Page 1 of 1
Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Wed Jun 20, 2018 9:57 am
by medi01
Greetings,
I have tried following this guide (correcting IPs, of course):
https://wiki.mikrotik.com/wiki/Force_us ... DNS_server
But it doesn't seem to work, and the reason, I suspect, is that MK acts as a router, without NAT.
Configuration:
ISP <= CableModem/Router (NAT + DHCP Server) <= Mikrotik (RB, forwarding DHCP requests) <= WIFI clients
(there are other devices on the network, connected directly to the CableModem, that should be able to open connections to WIFi clients, hence NAT on RB is not an option)
I need to force all WIFI clients to use Mikrotik's DNS server (LAN devices are good as is).
Thank you in advance.
Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Thu Jun 28, 2018 10:09 am
by medi01
Anyone?
Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Thu Jun 28, 2018 10:43 am
by Anumrak
If you want your cable modem acts like NAT router and Tik is not, then just add these 2 rules, cause Tik not gonna NAT your source address of your LAN, it's NAT dest address which not fail access to Internet with source NAT by cable modem.
Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Fri Jun 29, 2018 12:00 pm
by medi01
If you want your cable modem acts like NAT router and Tik is not, then just add these 2 rules, cause Tik not gonna NAT your source address of your LAN, it's NAT dest address which not fail access to Internet with source NAT by cable modem.
Why does it have to be a NAT?
I don't want Network Address Translation at all, just for MKT to capture DNS request packets passing it, and serve them from built-in DNS server.
Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Fri Jun 29, 2018 7:03 pm
by Sob
/ip firewall nat
add action=redirect chain=dstnat dst-port=53 protocol=udp
add action=redirect chain=dstnat dst-port=53 protocol=tcp
Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Wed Jul 11, 2018 4:02 pm
by medi01
/ip firewall nat
add action=redirect chain=dstnat dst-port=53 protocol=udp
add action=redirect chain=dstnat dst-port=53 protocol=tcp
No, as I said, there is no NAT, so these rules, while doing no harm, do not do anything.
Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Wed Jul 11, 2018 4:34 pm
by pe1chl
That is not correct, it is also possible to make dstnat rules in a router that is not doing srcnat.
It should work.
Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Thu Jul 12, 2018 9:40 am
by medi01
That is not correct, it is also possible to make dstnat rules in a router that is not doing srcnat.
It should work.
OK, I'll try it later today.
Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Thu Jul 12, 2018 10:08 am
by dcwifi
As per your setup - ISP <= CableModem/Router (NAT + DHCP Server) <= Mikrotik (RB, forwarding DHCP requests) <= WIFI clients
The Mikrotik "forward the DHCP request", is that means the WIFI clients get the IP from the CableModem/Router?
If yes the Mikrotik is just acts like a switch and those two rules won't work.
Re: Transparently forcing to use Mikrotik's DNS Server, when MK acts as non-NAT router
Posted: Thu Jul 12, 2018 11:19 am
by pe1chl
It can still work when you make sure there is no hardware offload (i.e. pure bridge and no switch) and on the bridge menu the "use IP firewall for bridge traffic" is enabled.