{"id":664,"date":"2024-08-28T17:37:50","date_gmt":"2024-08-28T17:37:50","guid":{"rendered":"https:\/\/cleanbrowsing.org\/help\/?post_type=ht_kb&#038;p=664"},"modified":"2025-05-21T11:43:19","modified_gmt":"2025-05-21T11:43:19","slug":"redirect-dns-traffic-with-dnat-on-ubiquiti-dreampro-gateway","status":"publish","type":"ht_kb","link":"https:\/\/cleanbrowsing.org\/help\/docs\/redirect-dns-traffic-with-dnat-on-ubiquiti-dreampro-gateway\/","title":{"rendered":"Redirect DNS Traffic with DNAT on Ubiquiti DreamPro Gateway"},"content":{"rendered":"\n<p>A common evasion technique network administrators have to contend with is when a user makes local changes to their network settings. In most cases, by default, when a user makes a local change to their network settings they can easily bypass your network controls. <\/p>\n\n\n\n<p>To help mitigate this risk, we will create rules in our router that hijack all DNS requests and force the clients making the request to use your preferred option. <\/p>\n\n\n\n<p>Here is a video that shows you how you can do this:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"How To Hijack DNS Traffic using DNAT with Ubiquiti DreamPro Gateway\" width=\"643\" height=\"362\" src=\"https:\/\/www.youtube.com\/embed\/5TwDQm5BrDg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-redirect-dns-traffic-on-a-network-with-dnat\">Redirect DNS Traffic on a Network with DNAT<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-step-1-log-into-your-firewall-router\">Step 1. Log into your Firewall \/ Router<\/h3>\n\n\n\n<p>Every router is different, log into yours.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-step-3-navigate-to-routing\">Step 3. Navigate to Routing<\/h3>\n\n\n\n<p>This is specific to the Ubiquiti OS but your router might have routing options similar to this. <\/p>\n\n\n\n<p>In this instance, you are going to <strong>Routing > NAT<\/strong><br><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1098\" height=\"531\" src=\"https:\/\/cleanbrowsing.org\/help\/wp-content\/uploads\/2024\/08\/Ubiquiti-NAT-Settings.png\" alt=\"\" class=\"wp-image-665\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-step-4-destination-nat\">Step 4. Destination NAT<\/h2>\n\n\n\n<p>Traditional DNAT is known at Dynamic NAT, which is a bit different here. Instead you want to go to the &#8220;<strong>Destination<\/strong>&#8221; tab on the NAT menu like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1092\" height=\"499\" src=\"https:\/\/cleanbrowsing.org\/help\/wp-content\/uploads\/2024\/08\/Ubiquiti-NAT-Destination.png\" alt=\"\" class=\"wp-image-666\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-step-5-create-a-destination-entry\">Step 5. Create a Destination Entry<\/h2>\n\n\n\n<p>Now we&#8217;re going to create a rule that does the routing we want &#8211; <strong>hijack all DNS requests and force the use of your preferred resolver<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Attribute<\/th><th>Value<\/th><\/tr><\/thead><tbody><tr><td>Name<\/td><td>Redirect DNS Traffic<\/td><\/tr><tr><td>Protocol<\/td><td>TCP\/UDP<\/td><\/tr><tr><td>Interface<\/td><td>Default<\/td><\/tr><tr><td>Destination Port<\/td><td>53<\/td><\/tr><tr><td>Translated IP Address<\/td><td>185.228.168.168<\/td><\/tr><tr><td>Translated Port<\/td><td>53<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The <strong>Translated IP Address<\/strong> is where you want to sent the traffic, this is where you can enter your preferred DNS resolver. When it&#8217;s done, it&#8217;ll look like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1093\" height=\"681\" src=\"https:\/\/cleanbrowsing.org\/help\/wp-content\/uploads\/2024\/08\/Ubiquiti-NAT-Desintation-NewRule.png\" alt=\"\" class=\"wp-image-667\"\/><\/figure>\n\n\n\n<p>That should be all you need, give it a minute or two and you should be able to test on your devices. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>A common evasion technique network administrators have to contend with is when a user makes local changes to their network settings. In most cases, by default, when a user makes a local change to their network settings they can easily bypass your network controls. To help mitigate this risk, we&#8230;<\/p>\n","protected":false},"author":1,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"ht-kb-category":[24],"ht-kb-tag":[45],"class_list":["post-664","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-tips-and-tricks","ht_kb_tag-ubiquiti"],"_links":{"self":[{"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/ht-kb\/664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/comments?post=664"}],"version-history":[{"count":1,"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/ht-kb\/664\/revisions"}],"predecessor-version":[{"id":668,"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/ht-kb\/664\/revisions\/668"}],"wp:attachment":[{"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/media?parent=664"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/ht-kb-category?post=664"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/cleanbrowsing.org\/help\/wp-json\/wp\/v2\/ht-kb-tag?post=664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}