so I have a VM that runs a DNS filter on IP 10.10.10.1 and my local subnet is 192.168.0.0/24 so I want the source’s IP address to be visible on my filter in order to set some policies, but the only IP visible is the Mikro’s address, I tried setting the DNS in my Mikrotik there and OFC that didn’t work so the next step I used DST-NAT to redirect UDP and TCP traffic on port 53 to the filter but still it didn’t work the router’s IP is the only visible one I don’t have a DHCP server, and I need a fix other than manually changing the DNS IP on every static device. I’m trying with one PC, for now to see if this can happen.
also at the same time when i specify out interface for the MSQ it doesn’t work I’m not sure why, although my Internet connection is on ether 12 coming from a cisco switch and I’m not sure if that’s the pronlem
Simplest config would be if you directed clients to use 10.10.10.1 as their DNS server. In that case you don’t need any of shown NAT rules, single rule performing SRC-NAT for traffic towards WAN would do (a limited version of your current last rule).
If your clients are configured to use whatever DNS server and you want to redirect queries to your own server, then you need a pair of DST-NAT rules:
in addition to abovementioned src-nat rule. I guess that rule which actually hides source address from DNS server is the second rule (masquerade). If it wasn’t that, it would be the last one (general masquerade) which should be limited by adding out-interface-list=WAN (or something similar).
as for the MSQ rul i specified the out interface both my VLan and DSL connections in the meantime it’s working, and my problem would be the DNS,and the problem is that all my +150 PCs are configured to take DNS from the MIkro so I’m trying to redirect it from the Mikro also