Whitelist a client using iptables

#1

Hello, I am trying to whitelist a client on a Pi-hole on my local network. Here’s what I have so far:
iptables -t nat -A PREROUTING -s 192.168.1.245 -p udp --dport 53 -j DNAT --to 1.1.1.1
iptables -t nat -A PREROUTING -s 192.168.1.245 -p tcp --dport 53 -j DNAT --to 1.1.1.1

Now when I use the dig command, it says ;; reply from unexpected source: 1.1.1.1#53, expected 192.168.1.4#53 I assume there is something I have to add into the POSTROUTING table? Please let me know. I know that this is possible. This my only solution at this point.

May I also mention, the following are in the router’s IPTABLES:

iptables -t nat -A PREROUTING -i br0 -p udp -s 192.168.1.4 --dport 53 -j ACCEPT 
iptables -t nat -A PREROUTING -i br0 -p tcp -s 192.168.1.4 --dport 53 -j ACCEPT 
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr) 
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

As you can see, all requests are going to Pi-hole and Pi-hole’s IP address is also being pushed out via DHCP option 6.

I DO NOT want to have to log into the router to do anything for the clients involved, I would rather have a script to do this in Pi-hole, etc. to make it easier and reduce external dependencies.

0 Likes

#2

If your Pi-Hole is providing DHCP service, this is more easily done with a dnsmasq configuration:

0 Likes

#3

Unfortunately it is not. What else can I do, preferably with iptables.

0 Likes

#4

This is not a Pi-hole feature, and we do not test rerouting clients via IPTables.

0 Likes

#5

Yes, I see that, that’s why I posted. Is there any way to move the topic of this?

0 Likes

#6

It looks like the topic has been moved to General -> Off topic.

0 Likes