The News‎ > ‎

Prevent devices from bypassing pihole (mikrotik)

posted Jul 20, 2019, 2:07 AM by Leigh Williams
Thanks to this guy for this awesome post: https://www.reddit.com/r/pihole/comments/5g249i/tip_redirect_all_dns_to_pihole_with_mikrotik/

Basically, you need to do this:
  • Change 192.168.88.110 to your pi hole IP
  • Change 192.168.88.0/24 to your subnet


#Make sure all DNS goes to pihole IP address
chain=dstnat action=dst-nat to-addresses=192.168.88.110 protocol=udp src-address=!192.168.88.110 dst-address=!192.168.88.110 dst-port=53
chain=dstnat action=dst-nat to-addresses=192.168.88.110 protocol=tcp src-address=!192.168.88.110 dst-address=!192.168.1.2 dst-port=53

#Hairpin NAT
#Masquerade router IP 
#These not really needed. I kept mine so its one IP (router IP) source
chain=srcnat action=masquerade protocol=udp src-address=192.168.88.0/24 dst-address=192.168.88.110 dst-port=53 
chain=srcnat action=masquerade protocol=tcp src-address=192.168.88.0/24dst-address=192.168.88.110 dst-port=53
chain=srcnat action=masquerade protocol=udp src-address=192.168.6.0/24 dst-address=192.168.88.110 dst-port=53 
chain=srcnat action=masquerade protocol=tcp src-address=192.168.6.0/24dst-address=192.168.88.110 dst-port=53
Comments