Looking for a mikrotik router Model that supports DNAT

andersenbrittany · January 27, 2019, 4:07pm

Hi everyone..

Looking for a mikrotik router Model that supports DNAT. After all the posts about devices ignoring pihole and people using DNAT to force the usage of pihole, I’ve been looking into it a little bit.

But it seems that I can only find results (google) about Ubiquiti devices and DNAT. I’ve looked at the price of a WiFi router (€149) and it’s a bit too much for me. My budget is <= €100. Cheaper Ubiquity options are just switches, but I need a WiFi router to replace the one given to me by my ISP (which will be in bridge mode).

gotsprings · January 28, 2019, 1:23pm

pihole is a local dns server right?

You would set the dhcp-server to handout the pihole address to clients.

Then set up a rule to capture anything on port 53 and send it to your pihole server.

Any Tik should be able to do this.

AlainCasault · January 28, 2019, 1:27pm

Hello

All MikroTik devices support dnat.

Cheers

Sent from my cell phone. Sorry for the errors.

zandhaas · January 28, 2019, 2:52pm

I'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server.

/ip dhcp-server option print

NAME CODE VALUE RAW-VALUE

0 PIHole 6 '192.168.x.x' c0a80032

Where 192.168.x.x is the PI-Hole address.

gotsprings · January 28, 2019, 5:16pm

Would be even easier to put it in

/ip dhcp-server network
add address=192.168.2.0/24 comment="Typical /24" dns-server=192.168.2.1 \
    gateway=192.168.2.1

Jotne · January 29, 2019, 6:45am

I do not use DNAT or pi-hole.
Just add DNS localy to my public webserver for user on the net and user on the outside gets the public IP and will going trough nat to the web server.

zandhaas · January 29, 2019, 6:54am

I’m using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server.

/ip dhcp-server option print

NAME CODE VALUE RAW-VALUE

0 PIHole 6 ‘192.168.x.x’ c0a80032

Where 192.168.x.x is the PI-Hole address.

Would be even easier to put it in
/ip dhcp-server network
add address=192.168.2.0/24 comment="Typical /24" dns-server=192.168.2.1 \
    gateway=192.168.2.1

The advantage of using the DHCP option 6 method is that all clients get the PI-Hole server as DNS server. So in PI-Hole you can see the real client requests instead off the router sending all request.

mkx · January 29, 2019, 12:44pm

Would be even easier to put it in
/ip dhcp-server network
add address=192.168.2.0/24 comment="Typical /24" dns-server=192.168.2.1 \
    gateway=192.168.2.1
The advantage of using the DHCP option 6 method is that all clients get the PI-Hole server as DNS server. So in PI-Hole you can see the real client requests instead off the router sending all request.

The line by @gotsprings should rather read as

/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.x.x gateway=192.168.2.1

Where 192.168.x.x is the PI-Hole address. The above should direct all DHCP clients to use PI-Hole as DNS server and is actually human-readable version of your construct.
You still have to redirect any connections to external DNS servers if you want to force all clients to use PI-Hole (also those who statically configure their IP settings).

gotsprings · January 30, 2019, 7:58pm

Something like

/ip firewall nat
add action=dst-nat chain=dstnat comment="Redirect Guest DNS" dst-address=!192.168.x.x \
    dst-port=53 protocol=udp src-address-list=Local to-addresses=192.168.x.x

and mkv was correct. have the dhcp server tell the clients to use your piehole…
(Kind of sounds rude when I type it like that…)