Preserve source IP - Adguard - NAT

Hi.
I`ve AdguardHome running in a container in a server in my lan. I want thar all DNS requests go to that server, so I've configured in firewall this:

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'DNS'
        option src 'lan'
        option src_ip '!192.168.3.2'
        option src_dport '53'
        option dest_ip '192.168.3.2'
        option dest_port '53'
        option enabled '1'

config nat
        option name 'DNS'
        list proto 'tcp'
        list proto 'udp'
        option src 'lan'
        option dest_ip '192.168.3.2'
        option dest_port '53'
        option target 'MASQUERADE'

192.168.3.2 is the IP of docker server (port 53 is exposed from AdguardHome container)

All is ok, but Adguard shows all request as originated by 192.168.3.1 (router). Is there any option to preserve the client IP and adguard shows it in the dashboard? I thought that masquerade rule was for that...

Thanks

it's not, its for catching all request ignoring the DNS IP you provide by using the config below.

point your clients directly to the adguard host, by using option 6.

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#dhcp_options

1 Like

Use DNSMasq option 6 to send 192.168.3.2 as DNS server to all LAN clients

yes but all devices don't use the dns server in option 6... for example IoT devices usually have "hardcoded" their dns servers.. and I want force them...

you can't,

those will be intercepted by the fw rule, AFAIK there's no way of having adguard see their IP instead of the routers, since the request isn't coming from the device itself.

1 Like