I would really appreciate it if someone would double check me. Sorry for the screenshot. Either the Lemmy code button isn’t great or I’m just dum at formatting.

This has local *arr servers available and traceroute shows me going through the VPN.

The largest blue blotch is the ip address of a mullvad vpn server.

Rpi4, Raspberry Pi OS lite.

Mullvad VPN. IPv6 has been nuked. Using Wireguard through wg-quick.

wg2 originates from a .conf file from Mullvad with IPv6 stripped.

Do these UFW settings look right?

  • kowcop
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    Pretty sure DNS is 53 UDP. Not sure if you meant it like that.

    Port 53 TCP is for dns zone transfers

    • dragonfly4933@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      DNS vc is used for any dns request, not just zone transfers. UDP can sometimes fail in some situations, in which case the client will fall back to TCP which will keep it working.

    • Machinist@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I’ve got 53 and 5353 open so that DNS will work for my local network when connecting to *arr and jellyfin.

      I.E. type raspberrypi:8989 in a browser to bring up Sonarr.

      Should I restrict to UDP?

      • kowcop
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Just did some reading as it has been many years since I did firewall… looks like dns is mostly UDP, but fails over to TCP if the dns reply exceeds 512bytes.