Hi everyone..
Looking for a mikrotik router Model that supports DNAT. After all the posts about devices ignoring pihole and people using DNAT to force the usage of pihole, I've been looking into it a little bit.
But it seems that I can only find results (google) about Ubiquiti devices and DNAT. I've looked at the price of a WiFi router (€149) and it's a bit too much for me. My budget is <= €100. Cheaper Ubiquity options are just switches, but I need a WiFi router to replace the one given to me by my ISP (which will be in bridge mode).
-
-
andersenbrittany
just joined
- Posts: 1
- Joined:
-
-
gotsprings
Forum Guru
- Posts: 2122
- Joined:
Re: Looking for a mikrotik router Model that supports DNAT
pihole is a local dns server right?
You would set the dhcp-server to handout the pihole address to clients.
Then set up a rule to capture anything on port 53 and send it to your pihole server.
Any Tik should be able to do this.
You would set the dhcp-server to handout the pihole address to clients.
Then set up a rule to capture anything on port 53 and send it to your pihole server.
Any Tik should be able to do this.
Last edited by gotsprings on Mon Jan 28, 2019 3:31 pm, edited 1 time in total.
-
-
AlainCasault
Trainer
- Posts: 632
- Joined:
- Location: Prévost, QC, Canada
- Contact:
Re: Looking for a mikrotik router Model that supports DNAT
Hello
All MikroTik devices support dnat.
Cheers
Sent from my cell phone. Sorry for the errors.
All MikroTik devices support dnat.
Cheers
Sent from my cell phone. Sorry for the errors.
Re: Looking for a mikrotik router Model that supports DNAT
I'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server.
/ip dhcp-server option print
# NAME CODE VALUE RAW-VALUE
0 PIHole 6 '192.168.x.x' c0a80032
Where 192.168.x.x is the PI-Hole address.
/ip dhcp-server option print
# NAME CODE VALUE RAW-VALUE
0 PIHole 6 '192.168.x.x' c0a80032
Where 192.168.x.x is the PI-Hole address.
-
-
gotsprings
Forum Guru
- Posts: 2122
- Joined:
Re: Looking for a mikrotik router Model that supports DNAT
Would be even easier to put it inI'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server.
/ip dhcp-server option print
# NAME CODE VALUE RAW-VALUE
0 PIHole 6 '192.168.x.x' c0a80032
Where 192.168.x.x is the PI-Hole address.
Code: Select all
/ip dhcp-server network
add address=192.168.2.0/24 comment="Typical /24" dns-server=192.168.2.1 \
gateway=192.168.2.1
Re: Looking for a mikrotik router Model that supports DNAT
I do not use DNAT or pi-hole.
Just add DNS localy to my public webserver for user on the net and user on the outside gets the public IP and will going trough nat to the web server.
Just add DNS localy to my public webserver for user on the net and user on the outside gets the public IP and will going trough nat to the web server.
Re: Looking for a mikrotik router Model that supports DNAT
Would be even easier to put it inI'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server.
/ip dhcp-server option print
# NAME CODE VALUE RAW-VALUE
0 PIHole 6 '192.168.x.x' c0a80032
Where 192.168.x.x is the PI-Hole address.Code: Select all/ip dhcp-server network add address=192.168.2.0/24 comment="Typical /24" dns-server=192.168.2.1 \ gateway=192.168.2.1
The advantage of using the DHCP option 6 method is that all clients get the PI-Hole server as DNS server. So in PI-Hole you can see the real client requests instead off the router sending all request.
Re: Looking for a mikrotik router Model that supports DNAT
The line by @gotsprings should rather read asWould be even easier to put it inCode: Select all/ip dhcp-server network add address=192.168.2.0/24 comment="Typical /24" dns-server=192.168.2.1 \ gateway=192.168.2.1
The advantage of using the DHCP option 6 method is that all clients get the PI-Hole server as DNS server. So in PI-Hole you can see the real client requests instead off the router sending all request.
Code: Select all
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.x.x gateway=192.168.2.1
Where 192.168.x.x is the PI-Hole address. The above should direct all DHCP clients to use PI-Hole as DNS server and is actually human-readable version of your construct.
You still have to redirect any connections to external DNS servers if you want to force all clients to use PI-Hole (also those who statically configure their IP settings).
-
-
gotsprings
Forum Guru
- Posts: 2122
- Joined:
Re: Looking for a mikrotik router Model that supports DNAT
Something like
and mkv was correct. have the dhcp server tell the clients to use your piehole...
(Kind of sounds rude when I type it like that...)
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat comment="Redirect Guest DNS" dst-address=!192.168.x.x \
dst-port=53 protocol=udp src-address-list=Local to-addresses=192.168.x.x
(Kind of sounds rude when I type it like that...)
Who is online
Users browsing this forum: Amazon [Bot], Bing [Bot] and 79 guests