Redirect IPv6 DNS queries to Pihole

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
mfigrs
DD-WRT Novice


Joined: 26 Apr 2019
Posts: 16

PostPosted: Fri Jun 07, 2019 19:04    Post subject: Redirect IPv6 DNS queries to Pihole Reply with quote
I am using a ddwrt 33555 on Netgear wnr3500Lv1, with a Pihole for network-wide filtering.

I have this iptables code to force redirect ipv4 requests:

Code:
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.1.10
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.1.10


The 192.168.1.10 is my pihole.

Anyway, I tried to do something similar for ipv6 requests with `ip6tables`, but I get an error. Looks like the ip6tables in build 33555 do not have the 'nat' table.

Does anyone have a suggestion on how to work around it?
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Sat Jun 08, 2019 17:09    Post subject: Reply with quote
You can try to use the mangle table to do prerouting things Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
mfigrs
DD-WRT Novice


Joined: 26 Apr 2019
Posts: 16

PostPosted: Mon Jun 10, 2019 12:42    Post subject: Reply with quote
egc wrote:
You can try to use the mangle table to do prerouting things Smile


Oops... It turns out build 33555 does not have 'mangle' table either. The only table available is 'filter'. Too bad.

On second thought - perhaps 'filter' will do - perhaps I could just drop all ipv6 DNS packets not going to my pihole? How do I accomplish this?
mfigrs
DD-WRT Novice


Joined: 26 Apr 2019
Posts: 16

PostPosted: Tue Jun 11, 2019 13:26    Post subject: Reply with quote
Another update:

I tried to simply REJECT all traffic to port 53 that is not coming from my Pihole. However, ip6tables complained that
Code:
--dport
is an unknown option...
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6855
Location: Romerike, Norway

PostPosted: Tue Jun 11, 2019 14:21    Post subject: Reply with quote
Did you specify the protocol (-p udp)?
mfigrs
DD-WRT Novice


Joined: 26 Apr 2019
Posts: 16

PostPosted: Tue Jun 25, 2019 17:41    Post subject: Reply with quote
No, I did not! Had no idea this would make difference.

I was able to run this command:
Code:
ip6tables -I FORWARD 1 -p udp --dport 53 -d \! xx:yy:zz -j DROP


where "xx:yy:zz" is IPv6 address of my DNS server.

This has effectively blocked DNS resolution via IPv6 - not perfect, but works.

Thanks for all the advices!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum