Asus wifi AP re-writing DNS packets
Neil Hanlon
neil at shrug.pw
Wed Oct 28 20:31:43 UTC 2020
And if so, can you set up your own service to remove their iptables rule
after it's been added or otherwise counteract it.
At least temporarily, anyways.
-Neil
On Wed, Oct 28, 2020 at 4:26 PM Ryan Hamel <ryan at rkhtech.org> wrote:
> I'm curious to know why they would add such a thing, and how you got the
> iptables rules from the device. Do these Asus routers provide SSH directly
> into the shell?
>
> Ryan
> On Oct 28 2020, at 11:33 am, Anurag Bhatia <me at anuragbhatia.com> wrote:
>
> Hello,
>
> Wondering anyone from Asus here or anyone who could connect me to the
> developers there?
>
> Using Asus RT-AC58U in Access Point(AP) mode and expect it to simply
> bridge wired with wireless but seems like it's re-writing DNS packets
> source as well as the destination.
>
>
> 1. DNS port 53 traffic going out, the source is re-written with the
> management IP of the AP on the LAN. So virtually all DNS traffic hits the
> router from the (management) IP of the Asus AP instead of real clients.
>
> 2. If I define DNS as x.x.x.x on DHCP, the Asus AP picks that up and
> re-writes destination to x.x.x.x and hence even if any client uses y.y.y.y,
> the packets are simply re-written.
>
>
> I see the rule in iptables on Asus AP. All these issues give an idea that
> someone created AP mode (besides regular routing mode) and missed to
> disable the DNS related NATing features in the AP mode. So far my
> discussions with their support have been going quite slow and would greatly
> appreciate if someone could connect me to right folks in there so they can
> release a firmware fix for it.
>
>
>
> Thanks.
>
> --
> Anurag Bhatia
> anuragbhatia.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201028/e9284a4f/attachment.html>
More information about the NANOG
mailing list