Hi
the DNS Forwarder (dnsmasq) is if enabled listening on the WAN and LAN interface.
I think this is a bug because there is absolutely no reason dnsmasq is listening on the WAN interface. Well, I can think of some people for which it should listen on OPT1 as well. Maybe for some configuration it is even required to listen on even more interfaces.
A fix which should please anybody is if dnsmasq is started with --except-interface=WAN
Personally, I would be happy if dnsmasq is started with --listen-address=192.168.1.1 but as I have said, there are likely some people who want it to be reachable on other interfaces such as OPT1 as well.
Of course, there is always the possibility to set a firewall rule on the WAN interface which prohibits access to TCP/UDP Port 53 but I think the default configuration if DNS Forwarding is enabled should be safe.
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.htmlTested against 1.3b2 and 1.3b3
Hardware: Soekris net48xx