I'm wanting to restrict DNS to the OpenDNS that I have setup in the router. I.e., I don't want clients able to bypass it by entering their own DNS entry. This page:
https://wiki.openwrt.org/doc/howto/netfilter seems to have a couple of rules that do what I want:
iptables -t nat -A PREROUTING -i $LAN -p tcp --dport 53 -j REDIRECT --to-port 53
iptables -t nat -A PREROUTING -i $LAN -p udp --dport 53 -j REDIRECT --to-port 53
So I went to the OpenWRT config section and added those lines to Firewall/Custom rules. I then went to Status/Firewall and selected the link to restart the firewall. The list of rules didn't appear to change. I then ssh'd in, and tried /etc/init.d/vpn-g restart and that seems to give me some errors:
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
at stop
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: stop ordered, but IPsec appears to be already stopped!
ipsec_setup: doing cleanup anyway...
killall: pptpd: no process killed
killall: bcrelay: no process killed
sh: bad number
I commented my custom lines out, but I still get these errors. I don't think I added anything else in the past, but I tried doing the "reset" on each page, but I still get those errors.
Any clue what I need to do to get those rules enabled?
Thanks!