#!/bin/sh
DNS_SERVER_IP='192.168.1.100'
iptables -t nat -I PREROUTING -p tcp --dport 53 ! -d $DNS_SERVER_IP -j DNAT --to $DNS_SERVER_IP
iptables -t nat -I PREROUTING -p udp --dport 53 ! -d $DNS_SERVER_IP -j DNAT --to $DNS_SERVER_IP
Does this preserve the source IP of the client when it’s hits the local server?
iptables -t nat -I POSTROUTING -d $DNS_SERVER_IP -j SNAT --to <router-lan-ip>
root@Orbi:~# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 17498 packets, 952K bytes)
pkts bytes target prot opt in out source destination
77 4863 DNAT udp -- * * 0.0.0.0/0 !10.0.0.10 udp dpt:53 to:10.0.0.10
0 0 DNAT tcp -- * * 0.0.0.0/0 !10.0.0.10 tcp dpt:53 to:10.0.0.10
0 0 REDIRECT udp -- br0 * 0.0.0.0/0 !10.0.0.1 udp dpt:53UNKNOWN match `dnshijack' redir ports 53
0 0 DROP tcp -- * * 0.0.0.0/0 10.0.0.1 tcp dpt:21
0 0 lan_dnat all -- br0 * 0.0.0.0/0 172.22.227.55
19116 1001K net_dnat all -- brwan * 0.0.0.0/0 0.0.0.0/0
2081 297K igmp_nat udp -- brwan * 0.0.0.0/0 224.0.0.0/4
❯ dig @1.2.3.4 google.com
;; reply from unexpected source: 10.0.0.10#53, expected 1.2.3.4#53
;; reply from unexpected source: 10.0.0.10#53, expected 1.2.3.4#53
;; reply from unexpected source: 10.0.0.10#53, expected 1.2.3.4#53
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!