I have the below script running on my router to force client to use router dns and to direct certain traffic to a proxy I have running on the router. Do the rules look okay?
Code:
#!/bin/sh
iptables -I PREROUTING -t nat -p udp -s `nvram get lan_ipaddr`/`nvram get lan_netmask` ! -d `nvram get lan_ipaddr`/`nvram get lan_netmask` --dport 53 -j DNAT --to-destination `$
iptables -t nat -A PREROUTING -i br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s 192.168.0.1 -p tcp -d 216.239.32.20 --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s 192.168.0.1 -p tcp -d bing.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s 192.168.0.1 -p tcp -d uk.search.yahoo.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s 192.168.0.1 -p tcp -d youtube.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s 192.168.0.1 -p tcp -d m.youtube.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -I POSTROUTING -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp -j SNAT --to `nvram get lan_ipaddr`
iptables -I FORWARD -i br0 -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp --dport 8118 -j ACCEPT