Whitelist a client using iptables

jaykepeters · April 6, 2019, 10:11pm

Hello, I am trying to whitelist a client on a Pi-hole on my local network. Here's what I have so far:
iptables -t nat -A PREROUTING -s 192.168.1.245 -p udp --dport 53 -j DNAT --to 1.1.1.1
iptables -t nat -A PREROUTING -s 192.168.1.245 -p tcp --dport 53 -j DNAT --to 1.1.1.1

Now when I use the dig command, it says ;; reply from unexpected source: 1.1.1.1#53, expected 192.168.1.4#53 I assume there is something I have to add into the POSTROUTING table? Please let me know. I know that this is possible. This my only solution at this point.

May I also mention, the following are in the router's IPTABLES:

iptables -t nat -A PREROUTING -i br0 -p udp -s 192.168.1.4 --dport 53 -j ACCEPT 
iptables -t nat -A PREROUTING -i br0 -p tcp -s 192.168.1.4 --dport 53 -j ACCEPT 
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr) 
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

As you can see, all requests are going to Pi-hole and Pi-hole's IP address is also being pushed out via DHCP option 6.

I DO NOT want to have to log into the router to do anything for the clients involved, I would rather have a script to do this in Pi-hole, etc. to make it easier and reduce external dependencies.

jfb · April 6, 2019, 10:26pm

If your Pi-Hole is providing DHCP service, this is more easily done with a dnsmasq configuration:

jaykepeters · April 6, 2019, 11:26pm

Unfortunately it is not. What else can I do, preferably with iptables.

Mcat12 · April 6, 2019, 11:32pm

This is not a Pi-hole feature, and we do not test rerouting clients via IPTables.

jaykepeters · April 7, 2019, 12:54am

Yes, I see that, that's why I posted. Is there any way to move the topic of this?

Mcat12 · April 7, 2019, 9:09pm

It looks like the topic has been moved to General -> Off topic.

system · April 28, 2019, 9:09pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.