Have been looking at this and keep finding conflicting information. Or maybe I'm not understanding the materials correctly (always a possibility with me ).
Need to filter content of specific devices via OpenDNS and need to have others go without this restriction. Wondering if this is possible and if so, if you can provide me with information/links.
Found some more info while googling. I am using FamilyShield DNS resolvers at 208.67.222.123 and 208.67.220.123 from OpenDNS and wanted to exclude one PC from it - MyPC - from this restriction. Following are my steps:
(1) Added first DNS to Local DNS in DD-WRT
(2) Added both DNS to static DNS1 and DNS2 respectively
(3) Created static lease for My-PC with mac address
(4) Added following code to Firewall:
# For My-PC, use WAN DNS
##############################################
iptables -t nat -A PREROUTING -i br0 -s My-PC -p tcp --dport 53 -j DNAT --to $(nvram get wan_get_dns | awk -F' ' '{print $1}')
iptables -t nat -A PREROUTING -i br0 -s My-PC -p udp --dport 53 -j DNAT --to $(nvram get wan_get_dns | awk -F' ' '{print $1}')
# For every other client, use LAN DNS.
################################################
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
while testing I found that My-PC is also blocked from sites as are other devices.
Have been looking at this and keep finding conflicting information. Or maybe I'm not understanding the materials correctly (always a possibility with me ).
Need to filter content of specific devices via OpenDNS and need to have others go without this restriction. Wondering if this is possible and if so, if you can provide me with information/links.
Thank you for your assistance.
You can exclude forced dns redirection on machine(s) using (!) which means "not" in Linux and netmask... First make static lease to your PC machine(s). Then try:
[quote="Mile-Lile"]You can exclude forced dns redirection on machine(s) using (!) which means "not" in Linux and netmask... First make static lease to your PC machine(s). Then try:
what should I do if I have devices whose IP are not sequential? i.e. 30, 45, 87 etc.
put static IP leases to machines that you want to be excluded but out of the DHCP pool... e.g. your DHCP pool is 192.168.1.100-150. Asign static leases 192.168.1.17-30 using http://www.subnet-calculator.com/ it should be like this:
I'm afraid your original recommendation did not work for me (I think the above link's OP also had an issue with that).
Using the solution from the above link, I still get my PC blocked. That tells me that perhaps I'm doing something wrong before adding the code to Firewall.
Here are the exact steps that I took:
FamilyShield DNS 208.67.222.123 and 208.67.220.123
(1) Added first DNS to Local DNS in DD-WRT
(2) Added both DNS to static DNS1 and DNS2 respectively
(3) Created static lease for My-PC with mac address
(4) Added code to Firewall
Am I missing some other step like - enabling Local DNS etc. somewhere?
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Wed Jul 08, 2015 13:12 Post subject:
Ok. Lets do it like this. On Basic/Setup page enter this values. Do not enter any dns, local dns etc... Router will grab it from your ISP.
Your Ip pool will be 192.168.1.97-192.168.1.127. 30 IPs. Hope you do not have more than 30 machines?
[quote="Mile-Lile"]hope you have latest build?[/quote]
Thank you.
That WORKS!!
I set the router to factory configuration and just did the basic settings that KrypteX had suggested. Made a backup of these settings.
Now applied your code and see that OpenDNS is bypassed on the machine and is working on others.
Would you mind if I asked you another question since this is all tied together? With your code for OpenDNS, how do I now set up my router for AdBlock? The regular approach does not seem to be working for me.
My router info:
Router - ModelTP-Link TL-WR841ND v9
Firmware Version - DD-WRT v3.0-r27456 (06/27/15) std
Kernel Version - Linux 3.18.16 #3271
Thank you again for your assistance. Couldn't have done this without your help.
@Mile-Lile
Since there are 2 DNS addresses, should I not have both applied to each udp and tcp codes above? Or am I mistaken in my understanding? Please advise.