Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Sep 2007
Transparent Router/Firewall help needed!
I have decided to use a Linksys WRT54GL running openwrt's WhiteRussian firmware because its all ready a router and is running linux.
Firstly i'll describe the ideal situation i'm trying to achieve.
LAN --------> WRT------>Modem Router ------->Internet
Now obviously what i could do is have my modem router's dns set to opendns and have my lan pc's dns set to the router or opendns but this leaves the problem of someone putting there own dns settings on a pc and going out through a different dns server.
Ideally what i would like the WRT to do is act as a transparent router that would redirect all dns requests to opendns. As for transparency if anything did happen to the WRT it would be great to be able to be unplugged from the network so the lan would go straight to the Modem Router and there would have to be no need for reconfiguring anything to bring the internet back up, also installation would be a lot simpler.
Also next step from there would be to do the same with wireless i.e
WLAN ------->WRT------->Wireless Modem Router-------->Internet
But one step at a time.
Now i would presume that redirecting dns requests could be done using the firewall and i have tried this so far
iptables -t nat -A PREROUTING -d LAN_IP -p UDP --dport 53 -j DNAT --to-destination OPENDNS_SERVER
iptables -t nat -A PREROUTING -d LAN_IP -p TCP --dport 53 -j DNAT --to-destination OPENDNS_SERVER
but it doesn't seem to be working.
So if anyone thinks this is a worthwhile project and would like to give me some advice or even point me in the right direction or save me alot of wasted time and tell me if its never going to fly a reply would be greatly appreciated.
Why does it matter what DNS server is being used to resolve an address?
As for your rules they look like they should work but without more information about your rule set I cannot say 100%
Also why 2 rules when one would do?
iptables -t nat -A PREROUTING -d LAN_IP --dport 53 -j DNAT --to-destination OPENDNS_SERVER
The adventure of a life time.
Linux User #296285