iptables - redirect DNS queries

networking dns iptables
17,111

Allright, after a few tries I have finally achieved the goal. The key to the success were two rules below:

-A PREROUTING ! -s 10.42.0.1/32 ! -d 10.42.0.1/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 10.42.0.1:53
-A PREROUTING ! -s 10.42.0.1/32 ! -d 10.42.0.1/32 -p udp -m udp --dport 53 -j DNAT --to-destination 10.42.0.1:53

I hope that this will help someone

Share:
17,111

Related videos on Youtube

vonHerman
Author by

vonHerman

Updated on September 18, 2022

Comments

  • vonHerman
    vonHerman over 1 year

    I already have the following iptables rules applied in order to masq all of the wlan1 traffic through wlan0.

    *filter
:INPUT ACCEPT [48:6144]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [47:6078]
-A INPUT -i wlan1 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i wlan1 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i wlan1 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i wlan1 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -d 10.42.0.0/24 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.42.0.0/24 -i wlan1 -j ACCEPT
-A FORWARD -i wlan1 -o wlan1 -j ACCEPT
-A FORWARD -o wlan1 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i wlan1 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Tue Mar  3 00:54:14 2015
# Generated by iptables-save v1.4.21 on Tue Mar  3 00:54:14 2015
*nat
:PREROUTING ACCEPT [1:66]
:INPUT ACCEPT [1:66]
:OUTPUT ACCEPT [10:651]
:POSTROUTING ACCEPT [10:651]
-A POSTROUTING -s 10.42.0.0/24 ! -d 10.42.0.0/24 -j MASQUERADE
COMMIT

    What i'm trying to achieve is redirecting all of the DNS queries form input interface wlan1 to some specific ip.

    I already tired:

    iptables -t nat -A PREROUTING -i wlan1 -p udp --dport 53 -j DNAT --to MYDNSIP:53

    and

    iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination MYDNSIP:53

    But it doesn't seem to work. I would appreciate any help

    -- Cheers

  • heemayl
    heemayl about 9 years
    The thing is in your question you were only filtering udp packets for DNS but DNS uses both tcp and udp and your answer satisfies that..please select it as the correct answer so that this issue can be marked as solved..

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why is my computer trying to send ICMP type 3 to OpenDNS?
Using iptables to redirect traffic to a dynamic DNS name instead of an IP address?
Restrict Docker exposed port from only specific IP adresses
How to redirect custom urls to some local IPs with pfSense
Docker DNS settings
What does 'No such name' mean in DNS?
How to make all outgoing RST drop
Allow ssh incoming/outgoing and blocking all outgoing besides specific ports
Get default gateway in java
How can I allow ssh connection from an IP subnet on port 10022 using iptables?