i am trying to use this, but to no success. maybe someone could correct me.
using this rule:
add chain=dstnat in-interface=lan dst-port=53 action=redirect to-ports=53
gets
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; redirect DNS-requests
chain=dstnat in-interface=lan dst-port=53 action=redirect to-ports=53
dig gives me, for example:
dig @192.168.255.3 www.microsoft.de
; <<>> DiG 9.2.2 <<>> @192.168.255.3 www.microsoft.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43368
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.microsoft.de. IN A
;; ANSWER SECTION:
www.microsoft.de. 1428 IN CNAME microsoft.de.
microsoft.de. 1428 IN A 207.46.130.108
microsoft.de. 1428 IN A 207.46.250.119
which is ok, but in a web-browser i can't open any page on the internet.
