You don't need to do any DNAT for this. This gets handled automatically by your SNAT rules. Basically you just need to go into your router's DHCP server configuration, and specify that you want it to hand-out the OpenDNS IPs as DNS addresses. If you want to make sure that only the OpenDNS servers are allowed, use a couple FORWARD rules like:
Code:
iptables -I FORWARD -p UDP -i $LAN_IFACE -o $WAN_IFACE --dport 53 -d ! 208.67.222.222 -j REJECT
iptables -I FORWARD -p UDP -i $LAN_IFACE -o $WAN_IFACE --dport 53 -d ! 208.67.220.220 -j REJECT
iptables -I FORWARD -p TCP -i $LAN_IFACE -o $WAN_IFACE --dport 53 -d ! 208.67.222.222 -j REJECT
iptables -I FORWARD -p TCP -i $LAN_IFACE -o $WAN_IFACE --dport 53 -d ! 208.67.220.220 -j REJECT
That said, I'm moving this to
Networking, as it's not a security question.
EDIT: Okay, just re-read your post and it seems you want to have DNS queries sent to OpenDNS regardless of whether the clients specified some other server. In that case, disregard what I said above.