My son's computers are hooked up to Opendns and I am using the following rules to stop him changing his dns settings
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
I have looked at these rules
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.128/25 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.128/25 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
and I am still unsure how to set up a rule so that my computer can use its own dns settings.
Could I use the same command to make a specific device on a static IP use a specific DNS? I have an IPTV device that I want to point specifically at my ISP DNS, whereas everything else I am forcing to use Open VPN.
I have a couple of questions around your answer
If my son was to set a static ip less than 192.168.1.128 an put in say googles dns does that mean he would in theory be able to by pass the OpenDNS settings on the router, if the second set of rules are in place.
If so can I do the following
Give the one computer a ip of 192.168.1.2 and change the rule to 192.168.1.3/25 ?
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Mon Jan 22, 2018 8:07 Post subject:
to force router's DNS settings use only, go to Basic Settings>Network Address Server Settings (DHCP)>turn on Forced DNS Redirection save apply, restart...
in that case your son will not be able to use any other DNS
even if try to bypass it on PC level _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
but I have run into one small problem, I hooked up a windows based PC let it get its IP via DHCP then turned on a VPN app and it went straight past the OpenDNS settings
I personally have never tried them but on Security->VPN Passthrough, you could disable these. I am sure that one could come up with a way around them but it will limit some.
My son's computers are hooked up to Opendns and I am using the following rules to stop him changing his dns settings
I wouldn't get too invested in stopping him if he is the determined type ... just sayin
If the boy is determined to go where he wants he will just use DNScrypt on his computer or phone or use a VPN provider
or setup his own ovpn server on a buddies router ....
My son's computers are hooked up to Opendns and I am using the following rules to stop him changing his dns settings
I wouldn't get too invested in stopping him if he is the determined type ... just sayin
If the boy is determined to go where he wants he will just use DNScrypt on his computer or phone or use a VPN provider
or setup his own ovpn server on a buddies router ....
After thinking about it and coming back to post but mrjcd beat me to it... he has physical/admin access to the computer and so many things are possible. Looking into locking down the devices is the better option.