What's new

Help with DNS FILTERING

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

yelo3

Regular Contributor
Hello, I'm using the AI PROTECTION DNS FILTERING option, to use Open DNS Family.
By default this rule is created:
Code:
Chain DNSFILTER (2 references)
DNAT       all  --  anywhere             anywhere             to:208.67.222.123

Unfortunately my ISP also does DNS FILTERING, so I need to change the traffic from port 53 to port 5353 to skip its filtering (I've tried and it works).

I'd like to insert/append an iptables rule somewhere, that forces to use the port 5353 if 208.67.222.123 is used (without touching that line in the DNSFILTER chain).
I've tried this but it doesn't work
Code:
iptables -t nat -A OUTPUT -p udp -d 208.67.222.123 --dport 53 -j DNAT --to-destination :5353
Any help?

thanks
 
iptables -t nat -A PREROUTING -i br0 -p udp --dport 5353 -j DNAT --to 208.67.222.123 should do the trick I guess
 
Unfortunately it doesn't work.

Maybe PREROUTING is executed before DNSFILTER?

The steps should be:
- client asks for dns resolution on 192.168.2.1 port 53
- server uses dnsfilter to force the address to 208.67.222.123
- a rule should change port 53 to port 5353
 
what about the chain POSTROUTING? this should be the last chain in the flow. did you try that?
 
Use `iptables -nvL --line-number | grep 208.67.222.123 | | awk {'print $1'}` to find and delete 208.67.222.123 chian in DNSFILTER, then append a new chian, just replace 208.67.222.123 to 208.67.222.123:5353
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top