Page 1 of 1

iptables on 7800N

Posted: Sat Feb 01, 2014 11:35 am
by tman24
Having recently bought a Chromecast, and finding out Google have hard baked their own DNS servers into the config, I need to be able to modify the iptables rules on my 7800N to allow me to nat any internal DNS requests to to DNS servers of my own choice. I know the commands I need to use, which are;

iptables -t nat -A PREROUTING -d -j DNAT --to-destination <my DNS server IP>
iptables -t nat -A PREROUTING -d -j DNAT --to-destination <my DNS server IP>

It doesn't look like the firewall options in the web gui have the functionality to allow this, but I seem to be able to list/manipulate the iptables rules from the command line..... but, having entered the necessary commands (which seemed to be accepted), iptables --list doesn't show them. Do I need to specify a particular CHAIN to use (I thought PREROUTING should be enough), or can't I actually modify the firewall rules via the CLI? If I can't use these rules, I'm going to lose a lot of Chromecast functionality, which would be a real shame.

Firmware is the latest 1.06h.

Re: iptables on 7800N

Posted: Sat Feb 01, 2014 12:14 pm
by tman24
Actually, there doesn't seem to be a PREROUTING chain on the 7800N. Are any of the pre-configured chaines for pre-routing, or if I add a pre-routing chain, will it be processed normally?

Re: iptables on 7800N

Posted: Wed Feb 05, 2014 9:14 pm
by tman24
Ok, well, managed to fix it in the end - by trial and error more than anything. For those interested, here's the solution;

SSH to your Billion router and login

Type these commands;

iptables -t nat -A PREROUTING -d -p udp --dport 53 -j DNAT --to-destination <your preferred DNS server>
iptables -t nat -A PREROUTING -d -p udp --dport 53 -j DNAT --to-destination <your prefeffed DNS server>

After pressing return on each command you should see.... nothing. No response is good!

Verify your NAT settings with this command;

iptables -v -L -t nat

A whole list of output will scroll by, but if you scroll back up, you should see your new commands in the firewall rule list.

You can type 'save' at this point, but I'm not 100% sure these changes will survive a reboot. I reboot my 7800N once in a blue moon, so not a problem for me.

Re: iptables on 7800N

Posted: Sat Mar 29, 2014 8:14 pm
by jimjam
Hey thanks for the tip.
I was a bit disappointed (but of course not surprised) to find that Goog had enforced their DNS.
I actually like to use google DNS as a general rule, but I want to use unotelly regional unblocking for selecting netflix region etc.
This is exactly what I was looking for...
Out of interest is it persistent after a reboot of the router?