Eu tenho um roteador TP-Link WDR4300 com OpenWRT BarrierBreaker (vargalex build ver. 1.1.7).
Eu uso devido ao meu Raspberry ( SMB, PMA, Plex, etc
) DDNS
( duckdns.org
) para alcançar meu roteador fora da minha LAN (tentei configurar VPN no roteador, mas de alguma forma não consigo encontrar o configuração correta). Meus serviços estão usando essas portas: 139, 445, 8080, 8081, 8877, 56565
mas um pouco de 53
( dnsmasq
) porta é aberta a partir de WAN
e não consigo bloqueá-la.
netstat
de saídas:
netstat -an
netstat-pln
nslookup
output:
> server <myremoteaddress>.duckdns.org
Default Server: remoteconnection.duckdns.org
Address: <myipaddress>
> google.com.
Server: <myremoteaddress>.duckdns.org
Address: <myipaddress>
Non-authoritative answer:
Name: google.com
Addresses: xxxx:yyyy:400d:zzzz::200e
***.***.72.20
***.***.72.34
***.***.72.45
***.***.72.24
***.***.72.49
***.***.72.44
***.***.72.39
***.***.72.25
***.***.72.30
***.***.72.54
***.***.72.40
***.***.72.29
***.***.72.50
***.***.72.59
***.***.72.55
***.***.72.35
Estou usando Google DNS
( 8.8.8.8, 8.8.4.4
).
Eu tentei adicionar alguns rule
para bloquear a porta 53
, sem sucesso ...
Existem as regras que adicionei ao firewall
config ( /etc/config/firewall
) e conectei à porta desejada:
config rule
option src 'wan'
option name 'block_port_53'
option dest_port '53'
option target 'REJECT'
option proto 'all'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
option name 'Guest DNS'
option src 'guest'
option enabled '0'
config rule
option src 'wan'
option dest 'lan'
option name 'restrict_dns_53_lan'
option dest_port '53'
option target 'REJECT'
config rule
option src 'wan'
option dest_port '53'
option name 'restrict_dns_forward'
option target 'REJECT'
option proto 'tcp udp'
option dest 'lan'
Guest DNS
está atualmente desativado e é para o Guest WiFi
(é o Guest DNS zone
).
O que estou fazendo de errado?
O principal motivo para bloquear a porta 53
são os bots chineses que estão tentando religar meu DNS
. O System Log
do meu roteador está cheio disso:
Jul 4 20:12:53 dnsmasq[2524]: possible DNS-rebind attack detected: 9406151-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:53 dnsmasq[2524]: possible DNS-rebind attack detected: 9406163-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:12:53 dnsmasq[2524]: possible DNS-rebind attack detected: 9406153-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:54 dnsmasq[2524]: possible DNS-rebind attack detected: 9406166-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:12:54 dnsmasq[2524]: possible DNS-rebind attack detected: 9406154-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:54 dnsmasq[2524]: possible DNS-rebind attack detected: 9406157-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:12:54 dnsmasq[2524]: possible DNS-rebind attack detected: 9406156-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:54 dnsmasq[2524]: possible DNS-rebind attack detected: 9406148-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:54 dnsmasq[2524]: possible DNS-rebind attack detected: 9406149-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:54 dnsmasq[2524]: possible DNS-rebind attack detected: 9406155-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:54 dnsmasq[2524]: possible DNS-rebind attack detected: 9406160-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:12:55 dnsmasq[2524]: possible DNS-rebind attack detected: 9406164-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:12:55 dnsmasq[2524]: possible DNS-rebind attack detected: 9406158-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:12:55 dnsmasq[2524]: possible DNS-rebind attack detected: 9406150-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:55 dnsmasq[2524]: possible DNS-rebind attack detected: 9406161-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:12:55 dnsmasq[2524]: possible DNS-rebind attack detected: 9406147-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:55 dnsmasq[2524]: possible DNS-rebind attack detected: 9406152-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.myxns.cn
Jul 4 20:12:56 dnsmasq[2524]: possible DNS-rebind attack detected: 9406162-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:12:57 dnsmasq[2524]: possible DNS-rebind attack detected: 9406159-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:12:58 dnsmasq[2524]: possible DNS-rebind attack detected: 9406165-0-1896986649-4159633587.ns.113-17-184-25-ns.dns-spider.ffdns.net
Jul 4 20:15:24 dnsmasq[2524]: possible DNS-rebind attack detected: 4376755-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.ffdns.net
Jul 4 20:15:24 dnsmasq[2524]: possible DNS-rebind attack detected: 4376759-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.ffdns.net
Jul 4 20:15:24 dnsmasq[2524]: possible DNS-rebind attack detected: 4376746-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.myxns.cn
Jul 4 20:15:24 dnsmasq[2524]: possible DNS-rebind attack detected: 4376741-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.myxns.cn
Jul 4 20:15:24 dnsmasq[2524]: possible DNS-rebind attack detected: 4376750-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.myxns.cn
Jul 4 20:15:26 dnsmasq[2524]: possible DNS-rebind attack detected: 4376756-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.ffdns.net
Jul 4 20:15:26 dnsmasq[2524]: possible DNS-rebind attack detected: 4376752-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.ffdns.net
Jul 4 20:15:26 dnsmasq[2524]: possible DNS-rebind attack detected: 4376760-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.ffdns.net
Jul 4 20:15:26 dnsmasq[2524]: possible DNS-rebind attack detected: 4376754-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.ffdns.net
Jul 4 20:15:26 dnsmasq[2524]: possible DNS-rebind attack detected: 4376758-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.ffdns.net
Jul 4 20:15:26 dnsmasq[2524]: possible DNS-rebind attack detected: 4376753-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.ffdns.net
Por favor, ajude-me a me livrar deles.