Community discussions

MUM Europe 2020
 
medi01
just joined
Topic Author
Posts: 10
Joined: Wed Jun 20, 2018 9:49 am

Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Wed Jun 20, 2018 9:57 am

Greetings,

I have tried following this guide (correcting IPs, of course):
https://wiki.mikrotik.com/wiki/Force_us ... DNS_server
But it doesn't seem to work, and the reason, I suspect, is that MK acts as a router, without NAT.

Configuration:
ISP <= CableModem/Router (NAT + DHCP Server) <= Mikrotik (RB, forwarding DHCP requests) <= WIFI clients
(there are other devices on the network, connected directly to the CableModem, that should be able to open connections to WIFi clients, hence NAT on RB is not an option)

I need to force all WIFI clients to use Mikrotik's DNS server (LAN devices are good as is).

Thank you in advance.
 
medi01
just joined
Topic Author
Posts: 10
Joined: Wed Jun 20, 2018 9:49 am

Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Thu Jun 28, 2018 10:09 am

Anyone? :(
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1171
Joined: Fri Jul 28, 2017 2:53 pm

Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Thu Jun 28, 2018 10:43 am

If you want your cable modem acts like NAT router and Tik is not, then just add these 2 rules, cause Tik not gonna NAT your source address of your LAN, it's NAT dest address which not fail access to Internet with source NAT by cable modem.
 
medi01
just joined
Topic Author
Posts: 10
Joined: Wed Jun 20, 2018 9:49 am

Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Fri Jun 29, 2018 12:00 pm

If you want your cable modem acts like NAT router and Tik is not, then just add these 2 rules, cause Tik not gonna NAT your source address of your LAN, it's NAT dest address which not fail access to Internet with source NAT by cable modem.
Why does it have to be a NAT?
I don't want Network Address Translation at all, just for MKT to capture DNS request packets passing it, and serve them from built-in DNS server.
 
Sob
Forum Guru
Forum Guru
Posts: 4995
Joined: Mon Apr 20, 2009 9:11 pm

Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Fri Jun 29, 2018 7:03 pm

/ip firewall nat
add action=redirect chain=dstnat dst-port=53 protocol=udp
add action=redirect chain=dstnat dst-port=53 protocol=tcp
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
medi01
just joined
Topic Author
Posts: 10
Joined: Wed Jun 20, 2018 9:49 am

Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Wed Jul 11, 2018 4:02 pm

/ip firewall nat
add action=redirect chain=dstnat dst-port=53 protocol=udp
add action=redirect chain=dstnat dst-port=53 protocol=tcp
No, as I said, there is no NAT, so these rules, while doing no harm, do not do anything.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6139
Joined: Mon Jun 08, 2015 12:09 pm

Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Wed Jul 11, 2018 4:34 pm

That is not correct, it is also possible to make dstnat rules in a router that is not doing srcnat.
It should work.
 
medi01
just joined
Topic Author
Posts: 10
Joined: Wed Jun 20, 2018 9:49 am

Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Thu Jul 12, 2018 9:40 am

That is not correct, it is also possible to make dstnat rules in a router that is not doing srcnat.
It should work.
OK, I'll try it later today.
 
dcwifi
just joined
Posts: 23
Joined: Thu Jan 21, 2010 7:35 am

Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Thu Jul 12, 2018 10:08 am

As per your setup - ISP <= CableModem/Router (NAT + DHCP Server) <= Mikrotik (RB, forwarding DHCP requests) <= WIFI clients

The Mikrotik "forward the DHCP request", is that means the WIFI clients get the IP from the CableModem/Router?

If yes the Mikrotik is just acts like a switch and those two rules won't work.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6139
Joined: Mon Jun 08, 2015 12:09 pm

Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router

Thu Jul 12, 2018 11:19 am

It can still work when you make sure there is no hardware offload (i.e. pure bridge and no switch) and on the bridge menu the "use IP firewall for bridge traffic" is enabled.

Who is online

Users browsing this forum: evince and 48 guests