Hello, I am trying to whitelist a client on a Pi-hole on my local network. Here's what I have so far:
iptables -t nat -A PREROUTING -s 192.168.1.245 -p udp --dport 53 -j DNAT --to 1.1.1.1
iptables -t nat -A PREROUTING -s 192.168.1.245 -p tcp --dport 53 -j DNAT --to 1.1.1.1
Now when I use the dig command, it says ;; reply from unexpected source: 1.1.1.1#53, expected 192.168.1.4#53
I assume there is something I have to add into the POSTROUTING
table? Please let me know. I know that this is possible. This my only solution at this point.
May I also mention, the following are in the router's IPTABLES:
iptables -t nat -A PREROUTING -i br0 -p udp -s 192.168.1.4 --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp -s 192.168.1.4 --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
As you can see, all requests are going to Pi-hole and Pi-hole's IP address is also being pushed out via DHCP option 6.
I DO NOT want to have to log into the router to do anything for the clients involved, I would rather have a script to do this in Pi-hole, etc. to make it easier and reduce external dependencies.