Derek Quam
Derek Quam
To be clear, you mean the rules should read: ``` iptables -t nat -I zone_lan_prerouting !-s [DNS_SERVER1] -p tcp --dport 53 -j REDIRECT //etc ````
I’m running the REDIRECT version with just my lone internal DNS right now and it’s working. I’ll test adding external DNS servers with an internal DNS server and just external...
So I ran into a problem in my other tests: ``` iptables v1.4.21: ! not allowed with multiple source or destination IP addresses Try `iptables -h' or 'iptables --help' for...
Ah of course. I didn’t realize how dependent I am on my boolean ANDs and ORs. On Thu, Feb 28, 2019 at 10:20 PM Michael wrote: > No, not quite....
I need to ACCEPT all my port 53 traffic from my dns servers. And then add a rule to REDIRECT the rest of port 53 traffic. How’s that?
``` force_router_dns() { force_router_dns=$(uci get firewall.@defaults[0].force_router_dns 2> /dev/null) if [ "$force_router_dns" = "1" ] ; then dnslist=$(uci get network.lan.dns 2> /dev/null) for dns in $dnslist ; do iptables -t nat...
Ok, I’ll look at that tomorrow. Thanks for the continued feedback.