What's new
By:

Help with custom iptables

A

ajp2k14

Regular Contributor
I would like to redirect all DNS calls to another internal IP so client DNS is forced through it, how do I do that? I tried adding iptable rules in /root/firewall-start.sh but I can't get it to work...


Thanks!
 
ajp2k14 said:
I would like to redirect all DNS calls to another internal IP so client DNS is forced through it, how do I do that? I tried adding iptable rules in /root/firewall-start.sh but I can't get it to work...


Thanks!
Click to expand...
Check that your script /root/firewall-start.sh is executable. And how do you test that it is working? This script will be called following own NG's logic (I do not know when, but not immediately). Just for test try to run it manually. Then is everything is OK and your rules are working, leave it. FW will call this your script when changing rules (adding your's).

Voxel.
 
Voxel said:
Check that your script /root/firewall-start.sh is executable. And how do you test that it is working? This script will be called following own NG's logic (I do not know when, but not immediately). Just for test try to run it manually. Then is everything is OK and your rules are working, leave it. FW will call this your script when changing rules (adding your's).

Voxel.
Click to expand...

Thanks, I did try to run it manually and got no errors but it didn't work. I couldn't find a trace of it with iptables --list either...

The command I tried to run was (not sure if it's correct):

iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 192.168.1.2:53;
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 192.168.1.2:53;
iptables -t nat -A POSTROUTING -j MASQUERADE

Thanks!
 
@Voxel Could it be that the R7800 already redirects DNS to itself?

Chain PREROUTING (policy ACCEPT 1233 packets, 103K bytes)

pkts bytes target prot opt in out source destination
0 0 REDIRECT udp -- br0 * 0.0.0.0/0 !192.168.1.1 udp dpt:53 UNKNOWN match `dnshijack' redir ports 53
 
Never mind, I think I got it working! :)

For those interested...

iptables -t nat -A PREROUTING ! -s 192.168.1.2/32 ! -d 192.168.1.2/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.1.2:53
iptables -t nat -A PREROUTING ! -s 192.168.1.2/32 ! -d 192.168.1.2/32 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.2:53
 
ajp2k14 said:
Never mind, I think I got it working! :)

For those interested...

iptables -t nat -A PREROUTING ! -s 192.168.1.2/32 ! -d 192.168.1.2/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.1.2:53
iptables -t nat -A PREROUTING ! -s 192.168.1.2/32 ! -d 192.168.1.2/32 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.2:53
Click to expand...
Congratulations! The most important that you were able to find a solution yourself.

Voxel.
 
Thanks, I might even learn something... :)
 
You must log in or register to reply here.

Similar threads

M
Solved DNS Director not forcing manual DNS... IPtables?
Replies
7
Views
732
bennor
B
W
YazFi Can YazFi custom firewall rules overcome VLAN client isolation?
Replies
3
Views
962
bennor
B
R
Iptables functionality on 3006.102.4
Replies
15
Views
2K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
maghuro
Suggestion: Allow selecting interface for NAT rules (Virtual Server / Port Forwarding)
Replies
2
Views
542
maghuro
maghuro
J
YazFi guest networks stop working when changing DNS or using VPN
Replies
5
Views
617
jsn2233
J
Similar threads
Thread starter Title Forum Replies Date
T Pls Help: Setting up VLAN tagging on Orbi RBR50/RBS50 running Voxel firmware NETGEAR AC Routers and Adapters (Wi-Fi 5) 3
Voxel Voxel Custom firmware build for Orbi LBR20 v. 9.2.5.2.53SF-HW NETGEAR AC Routers and Adapters (Wi-Fi 5) 0
Voxel Voxel Custom firmware build for Orbi RBK50/RBK53 (RBR50, RBS50) v. 9.2.5.2.43SF-HW NETGEAR AC Routers and Adapters (Wi-Fi 5) 6
Voxel Voxel Custom firmware build for R9000/R8900 v. 1.0.4.84HF NETGEAR AC Routers and Adapters (Wi-Fi 5) 4
Voxel Voxel Custom firmware build for R7800 v. 1.0.2.118SF NETGEAR AC Routers and Adapters (Wi-Fi 5) 15
Voxel Voxel Custom firmware build for Orbi LBR20 v. 9.2.5.2.52SF-HW NETGEAR AC Routers and Adapters (Wi-Fi 5) 2
Voxel Voxel Custom firmware build for Orbi RBK50/RBK53 (RBR50, RBS50) v. 9.2.5.2.42SF-HW NETGEAR AC Routers and Adapters (Wi-Fi 5) 17
Voxel Voxel Custom firmware build for R9000/R8900 v. 1.0.4.83HF NETGEAR AC Routers and Adapters (Wi-Fi 5) 1
Voxel Voxel Custom firmware build for R7800 v. 1.0.2.117SF NETGEAR AC Routers and Adapters (Wi-Fi 5) 13
Voxel Voxel Custom firmware build for Orbi LBR20 v. 9.2.5.2.51SF-HW NETGEAR AC Routers and Adapters (Wi-Fi 5) 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 6,346 (members: 20, guests: 6,326)
Back
Top