Please help me to implement following iptables instruction which redirect LAN traffic from google dns to other dns provider (69.42.56.54).
iptables -I PREROUTING -t nat -p udp -d 8.8.4.4 --dport 53 -j DNAT --to-destination 69.42.56.54
iptables -I PREROUTING -t nat -p udp -d 8.8.8.8 --dport 53 -j DNAT --to-destination 69.42.56.54
Additionally this should work not for whole LAN just only for 3 internal (LAN) IP 192.168.10.40, 192.168.10.43, 192.168.10.50.
Use destination NAT rules in IP Firewall.
correct?
/ip firewall nat add chain=dstnat protocol=udp src-address=192.168.10.40 dst-address=8.8.8.8 src-port=53 action=dst-nat to-addresses=69.42.56.54 to-port=53
to make same as:
iptables -I PREROUTING -t nat -p udp -d 8.8.8.8 --dport 53 -j DNAT --to-destination 69.42.56.54 only for LAN IP-192.168.10.40 ?
You have the src port in the rule - should be dst port. The client could use a variety of ports as the src port.
/ip firewall nat add chain=dstnat protocol=udp src-address=192.168.10.40 dst-address=8.8.8.8 dst-port=53 action=dst-nat
to-addresses=69.42.56.54 to-port=53
???
By using dst-address-list and src-address-list, you can accomplish your aim with only one rule.
/ip firewall nat
add chain=dstnat protocol=udp dst-address-list=google_dns dst-port=53 action=dst-nat
to-addresses=69.42.56.54 to-port=53 src-address-list=no_google_dns
/ip firewall address-list
add address=8.8.4.4 list=google_dns
add address=8.8.8.8 list=google_dns
add address=192.168.10.40 list=no_google_dns
add address=192.168.10.43 list=no_google_dns
add address=192.168.10.50 list=no_google_dns
Thanks !!!