Community discussions

MikroTik App
 
5aberD
just joined
Topic Author
Posts: 24
Joined: Wed Apr 15, 2020 10:47 pm

Mikrotik with pi-hole config for my client's IP to show in the pi-hole logs

Thu Aug 04, 2022 9:53 am

I want to use a pi-hole for my org but if I use MikroTik's DNS its gonna show as _gateway in the query log and i want to try my best to make it work with using dst-nat for example but if i use the dst-nat without masquerade it breaks the internet and if I use it(masquerade according to the hairpin nat) the DNS queries are forwarded to the pi-hole but again only _gateway is shown in the query logs anybody got this to work?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Mikrotik with pi-hole config for my client's IP to show in the pi-hole logs

Thu Aug 04, 2022 11:56 pm

Quick and simple solution is to put pi-hole in separate subnet. Then even if you do redirection (dstnat) that clients don't know about, you can keep original source addresses. Or you can keep same subnet, but then pi-hole would need to handle it itself, i.e. check for source MAC address and if it belongs to router, then send resposes there, instead of directly to clients in same subnet.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Mikrotik with pi-hole config for my client's IP to show in the pi-hole logs

Fri Aug 05, 2022 12:58 am

Example of the latter, if Pi-hole had RouterOS, you could do:
/routing table
add name=via-router fib
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.88.1 routing-table=via-router
/ip firewall mangle
add chain=prerouting connection-state=new src-mac-address=AA:BB:CC:DD:EE:FF protocol=tcp dst-port=53 action=mark-connection new-connection-mark=from-router passthrough=no
add chain=prerouting connection-state=new src-mac-address=AA:BB:CC:DD:EE:FF protocol=udp dst-port=53 action=mark-connection new-connection-mark=from-router passthrough=no
add chain=output connection-mark=from-router action=mark-routing new-routing-mark=via-router passthrough=no
Where 192.168.88.1 is default gateway for LAN and AA:BB:CC:DD:EE:FF is its MAC address. But since Pi-hole doesn't have RouterOS, you'll need to find how to do the same with Linux.

Who is online

Users browsing this forum: almdandi, baragoon, GoogleOther [Bot], johnson73, loloski, miravic, patrikg and 80 guests