Whitelist a client using iptables


Hello, I am trying to whitelist a client on a Pi-hole on my local network. Here’s what I have so far:
iptables -t nat -A PREROUTING -s -p udp --dport 53 -j DNAT --to
iptables -t nat -A PREROUTING -s -p tcp --dport 53 -j DNAT --to

Now when I use the dig command, it says ;; reply from unexpected source:, expected I assume there is something I have to add into the POSTROUTING table? Please let me know. I know that this is possible. This my only solution at this point.

May I also mention, the following are in the router’s IPTABLES:

iptables -t nat -A PREROUTING -i br0 -p udp -s --dport 53 -j ACCEPT 
iptables -t nat -A PREROUTING -i br0 -p tcp -s --dport 53 -j ACCEPT 
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr) 
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

As you can see, all requests are going to Pi-hole and Pi-hole’s IP address is also being pushed out via DHCP option 6.

I DO NOT want to have to log into the router to do anything for the clients involved, I would rather have a script to do this in Pi-hole, etc. to make it easier and reduce external dependencies.



If your Pi-Hole is providing DHCP service, this is more easily done with a dnsmasq configuration:



Unfortunately it is not. What else can I do, preferably with iptables.



This is not a Pi-hole feature, and we do not test rerouting clients via IPTables.



Yes, I see that, that’s why I posted. Is there any way to move the topic of this?



It looks like the topic has been moved to General -> Off topic.