You can port forward when the destination is the firewall/router itself. It works fine for me otherwise I wouldn’t have suggested it.
luci should describe the match rule as ‘Incoming IPV4 From “lan” to “this device”, port 53’ and the action as ‘Forward to “lan” port 3053’. Basically it’s saying “anything received from lan to router-lan-ip:53 rewrite to go to router-lan-ip:3053”
The port forwarding works well, however it breaks vpn policies based on “Target Domain or IP”.
If you use that port forwarding AND vpn policies based on domain/IP, the policies doesn’t work after a while (or a reboot).
Seems that a perfect solution doesn’t exist… Too bad, using different DNS for clients inside Adguard Home is just too useful in some cases.
Only the DNS server function of dnsmasq would be disabled and the rest of the functions would be running, not bypassed. It should work like a separate DNS server at a different IP address.
portforward bypasses dnsmasq, the other solution disables dnsmasq.
if the dns query schema does not include dnsmasq, then the vpn policies will not work
Well, in the end I decided to use 2 routers to achieve my needs. On a Slate Plus I am running the Wireguard client with VPN policies, and a Slate AX connectet to it trough repeater is running Adguard Home with port forwarding. This way I can finally see all clients requests and I can set different DNS for clients inside Adguard Home (extremely useful for Prime videos e.g.)
I also have separate AdGuardHome, with 1 primary server running in Docker on a Synology NAS and 1 secondary/backup server running on a LAN-only GL-MV1000 Brume (no routing, so no port forwarding required).
Wouldn’t just installing the most current version of AGH on GL.Inet routers and using the instructions on openwrt.org be an easier solution?
mkdir /opt/
mkdir /opt/AdGuardHome
cd /opt/AdGuardHome
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
Change dnsmasq to port 54 after installing and set AGH to port 53 during the setup wizard or copy/paste your config into /opt/AdGuardHome/AdGuardHome.yaml and http://:3000 should show everything normally.
You don’t the AGH icon and stats page in the GL.Inet GUI this way, but you do get the latest version of AGH on port 53.
I had the same problem with my opal, however wanted to be able to disable adguardhome for captive portals and easiest to have it on the gl.inet front end (so didn’t want to change default dns port etc), so i put the routing change into the service start stop action…
good point about the local dnsmasq hostname lookup, hadn’t considered that!
i also built a custom firmware with all my settings built into it which comes in handy if i’m messing with my router on holidays and break something… means i can just reset it back to the known working state… very handy!
Do you have a DHCP server running on a separate router, not the GL-AX1800? In your procedure, dnsmasq is disabled, so DHCP will not be running on the GL-AX1800?
I do not work for and I am not directly associated with GL.iNet