Page 1 of 1

Redirect traffic towards one IP to another IP

Posted: Wed May 22, 2019 10:14 am
by ranpha
Situation:-

Gateway router IP: 192.168.88.1
raspberrry pi (pi-hole): 192.168.88.20
Offending device IP: 192.168.88.30

My DHCP server has been set to give out addresses via static addressing, with the DNS server being 192.168.88.20.
But a wayward device (the 192.168.88.30) has its DNS hardcoded to Google DNS 8.8.8.8 and 8.8.4.4.
Therefore, if I want to redirect all the 192.168.88.30's attempts to access 8.8.8.8/8.8.4.4. to my pi-hole server 192.168.88.20, all I have to do is to create the NAT entries as shown below?
 5    chain=dstnat action=dst-nat to-addresses=192.168.88.20 to-ports=53 protocol=udp dst-address=8.8.8.8 
      dst-port=53 log=no log-prefix="" 

 6    chain=dstnat action=dst-nat to-addresses=192.168.88.20 to-ports=53 protocol=tcp dst-address=8.8.8.8 
      dst-port=53 log=no log-prefix="" 

 7    chain=dstnat action=dst-nat to-addresses=192.168.88.20 to-ports=53 protocol=udp dst-address=8.8.4.4 
      dst-port=53 log=no log-prefix="" 

 8    chain=dstnat action=dst-nat to-addresses=192.168.88.20 to-ports=53 protocol=tcp dst-address=8.8.4.4 
      dst-port=53 log=no log-prefix="" 

Re: Redirect traffic towards one IP to another IP

Posted: Wed May 22, 2019 6:17 pm
by Sob
You also need some srcnat, because with your rules 192.168.88.30 sends packet to 8.8.8.8, it's redirected to 192.168.88.20, it responds directly to 192.168.88.30 and it throws it out, because it expects response from 8.8.8.8.

More details here:
https://wiki.mikrotik.com/wiki/Hairpin_NAT

Re: Redirect traffic towards one IP to another IP

Posted: Fri Jul 26, 2019 8:33 am
by ceylan
Hello to everyone...I use pi-hole linux dns server on my network.the problem is that, i can not see all my Clients (total) in pi-hole(you can see in pic.).The IP address of the DNS SERVER is 10.10.10.2 and ip address of clients 192.168.240.0/22.When I look at client ip addresses from dns server,I see a few ip in the form of 10.10.10.3 and 10.10.10.x(same ip blok with dns server).i know to need to write firewall-nat in my main mikrotik (Request future from 192.168.240.0/22 ​​to exit from 10.10.10.2) but i am not sure to how can write it.And i am not sure if i need to write this nat to client router too!!??