Hello there,
My dns server using 8888 port, in linux can use the following instructions:
Iptables -t nat -A OUTPUT -d 1.1.1.1 -p udp --dport 53 -j DNAT --to-destination 1.1.1.1:8888
In ros does not work, we have any suggestions?
Iptables -t nat -A OUTPUT -d 1.1.1.1 -p udp --dport 53 -j DNAT --to-destination 1.1.1.1:8888
What do you want to achieve? Changing default DNS port on a routerboard?
Action redirect dst-nats to itself:
/ip firewall nat
add action=redirect chain=dstnat comment="DNS port: 8888 to 53" dst-address=1.1.1.1 dst-port=8888 protocol=udp to-ports=53
If you seek to prevent your internal DNS server to be used as a DDoS amplification attack, why don’t you firewall it to the internet? Would be better practice than “ofuscating” the port.
and I think you sould enable allow-remote-requests for redirect dns to your mikrotik.
/ip dns set allow-remote-requests=yes
I came across this before (Dstnat in output chain?) and you can’t do it with current RouterOS. You can try to ask support nicely, if they’d like to add it. It shouldn’t be too hard for them, Linux has it and RouterOS is based on Linux…