Page 1 of 1

How to Force Wlan Users to Use Specific DNS servers?

Posted: Wed Sep 20, 2017 8:15 pm
by anushkaudeshan
Hi All,

I am trying to use custom DNS servers only for Wlan users(using different subnets/SSIDs as well). I have already done the below script but it wont work so far.

add action=dst-nat chain=dstnat dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS2 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS2 to-ports=53

tried using subnets for as following as well, still wont work. :(

add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS2 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS2 to-ports=53

test.wlan is the SSID I use with subnets so users can connect to the network.
it works when I do use the DNS under ip/dns which applies to whole network
What am I missing here? Please let me know how to do this properly.

Thanks a lot. :) :) :)

Re: How to Force Wlan Users to Use Specific DNS servers?

Posted: Thu Sep 21, 2017 2:31 am
by scampbell
in-interface must be an actual interface e.g wlan1, wlan2 etc. It cannot be an ssid.

Also you can only redirect to one DNS server, so one rule for UDP and one rule for TCP.


add action=dst-nat chain=dstnat dst-port=53 in-interface=wlan1 protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=wlan1 protocol=tcp to-addresses=DNS1 to-ports=53

or

add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 protocol=tcp to-addresses=DNS1 to-ports=53

Hope this helps.

Re: How to Force Wlan Users to Use Specific DNS servers?

Posted: Thu Sep 21, 2017 10:02 am
by anushkaudeshan
Thanks for the valuable reply mate.

What about if I use different subnets for each SSID? will that helps?

add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS1 to-ports=53

used above command lines as well. still no luck.

Re: How to Force Wlan Users to Use Specific DNS servers?

Posted: Fri Sep 22, 2017 1:45 am
by scampbell
Use only source subnet in your rules should resolve that.

You can use in-interface as well but from your earlier post I thought test.wlan was an SSID not an interface ?