DNS запросы от клиентов

workubnt · 19 Июл 2022

ebtables -t nat -L
Давайте начнём с этой команды.

<unifi_root>/data/sites/<siteid>/
config.properties ещё глянуть файл.
(выводит на форум не надо)

# cat config.properties
Добавить
config.system_cfg.1=ebtables.101.cmd=-t nat -I GUESTIN 1 -p IPv4 --ip-proto udp --ip-dport 53 -j ACCEPT

config.system_cfg.2=ebtables.102.cmd=-t nat -I GUESTIN 2 -p IPv4 --ip-proto tcp --ip-dport 53 -j ACCEPT

Есть ли это? Сделать бэкап себе, и добавить строки. Перезагрузить и глянуть.

lazarevva · 19 Июл 2022

TEST-510-BZ.6.0.21# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECTOR all -- anywhere anywhere mark match 0x80000000/0xc0000000
REDIRECTOR all -- anywhere anywhere mark match 0x40000000/0xc0000000
REDIRECT tcp -- anywhere anywhere mark match 0x40000000/0xc0000000 redir ports 80
REDIRECT tcp -- anywhere anywhere mark match 0x80000000/0xc0000000 redir ports 443
REDIRECT udp -- anywhere anywhere udp dpt:domain mark match 0x40000000/0xc0000000 redir ports 53

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain REDIRECTOR (2 references)
target prot opt source destination
REDIRECTOR_1 all -- anywhere anywhere

Chain REDIRECTOR_1 (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:www redir ports 80
REDIRECT tcp -- anywhere anywhere tcp dpt:8882 redir ports 80
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 443
REDIRECT tcp -- anywhere anywhere tcp dpt:domain redir ports 53
REDIRECT udp -- anywhere anywhere udp dpt:domain redir ports 53

workubnt · 19 Июл 2022

ebtables -t nat -L

lazarevva · 19 Июл 2022

workubnt написал(а):
ebtables

Bridge table: nat

Bridge chain: PREROUTING, entries: 10, policy: ACCEPT
-i ath6 -j mark --ubnt-mark-or 0x3000 --mark-target CONTINUE
-i ath5 -j mark --ubnt-mark-or 0x2800 --mark-target CONTINUE
-i ath4 -j mark --ubnt-mark-or 0x2000 --mark-target CONTINUE
-i ath2 -j mark --ubnt-mark-or 0x1800 --mark-target CONTINUE
-i ath1 -j mark --ubnt-mark-or 0x1000 --mark-target CONTINUE
-i ath0 -j mark --ubnt-mark-or 0x800 --mark-target CONTINUE
-i ath0 -j GUESTIN
-i ath1 -j GUESTIN
-i ath4 -j GUESTIN
-i ath5 -j GUESTIN

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

Bridge chain: POSTROUTING, entries: 10, policy: ACCEPT
-o ath6 -j mark --ubnt-mark-or 0x3000 --mark-target CONTINUE
-o ath5 -j mark --ubnt-mark-or 0x2800 --mark-target CONTINUE
-o ath4 -j mark --ubnt-mark-or 0x2000 --mark-target CONTINUE
-o ath2 -j mark --ubnt-mark-or 0x1800 --mark-target CONTINUE
-o ath1 -j mark --ubnt-mark-or 0x1000 --mark-target CONTINUE
-o ath0 -j mark --ubnt-mark-or 0x800 --mark-target CONTINUE
-o ath0 -j GUESTOUT
-o ath1 -j GUESTOUT
-o ath4 -j GUESTOUT
-o ath5 -j GUESTOUT

Bridge chain: GUESTIN, entries: 16, policy: DROP
-p IPv4 --ip-dst 172.22.x.x --ip-proto tcp --ip-dport 8881 -j ACCEPT
-p IPv4 --ip-dst 172.22.x.x --ip-proto tcp --ip-dport 8882 -j REDIRECT_HTTP
-p IPv4 --pkttype-type broadcast --ip-proto udp --ip-sport 68 --ip-dport 67 -j ACCEPT
-p ARP -j ACCEPT
-p IPv4 --ip-proto udp --ip-dport 53 -j GUEST_DNS
-p IPv4 --ip-proto tcp --ip-dport 53 -j GUEST_DNS
-p IPv4 --set guest_pre_allow --set-flags dst --set-family inet -j ACCEPT
-p IPv6 -j DROP
--pkttype-type broadcast -j DROP
-p IPv4 --ip-dst 172.22.x.x --ip-proto tcp --ip-dport 8880 -j ACCEPT
-p IPv4 --ip-dst 172.22.x.x --ip-proto tcp --ip-dport 8843 -j ACCEPT
-p IPv4 --ip-proto tcp --ip-dport 443 -j CAPTIVE_PORTAL
-p IPv4 --set guest_restricted --set-flags dst --set-family inet -j DROP
-p IPv4 --pkttype-type otherhost -j AUTHORIZED_GUESTS
-p IPv4 --ip-proto tcp --ip-dport 80 -j REDIRECT_HTTP
-p IPv4 --ip-proto tcp --ip-dport 443 -j REDIRECT_HTTPS

Bridge chain: GUESTOUT, entries: 5, policy: ACCEPT
-p IPv4 --pkttype-type broadcast --ip-proto udp --ip-sport 67 --ip-dport 68 -j ACCEPT
-p ARP -j ACCEPT
-p IPv6 -j DROP
--pkttype-type broadcast -j DROP
-p IPv4 --set guest_pre_allow --set-flags dst --set-family inet -j ACCEPT

Bridge chain: GUEST_DNS, entries: 2, policy: DROP
-p IPv4 --ip-proto udp --ip-dport 53 -j REDIRECT_DNS
-p IPv4 --ip-proto tcp --ip-dport 53 -j REDIRECT_DNS

Bridge chain: CAPTIVE_PORTAL, entries: 0, policy: RETURN

Bridge chain: REDIRECT_HTTP, entries: 2, policy: ACCEPT
-j mark --mark-or 0x40000000 --mark-target CONTINUE
-j redirect

Bridge chain: REDIRECT_HTTPS, entries: 2, policy: ACCEPT
-j mark --mark-or 0x80000000 --mark-target CONTINUE
-j redirect

Bridge chain: AUTHORIZED_GUESTS, entries: 1, policy: RETURN
--set guest_authorized_mac --set-flags src --set-family inet -j ACCEPT

Bridge chain: REDIRECT_DNS, entries: 2, policy: ACCEPT
-j mark --mark-or 0x40000000 --mark-target CONTINUE
-j redirect

Автор	Похожие темы	Раздел	Ответов	Дата
	Ubiquiti crm Point. AdGuard Home(pihole)+dnscrypt+unifi	Другое	2	4 Ноя 2022
U	Не работает dns resolv на Nanostation M5	UBIQUITI Общий форум	3	1 Окт 2021
	Решено DNS для сетей за USG-Pro-4	UniFi	19	3 Сен 2021
	Drop DNS Flood UniFi	UniFi	2	21 Мар 2021
S	Имена DNS	UniFi	1	27 Май 2020
M	Проблемы с DHСP и DNS и ручным IP	UniFi	4	13 Май 2020
M	Проблемы с DNS / DHCP за свитчом D-Link	Маршрутизаторы	5	10 Фев 2020

Поиск

Поиск

DNS запросы от клиентов

workubnt

знающий

lazarevva

новичок

workubnt

знающий

lazarevva

новичок