Using RT-N66U as Local DNS server

[noric]

I'd like to create a dns entry for transmission and the mediaserver, so that you don't need to remember the ip address with the port number. I can successfully redirect dns queries as shown in this thread, but it doesn't seem to work if I specify the port number. For example for Transmission I would need to specify:

192.168.1.1:9091

but then the redirect doesn't work.

Any workaround? I can't come up with a solution.

 

[noric]

I'd like to create a dns entry for transmission and the mediaserver, so that you don't need to remember the ip address with the port number. I can successfully redirect dns queries as shown in this thread, but it doesn't seem to work if I specify the port number. For example for Transmission I would need to specify:

192.168.1.1:9091

but then the redirect doesn't work.

I've now created dnsmasq.conf.add in /jffs/configs/ and I have input the following line:

address=/asus.transmission/192.168.1.1:9091

but that locks up the router on reboot. DHCP doesn't work and no navigation.
It works good if I don't specify the port number.
Any hint? I was also wondering if iptables could help...

 

[ColinTaylor]

Why not use this in /jffs/configs/hosts.conf.add:

192.168.1.1 TRANSMISSION

You'd then refer to it by name as "transmission:9091"

 

[noric]

Thanks Colin. I'll revert to it as a last option, but I'd prefer to log into transmission with only a domain name. No port number. I can't find out how to redirect to a specific port number, though.

 

[ColinTaylor]

Sorry noric but I've never used transmission so I don't know what you mean by "log in". Do you mean using a web browser, i.e http://transmission:9091

 

[noric]

Yes, it's installed on the router itself and it's web interface is available at the router ip at port 9091. So it would be 192.168.1.1:9091.

 

[ColinTaylor]

OK I think I understand. So you want to type http://transmission ?

Tricky. You can't do it just with DNS. You'd have to allocate a fake IP address to use (otherwise you'd block normal web access to the router), say 192.168.1.2.

Create a hosts entry "192.168.1.2 TRANSMISSION".

Then you'd have to create an iptables rule that redirected 192.168.1.2:80 to 192.168.1.1:9091

UPDATE:

You'd probably need something like this in /jffs/scripts/firewall-start

#!/bin/sh

logger -t $(basename $0) $1

iptables -t nat -A PREROUTING -d 192.168.1.2 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:9091

 

[noric]

Exactly. Infact I thought I need to try out an iptable string like that.

 

[noric]

Thank you so much Colin! I'll try that as soon I get home.

 

[noric]

Then you'd have to create an iptables rule that redirected 192.168.1.2:80 to 192.168.1.1:9091

UPDATE:

You'd probably need something like this in /jffs/scripts/firewall-start

#!/bin/sh

logger -t $(basename $0) $1

iptables -t nat -A PREROUTING -d 192.168.1.2 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:9091

It isn't working. Could it be that it needs to be in the nat-start script instead of firewall-start?

By the way, if anyone is trying this, the hosts file that needs to be edited as first step is called "hosts.add", not "hosts.conf.add".

UPDATE:
it doesn't work in nat-start either. Strange, because it should be the same as what merlin is suggesting here:

Chromecast has hard coded DNS servers to 8.8.8.8 and 8.8.4.4. Luckily we can use simple iptables rules to redirect Chromecast DNS queries back to our router.

Since iptables rules are not persistent we must add them to the nat-start hook

cat > /jffs/scripts/nat-start <<EOF
iptables -t nat -A PREROUTING -s <CHROMECAST-IP>/32 -d 8.8.4.4 -p udp --dport 53 -j DNAT --to <ROUTER-IP>
iptables -t nat -A PREROUTING -s <CHROMECAST-IP>/32 -d 8.8.8.8 -p udp --dport 53 -j DNAT --to <ROUTER-IP>
EOF

 

[ColinTaylor]

Yes you're right, this doesn't work. I suspect that the traffic is never hitting the iptables rule because it's LAN to LAN rather than WAN to LAN. Unfortunately this is where my knowledge of iptables runs out. Maybe someone else can help (or tell us that it's not possible!).

Personally, for all this effort I think I'd just type the extra 5 characters at the end of the URL!

 

[sinshiva]

try adding this to the script;

ifconfig br0:0 192.168.1.2 netmask 255.255.255.0

if that works, you could go a step further and just have the server listen on that IP instead, using port 80 or whatever

 

[noric]

Personally, for all this effort I think I'd just type the extra 5 characters at the end of the URL!

Yes, I'd do the same, but I was trying to avoid noobs calling me every other day asking for the ip address...
I'll tell 'em to bookmark the ip in the browser, as a last option.

try adding this to the script;

ifconfig br0:0 192.168.1.2 netmask 255.255.255.0

if that works, you could go a step further and just have the server listen on that IP instead, using port 80 or whatever

Now my nat-start script looks like this:

#!/bin/sh
iptables -t nat -A PREROUTING -d 192.168.1.253 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:9091
ifconfig br0:0 192.168.1.253 netmask 255.255.255.0

but it doesn't work. I've noticed however that with the last line the browser query lasts for a very short time (1 second), while without it it lasts much longer.

 

[noric]

Will this redirect .253 to .1 or .1 to .253? Sorry if I ask but I wouldn't like to be locked out of the router.


Edit: sinshiva's last post has disappeared?

 

[sinshiva]

sorry, wasn't sure (and still not), but i think adding this might be your best shot (including everything else)

#!/bin/sh
ifconfig br0:0 192.168.1.253 netmask 255.255.255.0
iptables -t nat -A PREROUTING -d 192.168.1.253 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:9091
iptables -t nat -A POSTROUTING -s 192.168.1.1 -p tcp --sport 9091 -j SNAT --to 192.168.1.253:80

reorganized it for you

 

[noric]

Hey man, you are THE man!
It works. Combined with the host.add modification, everything works.

 

[noric]

I've found out that this simpler script works too:

iptables -t nat -A PREROUTING -d 192.168.[B]0[/B].253 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:9091

Apparently it works if the two IPs are on different subnets. However, a new problem arose this way: I'm redirected as expected if I type the ip address, but not if I type the domain name I enter in "hosts.add".

UPDATE: maybe I was wrong. Maybe it works with domain names too.

 

[noric]

Ok, to sum this up.
The one line method I posted above indeed works if the ip addresses are on different subnets. Sinshiva's method works even on the same subnet.
Both methods can be combined with hosts.add modification.

Thank you guys for helping me out!

 

[halex4u]

Ok, to sum this up.
The one line method I posted above indeed works if the ip addresses are on different subnets. Sinshiva's method works even on the same subnet.
Both methods can be combined with hosts.add modification.

Thank you guys for helping me out!

Can you post the final file that works. I don't have too much experience. Thx!

 

[noric]

There are two files (inside the zip):
View attachment files.zip

Move nat-start into "/jffs/scripts". Move hosts.add in "/jffs/configs". Then do "chmod a+rx /jffs/scripts/*". Reboot.

Of course take a look at the files and adjust them to your needs. You can use notepad++ for that.