I followed this topic guide
pihole="192.168.1.2"
iptables -t nat -A PREROUTING -p tcp -i "br0" -m iprange ! --src-range "192.168.1.1"-"192.168.1.2" ! --dst-range "192.168.1.1"-"192.168.1.2" --dport 53 -j DNAT --to-destination "${pihole}"
iptables -t nat -A POSTROUTING -j MASQUERADE
clients can manually change DNS and not bypass pihole, all DNS should be redirected to pihole.
any client DNS change bypasses pihole DNS completely.
9hss4rjsnw
Make a firewall rule and force trafic to port 53 -> pi-hole
On an ASUS router you should be able to do this via the DNS Filtering tab option. Enable this option and set Global Filter mode to "Router".
Thanks for the suggestions I found the solution for anyone who finds this.
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.1.2:53
iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.1.2:53
iptables -t nat -I PREROUTING -i br0 -p tcp -s 192.168.1.2 --dport 53 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -p udp -s 192.168.1.2 --dport 53 -j ACCEPT
I ran these commands directly on the Asus RT-AC68R router via SSH using putty. This will force any DNS client change to use pihole. it will take a few minutes for it take effect. also credit for the commands go to Lethal
system
February 22, 2019, 10:12am
7
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.