running PiHole and trying to redirect all 53 traffic to the rPi but not having much luck.  if I turn this rule on it blocks the rPi (both 192.168 entries below) and causes a redirect loop.  guessing that the -not- exclude isn't working properly, tho it shows up fine in Luci.  has anyone tried this before?

config redirect
        option target 'DNAT'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '53'
        option dest_ip '192.168.x.x'
        option dest_port '53'
        option name 'dns'
        option src 'lan'
        option enabled '0'
        option src_ip '!196.168.x.x'

(Last edited by papasan on 27 Mar 2018, 16:36)

put these lines in /etc/firewall.user and I *think* they're working.  no errors at least.  would have rather kept it in Luci just to keep it all together but oh well, at least the lines show up in the custom section...

iptables -t nat -A PREROUTING ! -s 192.168.x.x -p udp --dport 53 -j DNAT --to-destination 192.168.x.x:53
iptables -t nat -A PREROUTING ! -s 192.168.x.x -p tcp --dport 53 -j DNAT --to-destination 192.168.x.x:53

(Last edited by papasan on 27 Mar 2018, 18:46)

Try 192.168 instead. 196.168 is not an RFC1918 prefix so isn't available for private use unless you've bought the range from a Togo ISP.

oh, wow.  yep, that was it simple fat-finger.  thanks.

You're welcome!