What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Help with selective routing - DNS queries

A

andresmorago

Senior Member
Hello to All

I have been working on selective routing on my AC66U. So far, i got to this:

Enabled PPTP client
Enabled 5GHz guest network wl1.1
Routed all PPTP traffic via wl1.1
Routed all IPS regular traffic via eth1 and eth2 (Standard 2.4 and 5 wifi)

Here is my problem:
I currently have some DNS specific parameters on /jffs/configs/dnsmasq.conf.add which i need for my regular internet on eth1 and eth2 interfaces. These parameters routes DNS queries for these 2 websites through a specific server.
This works OK but all around my router :(

Code: 
server=/ipinfo.io/54.224.xxx.yy
server=/pandora.com/54.224.xxx.yy

My question:
Now that i have selective routing for my ppp5 interface, how can i configure dnsmasq to NOT route these 2 websites through 54.224.xxx.yy ?
I would like ALL ppp5 traffic go through 8.8.8.8 server but keeping the original parameters on /jffs/configs/dnsmasq.conf.add for my standard interfaces

Here is my selective routing script which is working OK so far.
I tried to add some extra code at the end of the DHCP Server section with no luck so far

Code: 
#!/bin/sh

####### Interface Specific Settings #######
WRLSS_IF=wl1.1                   # Name of the wireless interface that will be used.
WRLSS_IF_NTWK_ADDR=10.0.1.0      # Network address that the wireless interface will be on.
WRLSS_IF_INET_ADDR=10.0.1.1      # IP address that will be assigned to the wireless interface.
WRLSS_IF_NETMASK=255.255.255.0   # Netmask of the wireless network to be added.
TUN_IF=ppp5                      # Name of tunnel interface.
########## DHCP Specific Settings ###########
DHCP_OPT1=3                      # dnsmasq option to specify router.
LS_TIME=86400s                   # Duration of the dhcp leases.
LS_START=10.0.1.10               # Start address of leases. This needs to be within the same network as above.
LS_END=10.0.1.20                 # End address of leases. This needs to be within the same network as above.
######## Hide SSID of Guest Network ########
HIDE_SSID=0                      # This option is to hide the SSID of a guest network if a guest network is used. Input 1 to hide and 0 to make it visible.


##########################################################################################################
##########################################################################################################               
########################################## DHCP Server ###################################################

ifconfig $WRLSS_IF $WRLSS_IF_INET_ADDR netmask $WRLSS_IF_NETMASK
if [ `cat /etc/dnsmasq.conf | grep -c $WRLSS_IF` == 0 ]; then
    killall dnsmasq
    sleep 2
    echo "interface=$WRLSS_IF" >> /etc/dnsmasq.conf
    echo "server=8.8.8.8" >> /etc/dnsmasq.conf
    echo "dhcp-range=$WRLSS_IF,$LS_START,$LS_END,$WRLSS_IF_NETMASK,$LS_TIME" >> /etc/dnsmasq.conf
    echo "dhcp-option=$WRLSS_IF,$DHCP_OPT1,$WRLSS_IF_INET_ADDR" >> /etc/dnsmasq.conf
    echo "interface=$TUN_IF" >> /etc/dnsmasq.conf
    echo "server=8.8.8.8" >> /etc/dnsmasq.conf
    dnsmasq --log-async
fi
sleep 2
### Check to see if tun interface is available ###
while [ ! -n "`ifconfig | grep $TUN_IF`" ]; do
    sleep 1
done
############################################ IP ROUTING ##################################################

ip route delete default via 192.168.1.1 dev ppp5
route -n add -net 192.168.1.0 netmask 255.255.255.0 ppp5

ip route show table main | grep -Ev ^default | while read ROUTE; do
ip route add table 10 $ROUTE;
done

# Uncomment this line if you are not using the route-nopull option.
#ip route del 0.0.0.0/1 table main           

# Many VPN service providers push this route to redirect internet traffic over the tunnel.                                         
ip route add default dev $TUN_IF table 10   
ip rule add dev $WRLSS_IF table 10
ip route flush cache
####################################### ETHERNET BRIDGE TABLES RULES #####################################

EBT_BRULE1="-p ipv4 -i $WRLSS_IF -j DROP"
EBT_BRULE2="-p arp -i $WRLSS_IF -j DROP"
if [ -n "$EBT_BRULE1" ] && [ `ebtables -t broute -L | grep -ice "$EBT_BRULE1"` != 1 ]; then
    ebtables -t broute -I BROUTING $EBT_BRULE1
fi
if [ -n "$EBT_BRULE2" ] && [ `ebtables -t broute -L | grep -ice "$EBT_BRULE2"` != 1 ]; then
    ebtables -t broute -I BROUTING $EBT_BRULE2
fi
############################################ IP TABLES RULES #############################################

if [ `iptables -L -v | grep -c $WRLSS_IF` == 0 ]; then
    iptables -I INPUT -i $WRLSS_IF -m state --state NEW -j ACCEPT
    iptables -I FORWARD -i $WRLSS_IF -o $TUN_IF -j ACCEPT
fi
if [ `iptables -t nat -L -v | grep -c $TUN_IF` == 0 ]; then
    iptables -t nat -I POSTROUTING -s $WRLSS_IF_NTWK_ADDR/24 -o $TUN_IF -j MASQUERADE  # Change /24 to the subnet that you will be using.
fi
############################################### HIDE SSID ################################################

if [ `nvram get "$WRLSS_IF"_closed` != 1 ] && [ $HIDE_SSID == 1 ]; then
    nvram set "$WRLSS_IF"_closed=1
    nvram commit
fi
if [ `nvram get "$WRLSS_IF"_closed` != 0 ] && [ $HIDE_SSID == 0 ]; then
    nvram set "$WRLSS_IF"_closed=0
    nvram commit
fi
 
andresmorago said:
bump
Anyone please?
Click to expand...


Does this work?

Code: 
iptables -t nat -N DNSPPP5

iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j DNSPPP5
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j DNSPPP5

iptables -t nat -A DNSPPP5 -s 10.0.1.0/24 -j DNAT --to-destination 8.8.8.8
 
Hello
I tried the recommended commands but didnt get any results.

I have tried to see what iptables show after adding that chain but i cant see it anywhere.

Code: 
admin@RT-AC66U-FF48:/tmp/home/root# iptables --list

ChainINPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state NEW
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state NEW
ACCEPT     all  --  anywhere             anywhere            state NEW
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootps dpt:bootpc
ACCEPT     tcp  --  anywhere             router.asus.com     tcp dpt:www
ACCEPT     tcp  --  anywhere             router.asus.com     tcp dpt:8443
SSHBFP     tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1723
ACCEPT     gre  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ipttolan   all  --  anywhere             anywhere
iptfromlan  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere
DROP       icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            ctstate DNAT
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain FUPNP (0 references)
target     prot opt source               destination

Chain PControls (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain SSHBFP (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere            recent: SET name: SSH side: source
DROP       all  --  anywhere             anywhere            recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source
ACCEPT     all  --  anywhere             anywhere

Chain iptfromlan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            account: network/netmask: 10.0.0.0/255.255.255.0 name: lan

Chain ipttolan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            account: network/netmask: 10.0.0.0/255.255.255.0 name: lan

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP       all  --  anywhere             anywhere

whats weird is that when i try to add DNSPP5 chain, it tells me that it already exists

Code: 
admin@RT-AC66U-FF48:/tmp/home/root# iptables -t nat -N DNSPPP5
iptables: Chain already exists

admin@RT-AC66U-FF48:/tmp/home/root# iptables -L DNSPPP5
iptables: No chain/target/match by that name
 
ok...got you!
Code: 
admin@RT-AC66U-FF48:/tmp/home/root#  iptables -t nat -L DNSPPP5
Chain DNSPPP5 (2 references)
target     prot opt source               destination
DNAT       all  --  10.0.1.0/24          anywhere            to:8.8.8.8
admin@RT-AC66U-FF48:/tmp/home/root#

still, not getting the DNS routing on my ppp5 interface :(
 
andresmorago said:
ok...got you!
Code: 
admin@RT-AC66U-FF48:/tmp/home/root#  iptables -t nat -L DNSPPP5
Chain DNSPPP5 (2 references)
target     prot opt source               destination
DNAT       all  --  10.0.1.0/24          anywhere            to:8.8.8.8
admin@RT-AC66U-FF48:/tmp/home/root#

still, not getting the DNS routing on my ppp5 interface :(
Click to expand...

You need to list the rule statistics...

Code: 
iptables -nvL --line -t nat
 
here
Code: 
admin@RT-AC66U-FF48:/tmp/home/root# iptables -nvL --line -t nat
Chain PREROUTING (policy ACCEPT 2228 packets, 310K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1       20 17142 VSERVER    all  --  *      *       0.0.0.0/0            192.168.1.51
2      304 50166 VSERVER    all  --  *      *       0.0.0.0/0            186.145.13.79
3      333 22962 DNSPPP5    udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53
4        0     0 DNSPPP5    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53

Chain POSTROUTING (policy ACCEPT 330 packets, 27587 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      110  7421 MASQUERADE  all  --  *      ppp5   !192.168.1.51         0.0.0.0/0
2      558 40588 MASQUERADE  all  --  *      eth0   !186.145.13.79        0.0.0.0/0
3      152 21428 MASQUERADE  all  --  *      br0     10.0.0.0/24          10.0.0.0/24

Chain OUTPUT (policy ACCEPT 482 packets, 49015 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain DNSFILTER (0 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain DNSPPP5 (2 references)
num   pkts bytes target     prot opt in     out     source               destination
1       40  2575 DNAT       all  --  *      *       10.0.1.0/24          0.0.0.0/0           to:8.8.8.8

Chain LOCALSRV (0 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain VSERVER (2 references)
num   pkts bytes target     prot opt in     out     source               destination
1        2   100 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 to:10.0.0.1:80
2        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8443 to:10.0.0.1:8443
3        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:10.0.0.29:80
4      322 67208 VUPNP      all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain VUPNP (1 references)
num   pkts bytes target     prot opt in     out     source               destination
admin@RT-AC66U-FF48:/tmp/home/root#

after adding the initial iptables, websites dont load anymore. iptables were added to the nat-start script on /jffs/scripts
Code: 
#!/bin/sh

me=`basename "$0"`

sleep 20
logger -t $me Adding iptables for PPP5
iptables -t nat -N DNSPPP5
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j DNSPPP5
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j DNSPPP5
iptables -t nat -A DNSPPP5 -s 10.0.1.0/24 -j DNAT --to-destination 8.8.8.8
logger -t $me iptables for PPP5 added
 
andresmorago said:
here
Code: 
admin@RT-AC66U-FF48:/tmp/home/root# iptables -nvL --line -t nat

Chain PREROUTING (policy ACCEPT 2228 packets, 310K bytes)
num   pkts bytes target     prot opt in     out     source               destination

3      333 22962 DNSPPP5    udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53
4        0     0 DNSPPP5    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53

Chain DNSPPP5 (2 references)
num   pkts bytes target     prot opt in     out     source               destination
1       40  2575 DNAT       all  --  *      *       10.0.1.0/24          0.0.0.0/0           to:8.8.8.8
Click to expand...


Hmm...clearly the rules you added are firing on something....

I haven't used PPTP Client for a while, but I have configured a Guest VPN (wl0.2) routed via VPN Client 1 using the following bridge (br1) definition in dnsmasq.config.add

Code: 
# Test nslookup redirection..force via VPN Client 1 ISP DNS.....
server=/google.com.hk/10.200.193.1

# Bridge br1 uses DHCP pool 10.88.1.2 - 10.88.1.20 and OpenDNS
interface=br1
dhcp-range=br1,10.88.1.2,10.88.1.20,255.255.255.0,14400s
dhcp-option=br1,3,10.88.1.1
dhcp-option=br1,6,208.67.220.220,208.67.220.222
dhcp-option=br1,252,"\n"

Code: 
admin@RT-AC68U:/jffs/scripts# brctl show

bridge name bridge id                 STP enabled interfaces
br0         8000.xxxxxxxe4a0          yes  vlan1
                                           eth1
                                           eth2
                                           wl1.3
br1         8000.xxxxxxxxe4a2         no   wl0.2


Using tcpdump to monitor a sample Guest VPN DNS request (nslookup), the laptop (10.88.1.16) connected to Guest 2.4GHz wl0.2 correctly uses the OpenDNS server 208.67.22.220 to resolve www.google.com.hk


Code: 
admin@RT-AC68U:/jffs/scripts# tcpdump -n -i br1 port 53

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br1, link-type EN10MB (Ethernet), capture size 65535 bytes
17:19:37.702451 IP 10.88.1.16.65366 > 208.67.220.220.53: 1+ PTR? 220.220.67.208.in-addr.arpa. (45)
17:19:37.779912 IP 208.67.220.220.53 > 10.88.1.16.65366: 1 1/0/0 PTR resolver2.opendns.com. (80)
17:19:37.786903 IP 10.88.1.16.65367 > 208.67.220.220.53: 2+ A? www.google.com.hk.Martineau.lan. (49)
17:19:38.022996 IP 208.67.220.220.53 > 10.88.1.16.65367: 2 NXDomain 0/1/0 (124)
17:19:38.025431 IP 10.88.1.16.65368 > 208.67.220.220.53: 3+ AAAA? www.google.com.hk.Martineau.lan. (49)
17:19:38.102326 IP 208.67.220.220.53 > 10.88.1.16.65368: 3 NXDomain 0/1/0 (124)
17:19:38.104457 IP 10.88.1.16.65369 > 208.67.220.220.53: 4+ A? www.google.com.hk. (35)
17:19:38.211357 IP 208.67.220.220.53 > 10.88.1.16.65369: 4 1/0/0 A 216.58.219.195 (51)
17:19:38.224026 IP 10.88.1.16.65370 > 208.67.220.220.53: 5+ AAAA? www.google.com.hk. (35)
17:19:38.495342 IP 208.67.220.220.53 > 10.88.1.16.65370: 5 1/0/0 AAAA 2607:f8b0:400d:c0b::5e (63)
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel


Another laptop (10.88.8.114) on the standard 5GHz Wifi performs the same DNS request (nslookup) and this time the DNS is resolved via the forced 'server=/google.com.hk/10.200.193.1' statement in dnsmasq and as few seconds later a normal internal DNS lookup is resolved by the WAN DNS

see the dnsmasq log....

Code: 
17:20:07 dnsmasq[29170]: query[A] www.google.com.hk.Martineau.lan from 10.88.8.114
17:20:07 dnsmasq[29170]: config www.google.com.hk.Martineau.lan is NXDOMAIN
17:20:07 dnsmasq[29170]: query[AAAA] www.google.com.hk.Martineau.lan from 10.88.8.114
17:20:07 dnsmasq[29170]: config www.google.com.hk.Martineau.lan is NXDOMAIN
17:20:07 dnsmasq[29170]: query[A] www.google.com.hk from 10.88.8.114
17:20:07 dnsmasq[29170]: forwarded www.google.com.hk to 10.200.193.1
17:20:07 dnsmasq[29170]: ipset add VPN2Domains 74.125.203.94 www.google.com.hk
17:20:07 dnsmasq[29170]: reply www.google.com.hk is 74.125.203.94
17:20:07 dnsmasq[29170]: query[AAAA] www.google.com.hk from 10.88.8.114
17:20:07 dnsmasq[29170]: forwarded www.google.com.hk to 10.200.193.1
17:20:07 dnsmasq[29170]: ipset add VPN2Domains 2404:6800:4008:c03::5e www.google.com.hk
17:20:07 dnsmasq[29170]: reply www.google.com.hk is 2404:6800:4008:c03::5e

17:20:19 dnsmasq[29170]: query[AAAA] ws12.gti.mcafee.com from 10.88.8.114
17:20:19 dnsmasq[29170]: forwarded ws12.gti.mcafee.com to 62.24.134.1
17:20:19 dnsmasq[29170]: query[A] ws12.gti.mcafee.com from 10.88.8.114
17:20:19 dnsmasq[29170]: forwarded ws12.gti.mcafee.com to 62.24.134.1
17:20:19 dnsmasq[29170]: reply ws12.gti.mcafee.com is <CNAME>
17:20:19 dnsmasq[29170]: reply ws12.gti.mcafee.com is <CNAME>
17:20:19 dnsmasq[29170]: reply ws12.gti.mcafee.akadns.net is 161.69.165.56


Whilst not as flexible as using DNS redirection via iptables based on individual IPs, 'hard coding' the DNS used by the interface (e.g. br1) does override the 'server=' directive.

2016-11-29_18-13-12.png


Did you define your ppp5 interface with the Google 8.8.8.8 DNS correctly in dnsmasq.conf.add ?
 
Last edited:
hello
sorry for not getting back before. i was out of town.

here is what i have do so far. still having issues when specific pre-configured sites on my dnsmasq.conf.add

Enabled PPTP client and connected to server. PPP5 interface is now enabled
Enabled 5GHz guest network wl1.1

Routed all PPTP traffic via wl1.1 with this script under /jffs/scripts/us_vpn
This script should:
*modify ppp5 so it stops being a default route
*create ip segment for devices connected to wl1.1
*route all traffic from wl1.1 to ppp5
*force all dns traffic from ppp5 to go via 8.8.8.8 dns

Code: 
#!/bin/sh

####### Interface Specific Settings #######
WRLSS_IF=wl1.1                   # Name of the wireless interface that will be used.
WRLSS_IF_NTWK_ADDR=10.0.1.0      # Network address that the wireless interface will be on.
WRLSS_IF_INET_ADDR=10.0.1.1      # IP address that will be assigned to the wireless interface.
WRLSS_IF_NETMASK=255.255.255.0   # Netmask of the wireless network to be added.
TUN_IF=ppp5                      # Name of tunnel interface.
########## DHCP Specific Settings ###########
DHCP_OPT1=3                      # dnsmasq option to specify router.
LS_TIME=86400s                   # Duration of the dhcp leases.
LS_START=10.0.1.10               # Start address of leases. This needs to be within the same network as above.
LS_END=10.0.1.20                 # End address of leases. This needs to be within the same network as above.
######## Hide SSID of Guest Network ########

me=`basename "$0"`

##########################################################################################################
##########################################################################################################               

sleep 20
logger -t $me "Initializing PPTP selective routing"

########################################## DHCP Server ###################################################

ifconfig $WRLSS_IF $WRLSS_IF_INET_ADDR netmask $WRLSS_IF_NETMASK
if [ `cat /etc/dnsmasq.conf | grep -c $WRLSS_IF` == 0 ]; then
   killall dnsmasq
   sleep 5
   echo "interface=$WRLSS_IF" >> /etc/dnsmasq.conf
   echo "server=8.8.8.8" >> /etc/dnsmasq.conf
   echo "dhcp-range=$WRLSS_IF,$LS_START,$LS_END,$WRLSS_IF_NETMASK,$LS_TIME" >> /etc/dnsmasq.conf
   echo "dhcp-option=$WRLSS_IF,$DHCP_OPT1,$WRLSS_IF_INET_ADDR" >> /etc/dnsmasq.conf
        echo "interface=$TUN_IF" >> /etc/dnsmasq.conf
        echo "server=8.8.8.8" >> /etc/dnsmasq.conf
   dnsmasq --log-async
fi
logger -t $me "dnsmasq has been re-configured"
sleep 2
### Check to see if tun interface is available ###
while [ ! -n "`ifconfig | grep $TUN_IF`" ]; do
   sleep 1
done
############################################ IP ROUTING ##################################################

ip route delete default via 192.168.1.1 dev $TUN_IF
route -n add -net 192.168.1.0 netmask 255.255.255.0 $TUN_IF

ip route show table main | grep -Ev ^default | while read ROUTE; do
ip route add table 10 $ROUTE;
done

# Uncomment this line if you are not using the route-nopull option.
#ip route del 0.0.0.0/1 table main           

# Many VPN service providers push this route to redirect internet traffic over the tunnel.                                         
ip route add default dev $TUN_IF table 10   
ip rule add dev $WRLSS_IF table 10
ip route flush cache
####################################### ETHERNET BRIDGE TABLES RULES #####################################

EBT_BRULE1="-p ipv4 -i $WRLSS_IF -j DROP"
EBT_BRULE2="-p arp -i $WRLSS_IF -j DROP"
if [ -n "$EBT_BRULE1" ] && [ `ebtables -t broute -L | grep -ice "$EBT_BRULE1"` != 1 ]; then
   ebtables -t broute -I BROUTING $EBT_BRULE1
fi
if [ -n "$EBT_BRULE2" ] && [ `ebtables -t broute -L | grep -ice "$EBT_BRULE2"` != 1 ]; then
   ebtables -t broute -I BROUTING $EBT_BRULE2
fi
############################################ IP TABLES RULES #############################################

if [ `iptables -L -v | grep -c $WRLSS_IF` == 0 ]; then
   iptables -I INPUT -i $WRLSS_IF -m state --state NEW -j ACCEPT
   iptables -I FORWARD -i $WRLSS_IF -o $TUN_IF -j ACCEPT
fi
if [ `iptables -t nat -L -v | grep -c $TUN_IF` == 0 ]; then
   iptables -t nat -I POSTROUTING -s $WRLSS_IF_NTWK_ADDR/24 -o $TUN_IF -j MASQUERADE  # Change /24 to the subnet that you will be using.
fi
################################################ DNS ROUTING ##########################################################

logger -t $me Adding iptables for PPP5
iptables -t nat -N DNSPPP5
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j DNSPPP5
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j DNSPPP5
iptables -t nat -A DNSPPP5 -s 10.0.1.0/24 -j DNAT --to-destination 8.8.8.8
logger -t $me "iptables for PPP5 added"
######################################################################################################################
logger -t $me "PPTP selective routing  Done"

then run everything at start with /jffs/scripts/services-start
Code: 
#!/bin/sh

me=`basename "$0"`

/opt/etc/init.d/rc.unslung start

sleep 30
/jffs/scripts/us_vpn
logger -t $me "Loading us_vpn script"

my issues start when i enable this additional configuration file. im using this conf to route specific websites DNS queries to go to a specfic DNS server. I want this to happen ONLY with my regular ISP on standard interfaces and not PPP5

/jffs/configs/dnsmasq.conf.add
Code: 
strict-order
server=208.67.220.220
server=208.67.222.222

server=/ipinfo.io/54.224.xxx.yy
server=/pandora.com/54.224.xxx.yy

i will appreciate your help
 
andresmorago said:
Anyone please :(
Click to expand...

RTFM? :oops:

What do you expect should happen when you add this dnsmasq directive:

Code: 
 echo "server=8.8.8.8" >> /etc/dnsmasq.conf

So as shown in my dnsmasq example, you should add the appropriate 'Type 6' aka DNS record for the interface:

e.g.

Code: 
echo "dhcp-option=$WRLSS_IF,6,8.8.8.8,8.8.4.4" >> /etc/dnsmasq.conf
 
You must log in or register to reply here.

Similar threads

GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
524
GShlomi
GShlomi
T
Troubles with VPN Client + DDNS Setup on GT-BE98
Replies
5
Views
528
Tuntenfisch
T
Skywalker1726
Padavan FW , Routing Specific devices through PPTP
Replies
12
Views
7K
Skywalker1726
Skywalker1726
bengalih
Restricted Guest Networks with DHCP - one IP range?
Replies
2
Views
2K
bengalih
bengalih
N
SSID for VPN
Replies
5
Views
4K
Carlo
C
Similar threads
Thread starter Title Forum Replies Date
R Open VPN per client configuration router help Asuswrt-Merlin 10
M Frimware Broke Router - 2.4ghz now showing channels 1 - 14; both wifi 5 showing 36 - 165. Help! Asuswrt-Merlin 21
CaptnDanLKW Router to Router Routing help Asuswrt-Merlin 11
el_pedr0 Please help me diagnose knotty routing problem Asuswrt-Merlin 4
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
staralfur12 Need help with Namecheap -> Router -> Caddy Asuswrt-Merlin 10
P Asus aimesh node disconnects frequently, corresponding log entries recorded. Need help understanding the log. Asuswrt-Merlin 5
V Asus RT-AX3000 Help Asuswrt-Merlin 5
StrikerXXX Need help configuring NextDNS Asuswrt-Merlin 21
L ASUS RT-AX5400 Help Asuswrt-Merlin 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 667 (members: 16, guests: 651)
Back
Top