Find the answer to your Linux question:
Results 1 to 2 of 2
Hi, i am currently trying to make a router firewall that will be transparent and redirect all dns requests to opendns. I have decided to use a Linksys WRT54GL running ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2007
    Posts
    1

    Transparent Router/Firewall help needed!


    Hi, i am currently trying to make a router firewall that will be transparent and redirect all dns requests to opendns.

    I have decided to use a Linksys WRT54GL running openwrt's WhiteRussian firmware because its all ready a router and is running linux.

    Firstly i'll describe the ideal situation i'm trying to achieve.

    LAN --------> WRT------>Modem Router ------->Internet

    Now obviously what i could do is have my modem router's dns set to opendns and have my lan pc's dns set to the router or opendns but this leaves the problem of someone putting there own dns settings on a pc and going out through a different dns server.

    Ideally what i would like the WRT to do is act as a transparent router that would redirect all dns requests to opendns. As for transparency if anything did happen to the WRT it would be great to be able to be unplugged from the network so the lan would go straight to the Modem Router and there would have to be no need for reconfiguring anything to bring the internet back up, also installation would be a lot simpler.

    Also next step from there would be to do the same with wireless i.e

    WLAN ------->WRT------->Wireless Modem Router-------->Internet

    But one step at a time.

    Now i would presume that redirecting dns requests could be done using the firewall and i have tried this so far

    iptables -t nat -A PREROUTING -d LAN_IP -p UDP --dport 53 -j DNAT --to-destination OPENDNS_SERVER

    iptables -t nat -A PREROUTING -d LAN_IP -p TCP --dport 53 -j DNAT --to-destination OPENDNS_SERVER

    but it doesn't seem to be working.

    So if anyone thinks this is a worthwhile project and would like to give me some advice or even point me in the right direction or save me alot of wasted time and tell me if its never going to fly a reply would be greatly appreciated.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    <serious question>
    Why does it matter what DNS server is being used to resolve an address?
    </serious question>

    As for your rules they look like they should work but without more information about your rule set I cannot say 100%

    Also why 2 rules when one would do?

    iptables -t nat -A PREROUTING -d LAN_IP --dport 53 -j DNAT --to-destination OPENDNS_SERVER

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •