1
1
I'm trying to use iptables to force DNS for certain devices (Shibby Tomato on Asus RT-N66U). I haven't found anything online describing such a configuration. The closest I could find was this:
# For the Samsung TV, use WAN DNS (i.e., Comcast).
# #############################################################
iptables -t nat -A PREROUTING -i br0 -s samsung-tv.home.lan -p tcp --dport 53 -j DNAT --to $(nvram get wan_get_dns | awk -F' ' '{print $1}')
iptables -t nat -A PREROUTING -i br0 -s samsung-tv.home.lan -p udp --dport 53 -j DNAT --to $(nvram get wan_get_dns | awk -F' ' '{print $1}')
# For every other client, use LAN DNS.
# #############################################################
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
This is close, but there are a couple problems.
1) I'd prefer to do it by MAC address, rather than hostname. Is that possible?
2) This only allows a single DNS server per client. Is there a way to assign a primary and secondary DNS using this (or similar) method?
@jluce50 The time delay is irrelevant to the server: it will DNAT packets coming in from the TV following the two rules above, one by one: receives one packet, DNATs it, sends it away. If the first DNS is down, it does nothing, but the TV, which is waiting for an answer which is not coming, becomes edgy and sends another packet to the other DNS. Now the server DNATs this second packet to the other DNS, sends it away, does not wait for an answer. – MariusMatutiae – 2014-09-10T19:28:10.190
Thanks! This isn't ideal, since I don't always know what the client has specified for primary/secondary DNS (kids computer, for example), but it looks like it's as close as I can get to what I want.
Edit: Sorry, I deleted my original comment before I saw your reply. I realized I had misunderstood how it would work. – jluce50 – 2014-09-10T19:48:08.697