config redirect
option name 'DNS client hijack prevention ipv4'
option target 'DNAT'
option proto 'tcp udp'
option family 'ipv4'
option src 'lan'
option src_dport '53'
option dest 'wan'
option dest_port '53'
option dest_ip '<ipv4 address>'
trying to deploy for ipv6
config redirect
option name 'DNS client hijack prevention ipv6'
option target 'DNAT'
option proto 'tcp udp'
option family 'ipv6'
option src 'lan'
option src_dport '53'
option dest 'wan'
option dest_port '53'
option dest_ip '<ipv6 address>'
However, observing that:
LuCI Firewall -> Port Forwards -> Advanced (/cgi-bin/luci/admin/network/firewall/forwards) does not provide an address family option as it does in LuCI Firewall -> Traffic Rules -> Advanced
LuCI Firewall -> Port Forwards -> General Settings -> Internal IP address exhibits an overlay: Expecting: valid IPv4 network
IPT6=$(which ip6tables)
# Redirect all DNS Queries to Router (IPv6)
$IPT6 -t nat -I PREROUTING -i br-lan -m udp -p udp -s fd13:3:7:10::/64 --dport 53 -j DNAT --to-destination fd13:3:7:10::254 -m comment --comment "Force DNS Request to Router"
$IPT6 -t nat -I PREROUTING -i br-lan -m tcp -p tcp -s fd13:3:7:10::/64 --dport 53 -j DNAT --to-destination fd13:3:7:10::254 -m comment --comment "Force DNS Request to Router"
My ULA Prefix is fd13:3:7::/48
br-lan is configured with:
ip6hint '10'
ip6ifaceid '::254'
//edit
Sorry, of course this will not work in the desired way.
This will only redirect local requests and that doesn't make sense.
To make this work we have to use redirect here: