FW rule that redirects all outbound DNS traffic to another (internal) host

Hi there, it’s been a while. I hope everybody is ok, specially @ Nethesis in Italy.

Question : is there a way (GUI or command line) to configure a DNAT rule that redirects all outbound traffic destined for port 53 on any external host to instead go to an internal DNS server.

The idea is getting bastard iOT devices with hardcoded DNS servers to use my own (pihole) DNS server instead of theirs.



As of today, nethesis is doing fine, but we feel surrounded by the corona virus, every day we discover that at least one more person we know is sick (and many hospitalized).

Never tried, but I think that you may need a single line in `/etc/shorewall/rules:

DNAT loc loc:x.y.z.w:53 udp 53

where x.y.z.w is the IP of the pihole.


Thanks ! I’ll try and report.

All the best, take care of you. I hope things will settle down soon.

I think it works but it somehow broke something, there is probably a DNS loop : nethserver refers to the pihole but the pihole refers to nethserver to get local machines names. No time to find a workaround right now.


DNAT loc:!ip.of.pi.hole loc:x.y.z.w:53 udp 53

1 Like

! that’s smart, I’ll try :blush: