Have you tried disabling the 'redirect when wan down' feature? I'm guessing they hijack the dns to redirect the user to a captive portal "your internet is down" error page possibly?
On Wed, Oct 28, 2020 at 1:42 PM Anurag Bhatia <m...@anuragbhatia.com> wrote: > I tried deleting the rule and it drops the traffic completely. So DNS > resolution stops working and I am unsure why. It's not like default drop or > anything. I can edit the rule and whatever active port 53 related rule is > there works. But I want case of no such rule at all. :-) > > > I setup pihole on Intel NUC little while ago and all Pihole gets is 100% > of wifi client traffic behind Asus wifi management IP. :-\ > > > Plus no matter what DNS I put, queries goes via whatever router gave up > when Asus booted up. > > > Here's how creepy it gets: > > On Rasberry Pi (which is not behind Asus AP but a different switch) > > anurag@raspberrypi:~ $ dig whoami.akamai.com @1.1.1.1 a +short > whoami.akamai.net. > 162.158.226.218 > anurag@raspberrypi:~ $ dig whoami.akamai.com @8.8.8.8 a +short > whoami.akamai.net. > 172.253.244.3 > anurag@raspberrypi:~ $ dig whoami.akamai.com @9.9.9.9 a +short > whoami.akamai.net. > 103.224.242.10 > anurag@raspberrypi:~ $ > > All normal and good. > > > > Now, from the device (which is behind Asus AP): > > ~> dig whoami.akamai.net @1.1.1.1 a +short > 172.217.34.65 > > ~> dig whoami.akamai.net @8.8.8.8 a +short > 172.217.34.65 > > ~> dig whoami.akamai.net @9.9.9.9 a +short > 172.217.34.65 > > dig whoami.akamai.net @1.2.3.4 a +short > 172.217.34.65 > > dig whoami.akamai.net @5.6.7.8 a +short > 172.217.34.65 > > > Essentially Asus picked 8.8.8.8 because I put that during the test and > rebooted the AP. I will stick with 8.8.8.8 until DHCP lease expires and the > new server is provided. > > > On Thu, Oct 29, 2020 at 2:01 AM Neil Hanlon <n...@shrug.pw> wrote: > >> And if so, can you set up your own service to remove their iptables rule >> after it's been added or otherwise counteract it. >> >> At least temporarily, anyways. >> >> -Neil >> >> On Wed, Oct 28, 2020 at 4:26 PM Ryan Hamel <r...@rkhtech.org> wrote: >> >>> I'm curious to know why they would add such a thing, and how you got the >>> iptables rules from the device. Do these Asus routers provide SSH directly >>> into the shell? >>> >>> Ryan >>> On Oct 28 2020, at 11:33 am, Anurag Bhatia <m...@anuragbhatia.com> wrote: >>> >>> Hello, >>> >>> Wondering anyone from Asus here or anyone who could connect me to the >>> developers there? >>> >>> Using Asus RT-AC58U in Access Point(AP) mode and expect it to simply >>> bridge wired with wireless but seems like it's re-writing DNS packets >>> source as well as the destination. >>> >>> >>> 1. DNS port 53 traffic going out, the source is re-written with the >>> management IP of the AP on the LAN. So virtually all DNS traffic hits the >>> router from the (management) IP of the Asus AP instead of real clients. >>> >>> 2. If I define DNS as x.x.x.x on DHCP, the Asus AP picks that up and >>> re-writes destination to x.x.x.x and hence even if any client uses >>> y.y.y.y, >>> the packets are simply re-written. >>> >>> >>> I see the rule in iptables on Asus AP. All these issues give an idea >>> that someone created AP mode (besides regular routing mode) and missed to >>> disable the DNS related NATing features in the AP mode. So far my >>> discussions with their support have been going quite slow and would greatly >>> appreciate if someone could connect me to right folks in there so they can >>> release a firmware fix for it. >>> >>> >>> >>> Thanks. >>> >>> -- >>> Anurag Bhatia >>> anuragbhatia.com >>> >>> > > -- > Anurag Bhatia > anuragbhatia.com >
