Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 30 subscribers
  • Views 1365 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Make DNS NAT - im trying and all fail :(

Regex

Hi Folks

Im trying to do a DNS NAT. In short, Ive got cheap IPCam which doesnt allow to comunicate directly with its own mobile app, it does it via some server.

So ive checked, where Mobile app is making a requests. Ive found that its: 123.56.159.92. Cam is on separeted Vlan droped to go outsite. Lan Ip is 10.0.100.100

So my goal is to make scenerio when if app is trying to request public server then NAT should translate it to local Ip(cam).

Im using my own DNS server at home (adGuard) FW policy is set.

This is only my experiment.

I dont know if im understand the gui implementatin but ive tryied sth like this

Can you please advice sth ? how to achive it in NAT GUI ?

So this is how it works

RED color is how it works right now
BLUE is how i want to be.

I hope this diagram will help, im not good at it :D



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    its just an attempt to see if its going to work. Why im even asking about NAT for particular scenario ? Well i was trying to setup a DNS NAT but no luck at all so maybe i didint understand sth as Sophos implemented on GUI ;)

  • 0 in reply to LuCar Toni

    Hi LuCar Toni,

    what he is trying to do is have all DNS requests that appear on the XG internal interfaces are redirected to his own internal DNS.

    Ian

  • 0 in reply to rfcat_vk

    Sure thats tru, but for that scenario ive created a separated topic ;)

    In this case im trying to achive if ipcamAPP which is requesting  to public ip -> this request NAT to local IP of an IPCam

    So i wrote on diagram

    IPCAM ->NAT -> LOCALIP CAM. To see if i can bypass public ip server of IPcam vendor. I hope this is explained correctly ^^

     

    Im refering to this yt video:
    https://www.youtube.com/watch?v=tohFRoJbsIM

    so if this would work with DNS why it shouldnt with  some other services ;)

  • 0 in reply to rfcat_vk

    I use the following DNAT to redirect all internal DNS traffic to the XG Firewall which is set up as a DNS server.  It works very well.  To prevent DNS access to the WAN, my other NAT & firewall rules do not permit any DNS access to the WAN.  That way only the DNS servers I specify are used.

    In the sample below, you can simply change the Translated destination (DNAT) to the IP you want to act as your DNS server.

  • 0 in reply to Casual_User

    I'll check it right away ! If im good remember i have been doing it like you have and it didint work, ill check again

  • 0 in reply to Casual_User

    So now my rules looks this:

    NAT:

    FW rule accessing local DNS:

    Im using DoH and DNSoverTLS

  • 0 in reply to Casual_User

    So i did some testing like:

    i have set a static DNS ips on a laptop and im trying to reach some web pages - unfortunately "cant find page"

    as i understand the requests should be translated to my local dns so i shloud be able to browser internet, but im not ;)

    Wireshark results of an query

    maybe there is sth messed-up in NAT rule. I wanna admit that MY DNS server isnt in the same LAN - its on the separeted interface plugged to XG, different subnet ;)