VLAN IPtables Question

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
R

RAINMAN

New Member
Mar 5, 2016
18
6
3
39
I created 2 separate VLANs on my router. One for my trusted devices (192.168.254.x) and one for "things" (172.16.254.x) like smart switches and that sort of thing. I also was able to configure the router so that I have access from the 192 network to the 172 network but not vice versa. All works great so far.

I have an active directory setup that controls the DNS on the 192 network.

AD servers:
192.168.254.30
192.168.254.50

In the router (Tomato) I have to disable it being local DNS so that it uses my AD servers as the DNS. Those DNS servers then forward to a Pihole for adblocking (or root servers if the pihole was unavailable for some reason) and the pihole forwards to outside DNS for its non-cached lookups.

Pihole:
192.168.254.55

This all works great, the issue is with the new VLAN (172) I created. Since I have the router set to use the AD servers as DNS and the second VLAN cannot access the 192 network I cant resolve any DNS names. What I am looking for is what IPTABLES rule can I create so that I can allow traffic on port 53 (DNS) to get to 192.168.254.30 or 50 but nothing else.

I'm not really good with IPTABLES and have struggled with this so far so hopefully some guru can spit this out easily. It seems like it should be easy... I hope...
 
You must log in or register to reply here.
Top Bottom