Redirecting hard coded DNS requests to Pi Hole running on Firewalla (DHCP mode)
I setup my Firewalla to run in DHCP mode and also installed Pi Hole on the Firewalla.
For reference, the home router is 192.168.253.1 and the Firewalla is 192.168.253.2 (primary) and 192.168.254.1 (overlay).
My home router is an EdgeRouter Lite.
I noticed some devices have hard coded DNS servers (8.8.8.8) so I wanted to redirect those to the Firewalla (192.168.253.2) .
My first thought was to do this as a destination NAT rule on the EdgeRouter Lite by redirecting all destination port 53 packets to 192.168.253.2:53 while EXCLUDING source IP 192.168.253.2.
However, I noticed that, because of running in DHCP mode, the EdgeRouter actually wasn't seeing any other source IP other than the Firewalla (192.168.253.2).
My thinking is to do this, instead, with iptables on the Firewalla itself.
I wanted the experts here to double check my thinking before I screw something up.
I'm thinking to use the following on the Firewalla. Can you guys check me on this? Also, would this be persistent? If not, what is the best place on the Firewalla to put these commands to ensure it survives a reboot? If it is persistent, how would I undo it later?
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 '!' -s 192.168.253.2 -j DNAT --to 192.168.253.2:53
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 53 '!' -s 192.168.253.2 -j DNAT --to 192.168.253.2:53
-
Hi,
Iptables may be flushed by monitoring processes on Firewalla. Therefore we do not recommend to edit rules in iptables.
However, you can try setting the DNS name servers for the overlay network in Firewalla. Go to "Settings" -> "Advanced" -> "Network Settings" -> "Edit Overlay Network" and change the DNS server to 192.168.253.2.
Since Firewalla will redirect all DNS traffic to its own dnsmasq which is running on port 8853, the above settings tells the dnsmasq to use Pi-Hole as upstream DNS server.
Thanks
Please sign in to leave a comment.
Comments
2 comments