Hi Luigi
Strictly speaking this has nothing to do with dnsmasq, and is a question
of how to do policy-routing.
I assume you're using linux since you mention iptables.
A good starting point for policy routing with linux is
https://tldp.org/HOWTO/Adv-Routing-HOWTO/
respectively https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html
What i would do is to create a routing rule that redirects your frames
to a separate routing table.
By the default the routing rules look like this:
# maym@Orpheus:~$ ip rule
# 0: from all lookup local
# 32766: from all lookup main
# 32767: from all lookup default
You can create a new routing table (e.g table 100) that contains a
different default gateway.
# maym@Orpheus:~$ sudo ip route add default via 10.0.8.99 table 100
# maym@Orpheus:~$ ip route show table 100
# default via 10.0.8.99 dev wlan0
Now create a routing rule that matches your traffic and calls the table 100:
# maym@Orpheus:~$ sudo ip rule add pref 100 iif lo proto 17 dport 53
lookup 100
# maym@Orpheus:~$ ip rule
# 0: from all lookup local
# 100: from all iif lo dport 53 lookup 100 proto 17
# 32766: from all lookup main
# 32767: from all lookup default
Now all traffic originating:
from the device itself (iif lo)
with proto 17 (udp)
to the destination port 53 (dns)
will be directed to the routing table 100 which contains the default
gateway to the router you want to use.
BR
Matthias
On 22/09/2023 15:10, Luigi Baldoni wrote:
Hello,
after a few days of fruitless efforts, I thought of asking you all directly.
I need dnsmasq to send its queries to the upstream server via a different
route than everything else. I've tried adding the @interface parameter to
the --server option but I don't think I quite understand how it's supposed
to work.
Then I've attempted to mark the packets originating from the dnsmasq process
via the iptables owner module, also with little success.
Before I proceed any further with these experiments, I would like to know
whether I'm missing something, or if someone has found a different way to
do this.
Thanks
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://urldefense.com/v3/__https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss__;!!I9LPvj3b!B5ufkCPULSxnt3FjUe0ZvdgQYisVtbnoP_jvcsm9droDBts9Pe8Dsw2EuLsUBxoFy5MKDHvMZKv7X1_ueQ$
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
