Created
March 11, 2021 14:55
-
-
Save Belphemur/f5f5afd19116ee17d4498f5ad87386a3 to your computer and use it in GitHub Desktop.
NextDNS catch all UDM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
SERVICE_FILE=nextdns-catchall.service | |
SOURCE_FILE_PATH=/data/${SERVICE_FILE} | |
SYSTEMD_FILE_PATH=/etc/systemd/system/${SERVICE_FILE} | |
if [ ! -f $SOURCE_FILE_PATH ]; | |
then | |
echo "Can't find service file" | |
exit 1 | |
fi | |
podman exec unifi-os stat $SYSTEMD_FILE_PATH | |
if [ $? -eq 0 ]; | |
then | |
echo "Already installed" | |
exit 0 | |
fi | |
podman exec unifi-os cp $SOURCE_FILE_PATH $SYSTEMD_FILE_PATH | |
podman exec unifi-os systemctl daemon-reload | |
podman exec unifi-os systemctl enable $SERVICE_FILE | |
podman exec unifi-os systemctl start $SERVICE_FILE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=NextDNS Catch all traffic | |
After=nextdns.service | |
Requires=nextdns.service | |
[Install] | |
WantedBy=multi-user.target | |
[Service] | |
Type=oneshot | |
RemainAfterExit=yes | |
ExecStart=/sbin/ssh-proxy iptables -t nat -N NEXTDNS_CATCHALL | |
ExecStart=/sbin/ssh-proxy iptables -t nat -A PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL | |
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:5553 | |
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:5553 | |
ExecStop=/sbin/ssh-proxy iptables -t nat -D PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL | |
ExecStop=/sbin/ssh-proxy iptables -t nat -F NEXTDNS_CATCHALL | |
ExecStop=/sbin/ssh-proxy iptables -t nat -X NEXTDNS_CATCHALL |
The problem with this catchall is that if you try to use different NextDNS IDs per VLAN, it does not work and everyone ends up using the same primary ID. Is there a workaround for this?
The problem with this catchall is that if you try to use different NextDNS IDs per VLAN, it does not work and everyone ends up using the same primary ID. Is there a workaround for this?
I'm having the same issue... Has anyone been able to find a workaround for this?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I put '10-nextdns-catchall.sh' in '/mnt/data/on_boot.d/' and 'nextdns-catchall.service' in '/data/' which I think is correct.
After a reboot of my UDM Pro I got it all working as intended.
Today I noticed that there was something strange with my lookups and saw that the iptables rules were missing.
I guess(!) that they were removed by unifi-os when I updated the firewall rules in the UDM Pro web page.
Can this be the case? If so, is there way to have them automatically reloaded?
(I'm new to Unifi and a few things are not as straight forward as my old OpenWrt router so I may have misunderstood completely.)