rdr dns requests

[bluetick]

I need to redirect dns to a single ip, does this line need to be before or after nat??

# 
nat/rdr
nat on $ext_if from !($ext_if) to any -> ($ext_if:0)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $int_if inet proto udp from any to any port 53 -> 208.67.222.222 port 53

Thanks,

 

[SirDice]

A rdr always comes after nat rules and before any pass/block rules.

Also keep in mind that DNS also uses TCP, in some cases even for a 'simple' query.

 

[DutchDaemon]

The nat rule usually goes first. That would be logical in this case as well, because you're making a call to an external IP address for which NAT needs to be active.