1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Help with custom iptables

Discussion in 'NETGEAR AC / AX Wireless' started by ajp2k14, Feb 13, 2018.

  1. ajp2k14

    ajp2k14 Regular Contributor

    Joined:
    Sep 1, 2014
    Messages:
    50
    I would like to redirect all DNS calls to another internal IP so client DNS is forced through it, how do I do that? I tried adding iptable rules in /root/firewall-start.sh but I can't get it to work...


    Thanks!
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    884
    Check that your script /root/firewall-start.sh is executable. And how do you test that it is working? This script will be called following own NG's logic (I do not know when, but not immediately). Just for test try to run it manually. Then is everything is OK and your rules are working, leave it. FW will call this your script when changing rules (adding your's).

    Voxel.
     
  4. ajp2k14

    ajp2k14 Regular Contributor

    Joined:
    Sep 1, 2014
    Messages:
    50
    Thanks, I did try to run it manually and got no errors but it didn't work. I couldn't find a trace of it with iptables --list either...

    The command I tried to run was (not sure if it's correct):

    iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 192.168.1.2:53;
    iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 192.168.1.2:53;
    iptables -t nat -A POSTROUTING -j MASQUERADE

    Thanks!
     
  5. ajp2k14

    ajp2k14 Regular Contributor

    Joined:
    Sep 1, 2014
    Messages:
    50
    @Voxel Could it be that the R7800 already redirects DNS to itself?

    Chain PREROUTING (policy ACCEPT 1233 packets, 103K bytes)

    pkts bytes target prot opt in out source destination
    0 0 REDIRECT udp -- br0 * 0.0.0.0/0 !192.168.1.1 udp dpt:53 UNKNOWN match `dnshijack' redir ports 53
     
  6. ajp2k14

    ajp2k14 Regular Contributor

    Joined:
    Sep 1, 2014
    Messages:
    50
    Never mind, I think I got it working! :)

    For those interested...

    iptables -t nat -A PREROUTING ! -s 192.168.1.2/32 ! -d 192.168.1.2/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.1.2:53
    iptables -t nat -A PREROUTING ! -s 192.168.1.2/32 ! -d 192.168.1.2/32 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.2:53
     
  7. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    884
    Congratulations! The most important that you were able to find a solution yourself.

    Voxel.
     
  8. ajp2k14

    ajp2k14 Regular Contributor

    Joined:
    Sep 1, 2014
    Messages:
    50
    Thanks, I might even learn something... :)
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!