OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Sensei »
  • SmarTV bypassing DNS firewall rules
« previous next »
  • Print
Pages: [1]

Author Topic: SmarTV bypassing DNS firewall rules  (Read 95 times)

whiiiskyy

  • Newbie
  • *
  • Posts: 11
  • Karma: 0
    • View Profile
SmarTV bypassing DNS firewall rules
« on: February 23, 2021, 11:35:19 am »
Hi guys,

I have followed this post  https://labzilla.io/blog/force-dns-pihole and all the devices are being forced to send DNS request to my Pi-Holes.

Well, not entirely. My Samsung Smart TV is still showing under: sensei/index/#/reports/dns
By analysing the traffic, it's the Netflix application calling 8.8.8.8 from some weird high port such as 51300. They are random high ports.

I don't understand how and why that is happening since one of the rules are like redirect LAN from any port .....

I have checked, rechecked everything. Only my TV is driving me nuts.

Thanks guys.


Logged

Greelan

  • Full Member
  • ***
  • Posts: 239
  • Karma: 16
    • View Profile
Re: SmarTV bypassing DNS firewall rules
« Reply #1 on: February 23, 2021, 12:04:27 pm »
The source port is random and irrelevant. It’s the destination port (53) you need to be focused on
Logged

tiermutter

  • Newbie
  • *
  • Posts: 42
  • Karma: 1
    • View Profile
Re: SmarTV bypassing DNS firewall rules
« Reply #2 on: February 23, 2021, 01:28:03 pm »
Quote from: Greelan on February 23, 2021, 12:04:27 pm
It’s the destination port (53) you need to be focused on

Remember that the redirect rule for port 53 is not hit when clients use DoT or DoH, destination ports are 853 for DoT and 443 for DoH.
Logged
i am not an expert... just trying to help...

whiiiskyy

  • Newbie
  • *
  • Posts: 11
  • Karma: 0
    • View Profile
Re: SmarTV bypassing DNS firewall rules
« Reply #3 on: February 24, 2021, 08:29:37 am »
Quote from: Greelan on February 23, 2021, 12:04:27 pm
The source port is random and irrelevant. It’s the destination port (53) you need to be focused on

That is the problem, there are already rules for that.
One of the rules is:

TCP/UDP    LAN net    *    ! PiHoles    53 (DNS)    PiHoles      53 (DNS)

My smartTV fits in there (LAN net followed by * port), and if the destination on 53 isn't Pi-Hole, redirect to it.

This issue is only happening with the TV. It is application level coming from Netflix App and I am not sure how to fix that :(
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Sensei »
  • SmarTV bypassing DNS firewall rules
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2