networking - Rewrite outbound HTTP request on DD-WRT
2014-04
DDWRT In Seattle
I'm running a DD-WRT router (v24SP2-MULTI (11/04/12) std) on my home network and would like to rewrite all outgoing HTTP requests. Specifically, I'd like all requests made for xxx.example.org to be rewritten as a request for zzz.example.org at the router level.
Now, I realize how complex it would be to do this, so I've tried to tackle this at a more simpler level by using DNSMasq to set an absolute address for the domain by using the address directive like so: address=/xxx.example.org/1.2.3.4
While this works, the obvious problem I have is that the IP address could change. I'd be satisfied if I were able to tell DNSMasq to perform a lookup for a different domain instead of having to supply an absolute address, but I don't see that as possible according to the man pages.
My question boils down to: Using a DD-WRT router, can I have all internal to external HTTP requests for a specific domain actually leave the router to a different domain?
fede.evol
If you change just the IP resolution it is a half solution since the HTTP headers will still contain the information about the original query.
What you could do is install on the router a small proxy (for example Privoxy) and then do URL rewriting there (using REDIRECT and CLIENT-HEADER-FILTER if we talk about Privoxy).
Then you can point the browser to Privoxy or eventually use iptables to do transparent proxy so client doesn't even need to know about it. (for example see here for an idea on how to do it)
davidgo
If you want to rewrite all outgoing HTTP request at the router, the "best practice" way of doing this would be to install a transparent proxy]1 on the router. You would need to set up a basic redirector (or here) under squid as well in order to get it to work.
I do point out that, depending on what you are trying to do, if you can use an IP address rather then host name, you should be able to achieve this with a single IPTABLES rule to rewrite the target address (DNAT) using something like iptables -t nat -A PREROUTING -p tcp --dport 80 -i (INTERNALIF) -s old.ip.addr.ess -j DNAT --to new.ip.addr.ess
thatjuan
I have a DD-WRT router set up with DNSMasq to resolve certain domains to internal addresses and pass everything else thru. The router itself is configured to use Google's public DNS servers to resolve addresses..
My Setup screen looks like this:
My problem is that when a DHCP client connects, they get the router plus google's two DNS servers as the assigned DNS servers:
This is a problem because sometimes wireless clients try to resolve a domain that is supposed to point to an internal IP address and end up getting an external ip instead because for whatever reason their request is sent to 8.8.8.8 instead of to the router.
I don't want the router to serve anything but its own IP as the DNS server. Is that possible?
I'm using: Firmware: DD-WRT v24SP2-MULTI (03/21/11) std
CarlserversC
From http://www.dd-wrt.com/wiki/index.php/OpenDNS
It appears you can set the remaining dns servers to non-routable IPs (in my case 10.0.0.0 & 10.0.0.1) and it will squeeze out your ISPs DNS servers with these non-routables. So far for me it seems to be working without any delay waiting on the non-existent dns servers.
ZaB
If you do not want clients to reach external DNS do not put their addresses in your DHCP server config.
I suppose you wanted to add (eventually faster) google's DNS servers in a configuration of external DHCP Client (where DNSMASQ would take it's DNS client preferences)
Extra:
You have to add extra (all) DNS servers to WAN link configuration. DNSMasq will use them and never ones DHCP client would acquire from provider.
ultrasawblade
I've been having a similar problem after my router died and I've needed to get a flashed WRT160N running.
I have a box functioning as a local DNS server on 192.168.2.30 in my network. I basically want DHCP to only give out that address as a DNS server; I don't want DNS going anywhere else.
I'm using "Firmware: DD-WRT v24-sp2 (12/19/10) mini"
Doesn't seem to matter what combination of DNSMasq settings, DHCP settings, Local DNS, or whatever I use. If DNS Server 2 and DNS Server 3 are blank or match DNS Server 1, DD-WRT insists on handing out Comcast's DNS servers for those spots. I don't want this as I have 192.168.2.30 forwarding to OpenDNS for queries that aren't local.
I'm writing this off as a bug in this rather old (by now) version of DD-WRT and am going to be installling/configuring my own DHCP server on 192.168.2.30 and disabling DHCP on the router.
harrymc
I am not using DDWRT, so this is half-question / half-answer.
The manual DNSMasq as DHCP server says in the section "Extra DNSMasq options" :
There are some extra options in the web interface for DNSMasq that you can set by entering them in Additional DNSMasq Options on the "Services" tab.
If you wish to pass through the DNS servers from your ISP, you can use the following parameters:
dhcp-option=6, x.x.x.x, y.y.y.ywhere x.x.x.x = DNS1 y.y.y.y = DNS2
This seems to mean that passing the ISP servers is optional, so locating and deleting the above line should turn it off.
zackrspv
A typical configuration option for DD-WRT is to allow the router to route DNS outside of the ISP's primary DNS servers; which you have succesfully done; however, since the requests are generating from the CLIENT machine, connecting TOO the router, the order of preference is always given to the configured DNS on the client's machine, and then to the router.
What you are describing happening is that the client is associating with your router, which is correct, but their DNS shows your router IP + 2 other DNS settings. Please check the client computer, and make sure that their IPV4 settings are set to dynamically pull the DNS server configuration from the connection, and not manually configure it:
Then, make sure you have your DD-WRT router setup properly:
In your configuration above, you also have some issues; you have set the DHCP address range to start at 200 and end at 255; I would recommend you change that to start at 200 and end at 254; leaving the 255 address off, given that for normal configurations *.*.*.255 is a broadcast address, and not a normal IP address to use to assign to the associated client.
I highlighted the local DNS settings because you set yours to 127.0.0.1; which means you are running a local DNS server on the router. If this isn't the case, then change it to 0.0.0.0, or a proper address to a local DNS server on your network.
You'll notice that when the server & client are configured in this manner, only the routers DNS IP address will appear; and all requests will be routed through the DNS servers associated w/ the router.
Note on local DNS server If you wish the router to associate certain local address to local IP's you can add those to the DNSMasq configuration options in the proper DD-WRT screen, or use a local DNS server, and put in a proper IP address for that server (usually a static server, within the scope of the network). This way, the order of resolution will be the local server first, then the 2 external. But, still only the clients will see the router IP as the DNS server.