ASUS-Merlin Firmware IP Tables Question

[justinnx]

Hello,

Sorry for the newby questions I am new to using the firmware on my recently purchased RT-AC66U ASUS Router. I am using this in a small business and using OPENDNS and would like to prevent users from using another DNS and after research found I need to set up the below IP Tables is this correct?

I am having a hard time how I implement these tables (if the below tables are correct)? Do I just log into the router IP via Putty & TELNET and run these 3 commands and that is it? Again sorry for the newby question as I have never done this before.




iptables -I FORWARD 7 -p udp -o eth0 -d 208.67.222.222 --dport 53 -j ACCEPT
iptables -I FORWARD 8 -p udp -o eth0 -d 208.67.220.220 --dport 53 -j ACCEPT
iptables -I FORWARD 9 -p udp -o eth0 --dport 53 -j DROP

 

[RMerlin]

Hello,

Sorry for the newby questions I am new to using the firmware on my recently purchased RT-AC66U ASUS Router. I am using this in a small business and using OPENDNS and would like to prevent users from using another DNS and after research found I need to set up the below IP Tables is this correct?

I am having a hard time how I implement these tables (if the below tables are correct)? Do I just log into the router IP via Putty & TELNET and run these 3 commands and that is it? Again sorry for the newby question as I have never done this before.




iptables -I FORWARD 7 -p udp -o eth0 -d 208.67.222.222 --dport 53 -j ACCEPT
iptables -I FORWARD 8 -p udp -o eth0 -d 208.67.220.220 --dport 53 -j ACCEPT
iptables -I FORWARD 9 -p udp -o eth0 --dport 53 -j DROP

Read the documentation on DNSFilter. It does exactly what you are trying to achieve, except it does it through a simple web interface instead of requiring manual iptable rules.

 

[justinnx]

Where can I read this at? Thanks for the reply!

 

[ColinTaylor]

I think the only doc's are in the README (https://github.com/RMerl/asuswrt-merlin/blob/master/README-merlin.txt) and on the web interface itself (http://192.168.1.1/DNSFilter.asp)

 

[justinnx]

If I understand this correctly i go to parental control ->dns filtering. As long as i have the OPEN DNS configured under WAN i select NO FILTERING here?

 

[RMerlin]

Do not change your WAN DNS, leave them to your ISP's. DNSFilter is a "self-contained" feature, it will allow you to enforce the DNS you configure under DNSFilter to specific clients (or all of them if you use the Global filter).

 

[justinnx]

Thanks RMerlin! I changed my DNS Settings under WAN as instructed by OPENDNS. Are you saying I remove those now? If I do how does it force the use OPEN DNS? I changed the setting to "ROUTER" in Parental Controls. (I want this GLOBALLY on the network). If you are saying I enter the DNS Settings under DNSFILTER what option do I select on the drop down (if thats what you are saying)

Please let me know if I have set this up correctly.

Thanks I will get a donation made for the great firmware and help!

 

[RMerlin]

Thanks RMerlin! I changed my DNS Settings under WAN as instructed by OPENDNS. Are you saying I remove those now? If I do how does it force the use OPEN DNS? I changed the setting to "ROUTER" in Parental Controls. (I want this GLOBALLY on the network). If you are saying I enter the DNS Settings under DNSFILTER what option do I select on the drop down (if thats what you are saying)

Please let me know if I have set this up correctly.

Thanks I will get a donation made for the great firmware and help!

I thought that the documentation and the web interface were pretty self explanatory already...

Leave your WAN to the ISP DNS.

On the DNSFIlter page, enable it, and simply select "OpenDNS" in the dropdown for global filter mode. You don't need to specify any DNS IP at all.