Community discussions

MikroTik App
 
vajny
just joined
Topic Author
Posts: 2
Joined: Thu Oct 15, 2020 11:55 pm

Forward local dns server to wan

Fri Oct 16, 2020 12:07 am

Hi, I have PiHole DNS setup on my raspberry pi in lan with ip 192.168.0.100. I also have public ip and I have few ports forwarded to the same rpi. I want to use the PiHole from anywhere. But I am not able to. I tried to add dst-nat to of port 53 to 53 on 192.168.0.100 just like I did with other ports like 80 for apache. But it doesnt work. What am I doing wrong?

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=81 protocol=tcp to-addresses=\
192.168.0.100 to-ports=8765
add action=dst-nat chain=dstnat dst-port=82 protocol=tcp to-addresses=\
192.168.0.100 to-ports=80
add action=dst-nat chain=dstnat dst-address=xx.69.1x.2x1 dst-port=53 \
protocol=tcp to-addresses=192.168.0.100 to-ports=53
add action=dst-nat chain=dstnat dst-address=xx.69.1xx.2x1 dst-port=53 \
protocol=udp to-addresses=192.168.0.100 to-ports=53
Last edited by vajny on Sat Oct 17, 2020 8:19 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5305
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Forward local dns server to wan

Fri Oct 16, 2020 4:49 pm

THe first coupler of dst-nat rules are missing one part........... where are they headed? (to your router)
If your wanip is static/fixed from the ISP then use dst-address to it..
If your wan is dynamic use the active wan interface in-interace=activewaninterface (depending could be etherport, pppoe interface, vlan interface)

ex a.
add action=dst-nat chain=dstnat dst-port=81 protocol=tcp dst-address=WANIP\
to-addresses=192.168.0.100 to-ports=8765

ex b.
add action=dst-nat chain=dstnat dst-port=81 protocol=tcp in-interface=ether1\
to-addresses=192.168.0.100 to-ports=8765


Your destination nat rules for port 53 would be correct if the IP indicated is your public IP. (Although for posting purposes you should put XXXX or a fake number vice your real public iP)
However I have no idea how that is going to conflict with all the DNS going internal with the router structure how you have set it up.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
vajny
just joined
Topic Author
Posts: 2
Joined: Thu Oct 15, 2020 11:55 pm

Re: Forward local dns server to wan

Sat Oct 17, 2020 8:24 pm

THe first coupler of dst-nat rules are missing one part........... where are they headed? (to your router)
If your wanip is static/fixed from the ISP then use dst-address to it..
If your wan is dynamic use the active wan interface in-interace=activewaninterface (depending could be etherport, pppoe interface, vlan interface)

ex a.
add action=dst-nat chain=dstnat dst-port=81 protocol=tcp dst-address=WANIP\
to-addresses=192.168.0.100 to-ports=8765

ex b.
add action=dst-nat chain=dstnat dst-port=81 protocol=tcp in-interface=ether1\
to-addresses=192.168.0.100 to-ports=8765


Your destination nat rules for port 53 would be correct if the IP indicated is your public IP. (Although for posting purposes you should put XXXX or a fake number vice your real public iP)
However I have no idea how that is going to conflict with all the DNS going internal with the router structure how you have set it up.

The ip is my public IP, Like I said. All of the NAT rules works as they should i can connect to them from anywhere. But only the 53 port is not communicating with me. I can normally access the DNS pihole from local ip adress (192.168.0.100) but no reply is comming from WAN.It is weird, because if I connect basic tp-link router instead of mikrotik and do basic NAT rule it works as a charm.

Who is online

Users browsing this forum: Baidu [Spider], Google [Bot], gvendr and 37 guests