DNSMasq config?

[Pesky_UK]

I'm currently using dd-wrt with DNSMasq to change the outgoing DNS port to 5300:

iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 82.103.129.240:5300
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 46.246.29.68:5300
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 82.103.129.240:5300
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 46.246.29.68:5300

Can Merlin do the same and if so where would I put the above commands? (assume I'm an idiot)

 

[eibgrad]

Merlin uses an event driven model to handle your own changes. In this case, you'd need to add those commands to a file called nat-start in /jffs/scripts. When it comes time to initialize the NAT table, the router will call that script (if present). Just make sure it's using the Unix file format, has a shebang at the top, and is marked for execution (chmod +x).

You can paste the following into a shell and it will automatically create the file.

mkdir -p /jffs/scripts
cat << "EOF" > /jffs/scripts/nat-start
#!/bin/sh
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 82.103.129.240:5300
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 46.246.29.68:5300
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 82.103.129.240:5300
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 46.246.29.68:5300
EOF
chmod +x /jffs/scripts/nat-start

 

[Pesky_UK]

Merlin uses an event driven model to handle your own changes. In this case, you'd need to add those commands to a file called nat-start in /jffs/scripts. When it comes time to initialize the NAT table, the router will call that script (if present). Just make sure it's using the Unix file format, has a shebang at the top, and is marked for execution (chmod +x).

Script created, uploaded with WinSCP, even created a firewall-start script but it isn't working. Do the scripts require the .sh at the end of them? I've tried both ways but no joy.

This is for Getflix but it isn't recognising my DNS (my ISP uses a transparent DNS hence the iptables stuff).

Could this issue be related to DNSMasq?

 

[muffintastic]

@Pesky_UK Have you made the script executable? Also, you don't need to add .sh

chmod a+rx /jffs/scripts/*

And like any UNIX script, they need to start with a shebang:

#!/bin/sh
Also, you must save files with UNIX line endings. Note that Windows's Notepad cannot save with UNIX line endings; use Notepad++ instead. You can also directly edit them on the router through SSH, by using vi or nano, both included in the firmware; they will create files with the proper line endings.

Source: https://github.com/RMerl/asuswrt-merlin.ng/wiki/User-scripts - Right at the bottom.

 

[Pesky_UK]

Both scripts have a shebang, both scripts are chmod 755 and both created with Notepad++

 

[bbunge]

Both scripts have a shebang, both scripts are chmod 755 and both created with Notepad++

Did you enable custom scripts?

 

[Pesky_UK]

Update.

It is now working. Unlike the DD-WRT instructions for Getflix and transparent DNS hijacking with Merlin you need to use the nearest Getflix DNS server as the WAN DNS entry as well as the above script(s).