dd-wrt ​​上的碘

tag-icon tag-icon dns iptables dd-wrt
dd-wrt ​​上的碘

你好,我正在尝试设置dd-wrt在我的路由器上。我已经安装了它并设置了我的域。我目前的问题是,我的防火墙似乎阻止了端口 53?我想我应该通过 iptables 来解决这个问题。不太清楚该怎么做?

应该是这个吗?:

echo 1 > /prov/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o vlan2 -j MASQUERADE
iptables -A FORWARD -i vlan2 -o dns0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i dns0 -o vlan2 -j ACCEPT

执行 ifconfig vlan2 时,我的公网 IP 地址为。我还检查了端口是否在https://www.whatsmyip.org/port-scanner/并且显示已关闭,但据我所知我的 ISP 没有阻止端口 53

当尝试连接我的 Windows 客户端时(我当前已通过 VPN 连接到我的网络):

Opening device Ethernet 2
Opened IPv4 UDP socket
Opened IPv4 UDP socket
Sending DNS queries for t.example.xyz to 8.8.8.8
Autodetecting DNS query type (use -T to override).Opened IPv4 UDP socket

Using DNS type NULL queries
Version ok, both using protocol v 0x00000502. You are user #0
Enabling interface 'Ethernet 2'
Setting IP of interface 'Ethernet 2' to 10.0.0.2 (can take a few seconds)...

Server tunnel IP is 10.0.0.1
Testing raw UDP data to the server (skip with -r)
Server is at 192.168.11.1, trying raw login: ....failed
Using EDNS0 extension
Switching upstream to codec Base128
Server switched upstream to codec Base128
No alternative downstream codec available, using default (Raw)
Switching to lazy mode for low-latency
Server switched to lazy mode
Autoprobing max downstream fragment size... (skip with -m fragsize)
768 ok.. 1152 ok.. ...1344 not ok.. ...1248 not ok.. ...1200 not ok.. .1176 ok.. 1188 ok.. will use 1188-2=1186
Setting downstream fragment size to max 1186...
Connection setup complete, transmitting data.
Got SERVFAIL as reply: server failed or recursion timeout
Hmm, that's 6485816. Your data should still go through...
Got SERVFAIL as reply: server failed or recursion timeout
Hmm, that's 6485816. Your data should still go through...
Got SERVFAIL as reply: server failed or recursion timeout
Hmm, that's 6485816. Your data should still go through...
Got SERVFAIL as reply: server failed or recursion timeout
Hmm, that's 6485816. Your data should still go through...
Got SERVFAIL as reply: server failed or recursion timeout
I think 6485816 is too many. Setting interval to 1 to hopefully reduce SERVFAILs. But just ignore them if data still comes through. (Use -I1 next time on this network.)
Got SERVFAIL as reply: server failed or recursion timeout
Receiving too few answers. Will try to switch lazy mode off, but that may not always work any more. Start with -L0 next time on this network.
Server switched back to legacy mode.

有任何想法吗?

相关内容