.0.1.21:53, len 67
Aug/17/2022 15:57:42 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:27507->10.0.1.21:53, len 67
Aug/17/2022 15:57:43 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50740->10.0.1.21:53, len 61
Aug/17/2022 15:57:43 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63834->10.0.1.21:53, len 65
Aug/17/2022 15:57:43 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:16557->10.0.1.21:53, len 65
Aug/17/2022 15:57:43 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63284->10.0.1.21:53, len 61
Aug/17/2022 15:57:43 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:35014->10.0.1.21:53, len 61
Aug/17/2022 15:57:45 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59793->10.0.1.21:53, len 65
Aug/17/2022 15:57:45 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:49947->10.0.1.21:53, len 61
Aug/17/2022 15:57:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64924->10.0.1.21:53, len 53
Aug/17/2022 15:57:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59793->10.0.1.21:53, len 65
Aug/17/2022 15:57:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:49947->10.0.1.21:53, len 61
Aug/17/2022 15:57:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64218->10.0.1.21:53, len 65
Aug/17/2022 15:57:46 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65463->10.0.1.21:53, len 65
Aug/17/2022 15:57:47 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64218->10.0.1.21:53, len 65
Aug/17/2022 15:57:47 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65463->10.0.1.21:53, len 65
Aug/17/2022 15:57:48 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:63607->10.0.1.21:53, len 70
Aug/17/2022 15:57:48 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65399->10.0.1.21:53, len 62
Aug/17/2022 15:57:48 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59793->10.0.1.21:53, len 65
Aug/17/2022 15:57:48 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:49947->10.0.1.21:53, len 61
Aug/17/2022 15:57:50 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64218->10.0.1.21:53, len 65
Aug/17/2022 15:57:50 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65463->10.0.1.21:53, len 65
Aug/17/2022 15:57:51 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56349->10.0.1.21:53, len 62
Aug/17/2022 15:57:51 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:55319->10.0.1.21:53, len 62
Aug/17/2022 15:57:51 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:50740->10.0.1.21:53, len 61
Aug/17/2022 15:57:51 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64924->10.0.1.21:53, len 53
Aug/17/2022 15:57:52 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59793->10.0.1.21:53, len 65
Aug/17/2022 15:57:52 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:49947->10.0.1.21:53, len 61
Aug/17/2022 15:57:54 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64218->10.0.1.21:53, len 65
Aug/17/2022 15:57:54 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65463->10.0.1.21:53, len 65
Aug/17/2022 15:57:58 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:28184->10.0.1.21:53, len 61
Aug/17/2022 15:57:58 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:10647->10.0.1.21:53, len 61
Aug/17/2022 15:57:59 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:33178->10.0.1.21:53, len 61
Aug/17/2022 15:57:59 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:31103->10.0.1.21:53, len 61
Aug/17/2022 15:57:59 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:15954->10.0.1.21:53, len 61
Aug/17/2022 15:57:59 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:15340->10.0.1.21:53, len 61
Aug/17/2022 15:58:00 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59451->10.0.1.21:53, len 61
Aug/17/2022 15:58:00 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:59793->10.0.1.21:53, len 65
Aug/17/2022 15:58:00 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:49947->10.0.1.21:53, len 61
Aug/17/2022 15:58:00 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:8912->10.0.1.21:53, len 61
Aug/17/2022 15:58:00 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:22531->10.0.1.21:53, len 61
Aug/17/2022 15:58:02 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:64218->10.0.1.21:53, len 65
Aug/17/2022 15:58:02 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65463->10.0.1.21:53, len 65
Aug/17/2022 15:58:04 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:65399->10.0.1.21:53, len 62
Aug/17/2022 15:58:06 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:38677->10.0.1.21:53, len 67
Aug/17/2022 15:58:06 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:22251->10.0.1.21:53, len 67
Aug/17/2022 15:58:06 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:56766->10.0.1.21:53, len 71
Aug/17/2022 15:58:06 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:55349->10.0.1.21:53, len 71
Aug/17/2022 15:58:06 firewall,info forward: in:iot_vlan out:main_vlan, src-mac XX:XX:XX:XX:XX:XX, proto UDP, 10.0.2.254:45671->10.0.1.21:53, len 60
 
andreaborchiellini
just joined
Topic Author
Posts: 6
Joined: Fri Nov 04, 2016 6:49 pm

Re: Allow a vlan to access a specific host on a specific port in another vlan

Wed Aug 17, 2022 5:10 pm

(1) very minor.
You dont need to state NEW in rules......... its redundant.

(2) Its more conducive to port forwarding success if you shorten the rule , users sometime come from LAN behind the router to access the server..........
add action=accept chain=forward comment="allow port forwarding" \
connection-nat-state=dstnat


(3) Just to confirm you only want a single entry on the iot vlan to have internet access. Not sure if mac address is a sufficient parameter to guarantee this?
This layer 3 firewall rules...
Do you not know the IP address of the single device, can you not make it static in the lease??

(4) So as of now you have not granted any access from the main lan to the IOT lan. You are in control!!

As was stated add the missing firewall rules to allow access to the DNS server, other than that cannot see anything but I have a very tiny monitor........ ;-PP
?? since you had that already in the DNS server for the subnet I am surprized that a forward chain rule is required?? one for experts to answer..............
(1) ok, removed
(2) ok, fixed
(3) yes, for now a single device is allowed to go to internet, for now is a test but surely i can set a static ip
(4) i don't care if main_vlan can't see devices in iot_vlan, or do you mean i should add a rule to allow my DNS server 10.0.1.21 to respond to vlan_iot?

this is my actual configuration that not works
# aug/17/2022 16:08:45 by RouterOS 6.49.6
# software id = 0WFY-GUTG
#
# model = RB4011iGS+5HacQ2HnD

/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=drop chain=input comment=Drop
add action=accept chain=forward comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "VLAN Internet Access only except IOT" in-interface=main_vlan \
    out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" \
    connection-nat-state=dstnat connection-state=""
add action=accept chain=forward comment=\
    "permette ad un mac di uscire su internet dalla rete IOT" disabled=yes \
    in-interface=iot_vlan out-interface-list=WAN src-mac-address=\
    XX:XX:XX:XX:XX:XX
add action=accept chain=forward dst-address=10.0.1.21 dst-port=53 \
    in-interface=iot_vlan protocol=udp
add action=accept chain=forward dst-address=10.0.1.21 dst-port=53 \
    in-interface=iot_vlan protocol=tcp
add action=accept chain=forward in-interface=main_vlan out-interface=\
    iot_vlan
add action=drop chain=forward comment=Drop

/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
    out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN protocol=\
    tcp to-addresses=10.0.1.21 to-ports=80
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN protocol=\
    tcp to-addresses=10.0.1.21 to-ports=443
 
andreaborchiellini
just joined
Topic Author
Posts: 6
Joined: Fri Nov 04, 2016 6:49 pm

Re: Allow a vlan to access a specific host on a specific port in another vlan

Sun Aug 21, 2022 10:25 am

I just can't understand, anyone have any idea?

Who is online

Users browsing this forum: haedertowfeq and 30 guests