Hi there, it’s been a while. I hope everybody is ok, specially @ Nethesis in Italy.
Question : is there a way (GUI or command line) to configure a DNAT rule that redirects all outbound traffic destined for port 53 on any external host to instead go to an internal DNS server.
The idea is getting bastard iOT devices with hardcoded DNS servers to use my own (pihole) DNS server instead of theirs.
As of today, nethesis is doing fine, but we feel surrounded by the corona virus, every day we discover that at least one more person we know is sick (and many hospitalized).
Never tried, but I think that you may need a single line in `/etc/shorewall/rules:
I think it works but it somehow broke something, there is probably a DNS loop : nethserver refers to the pihole but the pihole refers to nethserver to get local machines names. No time to find a workaround right now.