Help i need to redirect lan trafic
Hi Guy's,
I'm in need to redirect some lan traffic (DNS) from a source ip to a different destination ip within my lan. How do i set this up?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, welcome.
From what you described, I believe that you need to set up your own DNS server. To translate the domain name to the IP, you need the help of DNS server. Therefore, you set up your DNS server locally. If you use public DNS server, you cannot define the domain and IP because they run the maintenance.
- Copy Link
- Report Inappropriate Content
Hi @Hank21 ,
Indeed, i allready have 4 dns servers installed 2 sets. In my case i want to use the policy in my router to block udp 53 (DNS) from any of my dhcp clients. And only allow my dns servers to proccess these requests. So for the majority (for my devices and those of my childeren) it will be fine. As they either be resolved by my own dns server and ar blocked by the router. How ever i recently got an update on my android phone and it seems like it is using hard coded dns servers. Allthough i'm not 100% sure yet. And i've got some chromecast devices, those defenitly use hardcoded dns servers of google.
This should be solved by blocking the dns requests, forcing the chromecasts to fallback on the dns servers provided by my network. How ever they are a bit particular on these requests and are forcing them to be a response of 8.8.8.8 and/or 8.8.4.4. In other words, it forces me to use the Google dns servers. And that is all fine, how ever i don't want to utilize it for all of my network. While i'm able to relay these request to Google via my own dns server. I dont want to use it for my whole network. And this is the exact point where i need the policy routing on lan. So that i can redirect my chromecasts to the dns servers that are relay's of the Google DNS. And have all other devices use my normal DNS servers.
- Copy Link
- Report Inappropriate Content
If you want to simply block a port, you can set up the ACL. For that devices are hardcoded with their DNS, I am afraid there is nothing we/you can do. The domain names are first handed to the DNS on devices, then to the LAN DNS, to WAN DNS. If anything in this process fails to connect the domain, it'll be handed to the next. Your understanding is correct.
- Copy Link
- Report Inappropriate Content
This exact thing is possible with AsusWRT Merlin (dnsfiltering) and any firewalls/routers that support routing and masquerading traffic.
if this is not possible now, it would be a great feature to add to the Omada ecosystem.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1428
Replies: 4
Voters 0
No one has voted for it yet.