No such feature when running in AP mode. AP mode gives options of wireless settings (SSID etc) and IP for management of the device.
On Thu, Oct 29, 2020 at 2:17 AM TJ Trout <t...@pcguys.us> wrote: > Have you tried disabling the 'redirect when wan down' feature? I'm > guessing they hijack the dns to redirect the user to a captive portal "your > internet is down" error page possibly? > > On Wed, Oct 28, 2020 at 1:42 PM Anurag Bhatia <m...@anuragbhatia.com> wrote: > >> I tried deleting the rule and it drops the traffic completely. So DNS >> resolution stops working and I am unsure why. It's not like default drop or >> anything. I can edit the rule and whatever active port 53 related rule is >> there works. But I want case of no such rule at all. :-) >> >> >> I setup pihole on Intel NUC little while ago and all Pihole gets is 100% >> of wifi client traffic behind Asus wifi management IP. :-\ >> >> >> Plus no matter what DNS I put, queries goes via whatever router gave up >> when Asus booted up. >> >> >> Here's how creepy it gets: >> >> On Rasberry Pi (which is not behind Asus AP but a different switch) >> >> anurag@raspberrypi:~ $ dig whoami.akamai.com @1.1.1.1 a +short >> whoami.akamai.net. >> 162.158.226.218 >> anurag@raspberrypi:~ $ dig whoami.akamai.com @8.8.8.8 a +short >> whoami.akamai.net. >> 172.253.244.3 >> anurag@raspberrypi:~ $ dig whoami.akamai.com @9.9.9.9 a +short >> whoami.akamai.net. >> 103.224.242.10 >> anurag@raspberrypi:~ $ >> >> All normal and good. >> >> >> >> Now, from the device (which is behind Asus AP): >> >> ~> dig whoami.akamai.net @1.1.1.1 a +short >> 172.217.34.65 >> >> ~> dig whoami.akamai.net @8.8.8.8 a +short >> 172.217.34.65 >> >> ~> dig whoami.akamai.net @9.9.9.9 a +short >> 172.217.34.65 >> >> dig whoami.akamai.net @1.2.3.4 a +short >> 172.217.34.65 >> >> dig whoami.akamai.net @5.6.7.8 a +short >> 172.217.34.65 >> >> >> Essentially Asus picked 8.8.8.8 because I put that during the test and >> rebooted the AP. I will stick with 8.8.8.8 until DHCP lease expires and the >> new server is provided. >> >> >> On Thu, Oct 29, 2020 at 2:01 AM Neil Hanlon <n...@shrug.pw> wrote: >> >>> And if so, can you set up your own service to remove their iptables rule >>> after it's been added or otherwise counteract it. >>> >>> At least temporarily, anyways. >>> >>> -Neil >>> >>> On Wed, Oct 28, 2020 at 4:26 PM Ryan Hamel <r...@rkhtech.org> wrote: >>> >>>> I'm curious to know why they would add such a thing, and how you got >>>> the iptables rules from the device. Do these Asus routers provide SSH >>>> directly into the shell? >>>> >>>> Ryan >>>> On Oct 28 2020, at 11:33 am, Anurag Bhatia <m...@anuragbhatia.com> wrote: >>>> >>>> Hello, >>>> >>>> Wondering anyone from Asus here or anyone who could connect me to the >>>> developers there? >>>> >>>> Using Asus RT-AC58U in Access Point(AP) mode and expect it to simply >>>> bridge wired with wireless but seems like it's re-writing DNS packets >>>> source as well as the destination. >>>> >>>> >>>> 1. DNS port 53 traffic going out, the source is re-written with the >>>> management IP of the AP on the LAN. So virtually all DNS traffic hits >>>> the >>>> router from the (management) IP of the Asus AP instead of real clients. >>>> >>>> 2. If I define DNS as x.x.x.x on DHCP, the Asus AP picks that up >>>> and re-writes destination to x.x.x.x and hence even if any client uses >>>> y.y.y.y, the packets are simply re-written. >>>> >>>> >>>> I see the rule in iptables on Asus AP. All these issues give an idea >>>> that someone created AP mode (besides regular routing mode) and missed to >>>> disable the DNS related NATing features in the AP mode. So far my >>>> discussions with their support have been going quite slow and would greatly >>>> appreciate if someone could connect me to right folks in there so they can >>>> release a firmware fix for it. >>>> >>>> >>>> >>>> Thanks. >>>> >>>> -- >>>> Anurag Bhatia >>>> anuragbhatia.com >>>> >>>> >> >> -- >> Anurag Bhatia >> anuragbhatia.com >> > -- Anurag Bhatia anuragbhatia.com
