Hi
I would like to intercept DNS on my DDWRT router (192.168.2.1) and send it to PI-HOLE. Im using this IP tables firewall script :
WAN_IF=nvram get wan_iface
iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I INPUT -i tun1 -j REJECT
iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p tcp --dport 53 -j DNAT --to 192.168.2.149
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p udp --dport 53 -j DNAT --to 192.168.2.149
According this client with 192.168.2.101 should be forwarded to 192.168.2.149 - this is OK, I can see DNS queries in PI-HOLE log => OK (forwarded)
Then query should go to upstream DNS (Google, etc) - everything seems to be OK, but Im receiving DNS request timed out...?
First 8 lines are defined for my VPN connection - they can be igored - result is the same using only these two lines :
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p tcp --dport 53 -j DNAT --to 192.168.2.149
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p udp --dport 53 -j DNAT --to 192.168.2.149
As Im intercepting only one IP PC adress, it shoult not be in conflict with anything else, OR ? I have tried Listen on all interfaces , Listen on all interfaces, permit all origins, but nothing helps.
Seems like DDWRT problem ? Thanks for help !
