How can I do this using AsusWRT?

[dwp]

I have some client IoT thermometer devices where the firmware has the DNS server to be used set to a fixed IP address (in this case 114.114.114.114). This is used to get the IP address of a web component (in this case SMARTSERVER.EMAXTIME.CN) to which data is sent (mostly using UDP).

I want to redirect at least the UDP to a machine on my LAN so I can eliminate reliance upon a possibly disappearing web component.

What is the best way to accomplish this? It seems like I need something at the LAN router level that can intercept the DNS requests made to 114.114.114.114 and return the IP of my choice. But I have no idea whatsoever how/if I can accomplish this.

BTW - I have a GS-AX3000 router.

So thanks for any advice/tips.

 

[dwp]

For some reason I cannot post the following. So here it is as an image. Sorry...

 

[ColinTaylor]

Stock Asus firmware doesn't support user scripts (although there are some hacks) so any changes will be lost when the router reboots.

 

[dwp]

Stock Asus firmware doesn't support user scripts (although there are some hacks) so any changes will be lost when the router reboots.

Thanks! I wish Merlin supported the GS-AX3000 but it is not on the list...

However, I did perform some hacks some time ago so my router can indeed run scripts and put humpty-dumpty back together again after reboots (which I have done nightly).

I have no problem modifying the

I have no real experience working with iptables directly. So I am very unsure about google's suggested command line. With all the AI slop being slung, I never know what to believe.

So if anyone has comments on the suggested command line or an alternative, that would be a huge help.

It would seem that, if I hose things up, a simple reboot of the router should put things right (at least until I add the scripting).

Best

 

[ColinTaylor]

That iptables command should work. If you're redirecting to the router's IP address you can use this slightly shorter command:

iptables -t nat -A PREROUTING -d 114.114.114.114 -p udp --dport 53 -j REDIRECT

 

[RMerlin]

Note that DNS can also use tcp (whenever a query is too large to be resolved over udp).

 

[dwp]

That iptables command should work. If you're redirecting to the router's IP address you can use this slightly shorter command:

iptables -t nat -A PREROUTING -d 114.114.114.114 -p udp --dport 53 -j REDIRECT

Once again, I cannot seem to post responses. I get "opps we have a problem" in both Firefox and Chrome. So here is an image of my response. Sorry.

 

[dwp]

Note that DNS can also use tcp (whenever a query is too large to be resolved over udp).

Thanks. So should I also issue the same command but with some other parameters? I am really on unsolid ground here. So pardon the newbie questions.

 

[RMerlin]

Thanks. So should I also issue the same command but with some other parameters? I am really on unsolid ground here. So pardon the newbie questions.

I would add a second rule with "-p tcp" instead of "-p udp".

 

[dwp]

I would add a second rule with "-p tcp" instead of "-p udp".

Thanks! That seems easy enough. Now, if only I can get dnsmasq to read/use an addition to the hosts file... Best

 

[RMerlin]

Thanks! That seems easy enough. Now, if only I can get dnsmasq to read/use an addition to the hosts file... Best

Note that on stock firmware you still have to deal with the fact that these rules will be gone whenever the firewall gets restarted - not just on reboots.

 

[dwp]

Note that on stock firmware you still have to deal with the fact that these rules will be gone whenever the firewall gets restarted - not just on reboots.

Thanks. But what might cause that to happen? Obviously changes to firewall settings in the UI.

Right now, I am using the USB mount script to "do stuff on reboot". But I generally do NOT do stuff, I think, that changes the firewall. Again, I am a newbie dope...