[Dnsmasq-discuss] Having dnsmasq use non-default routing table
Matthias May
matthias.may at westermo.com
Fri Sep 22 22:31:13 UTC 2023
Hi Luigi
Strictly speaking this has nothing to do with dnsmasq, and is a question
of how to do policy-routing.
I assume you're using linux since you mention iptables.
A good starting point for policy routing with linux is
https://tldp.org/HOWTO/Adv-Routing-HOWTO/
respectively https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html
What i would do is to create a routing rule that redirects your frames
to a separate routing table.
By the default the routing rules look like this:
# maym at Orpheus:~$ ip rule
# 0: from all lookup local
# 32766: from all lookup main
# 32767: from all lookup default
You can create a new routing table (e.g table 100) that contains a
different default gateway.
# maym at Orpheus:~$ sudo ip route add default via 10.0.8.99 table 100
# maym at Orpheus:~$ ip route show table 100
# default via 10.0.8.99 dev wlan0
Now create a routing rule that matches your traffic and calls the table 100:
# maym at Orpheus:~$ sudo ip rule add pref 100 iif lo proto 17 dport 53
lookup 100
# maym at Orpheus:~$ ip rule
# 0: from all lookup local
# 100: from all iif lo dport 53 lookup 100 proto 17
# 32766: from all lookup main
# 32767: from all lookup default
Now all traffic originating:
from the device itself (iif lo)
with proto 17 (udp)
to the destination port 53 (dns)
will be directed to the routing table 100 which contains the default
gateway to the router you want to use.
BR
Matthias
On 22/09/2023 15:10, Luigi Baldoni wrote:
> Hello,
> after a few days of fruitless efforts, I thought of asking you all directly.
>
> I need dnsmasq to send its queries to the upstream server via a different
> route than everything else. I've tried adding the @interface parameter to
> the --server option but I don't think I quite understand how it's supposed
> to work.
> Then I've attempted to mark the packets originating from the dnsmasq process
> via the iptables owner module, also with little success.
>
> Before I proceed any further with these experiments, I would like to know
> whether I'm missing something, or if someone has found a different way to
> do this.
>
> Thanks
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://urldefense.com/v3/__https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss__;!!I9LPvj3b!B5ufkCPULSxnt3FjUe0ZvdgQYisVtbnoP_jvcsm9droDBts9Pe8Dsw2EuLsUBxoFy5MKDHvMZKv7X1_ueQ$
More information about the Dnsmasq-discuss
mailing list