I setup my Firewalla to run in DHCP mode and also installed Pi Hole on the Firewalla.
For reference, the home router is 192.168.253.1 and the Firewalla is 192.168.253.2 (primary) and 192.168.254.1 (overlay).
My home router is an EdgeRouter Lite.
I noticed some devices have hard coded DNS servers (126.96.36.199) so I wanted to redirect those to the Firewalla (192.168.253.2) .
My first thought was to do this as a destination NAT rule on the EdgeRouter Lite by redirecting all destination port 53 packets to 192.168.253.2:53 while EXCLUDING source IP 192.168.253.2.
However, I noticed that, because of running in DHCP mode, the EdgeRouter actually wasn't seeing any other source IP other than the Firewalla (192.168.253.2).
My thinking is to do this, instead, with iptables on the Firewalla itself.
I wanted the experts here to double check my thinking before I screw something up.
I'm thinking to use the following on the Firewalla. Can you guys check me on this? Also, would this be persistent? If not, what is the best place on the Firewalla to put these commands to ensure it survives a reboot? If it is persistent, how would I undo it later?
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 '!' -s 192.168.253.2 -j DNAT --to 192.168.253.2:53 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 53 '!' -s 192.168.253.2 -j DNAT --to 192.168.253.2:53
Please sign in to leave a comment.