What's new

Asuswrt-Merlin 374.39 is out

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

The host file is accessed by dnsmasq for those local resolutions. DNSFiltering totally bypasses dnsmasq, so entries located in hosts won't resolve either.

What about using two of the OpenDNS Premium DNS nameservers (208.67.222.222, 208.67.220.220, 208.67.220.222 & 208.67.222.220) or OpenDNS FamilyShield nameservers (208.67.222.123 & 208.67.220.123) in the WAN > WAN DNS Setting section? Wouldn't that effectively allow OpenDNS functionality and/or filtering for all users without affecting local hostname resolution? Thanks.

Correct.
Key here is, filtering for all users.

Understood completely. So, Merlin, how hard would it be to add Tertiary and Fourth DNS entries to the WAN DNS Settings section? I, for one, would really appreciate these additions in the next release. Thank you!
 
Understood completely. So, Merlin, how hard would it be to add Tertiary and Fourth DNS entries to the WAN DNS Settings section? I, for one, would really appreciate these additions in the next release. Thank you!

Can't you bypass then adding dns server on client? Also I don't think that's how it works, secondary dns, etc are not used unless the primary fails but I could be wrong on that.
 
Last edited:
Sorry another question: Are you guys using the normal .39 or .39-em version?
 
Sorry another question: Are you guys using the normal .39 or .39-em version?

.39-em here on my rt-n66u
 
If you're just going to change the DNS servers and not use DNSFilter, you will probably want to use iptables to make sure all DNS traffic from your entire network or from specific machines hits the proper DNS servers regardless of the client-side settings.
 
Quote:
Originally Posted by lwizard View Post
I had applied this patch on your previous firmware:

cat << EOF > /jffs/scripts/smb.postconf
#!/bin/sh
CONFIG=\$1
sed -i '/\[global\]/abind interfaces only = yes' \$CONFIG
EOF
chmod a+rx /jffs/scripts/smb.postconf
service restart_nasapps

Do I have to clear this mod before updating to you latest version or does not matter?

Thanks!
Remove it before or after upgrading, it does not matter.
__________________


How can I remove patch? I have tried editing with Nano /jffs/scripts/smb.postconf but file seems void /not existing..

You don't need to edit the file. Make sure jffs is mounted. Then ssh into the router and remove the file.
 
What about using two of the OpenDNS Premium DNS nameservers (208.67.222.222, 208.67.220.220, 208.67.220.222 & 208.67.222.220) or OpenDNS FamilyShield nameservers (208.67.222.123 & 208.67.220.123) in the WAN > WAN DNS Setting section? Wouldn't that effectively allow OpenDNS functionality and/or filtering for all users without affecting local hostname resolution? Thanks.

Yes, provided you don't mind the all-or-nothing approach. And with 374.39, this solution would work. Previously, the router would forward all local hostname queries upstream, which would get caught by OpenDNS's NXDOMAIN override, returning bogus IPs for LAN devices. 374.39 addressed this issue.
 
Understood completely. So, Merlin, how hard would it be to add Tertiary and Fourth DNS entries to the WAN DNS Settings section? I, for one, would really appreciate these additions in the next release. Thank you!

Having more than two DNS is kinda pointless. If you have as many as three DNS that are down out of four, name resolution would become so sluggish that you would still have to handle the issue. So, two is sufficient, and ideal.

Having more DNS is only needed to address cases where one might be down or overloaded.
 
RMerlin, can you reproduce the Norton DNS filter problem some are reporting on the RT-N66U? (IPv6 = Off)
 
Hey Merlin I originally setup opendns as such

iptables -I FORWARD 1 -p udp -o `nvram get wan0_ifname` -d 208.67.222.222 --dport 53 -j ACCEPT
iptables -I FORWARD 2 -p udp -o `nvram get wan0_ifname` -d 208.67.220.220 --dport 53 -j ACCEPT
iptables -I FORWARD 3 -p udp -o `nvram get wan0_ifname` --dport 53 -j DROP

Do I no longer need this setup since its under parental controls? I would like to use the option to set it to a specific IP instead of globally.
 
Thanks RMerlin this firmware is great!

Question about the dnsfiltering, you mention it bypasses dnsmasq and I was wondering if it is possible not to for certain destinations? At the moment I am forcing the use of nosslgoogle using dnsmasq so I can force safesearch using privoxy running on the router. I have iptables directing google searches plus other searches and forcing router dns through the proxy like so:

Code:
address=/google.com/216.239.32.20
address=/google.co.uk/216.239.32.20

Code:
iptables -I PREROUTING -t nat -p udp -s `nvram get lan_ipaddr`/`nvram get lan_netmask` ! -d `nvram get lan_ipaddr`/`nvram get lan_netmask` --dport 53 -j DNAT --to-destination `$
iptables -t nat -A PREROUTING -i br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d 216.239.32.20 --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d bing.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d uk.search.yahoo.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -I POSTROUTING -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp -j SNAT --to `nvram get lan_ipaddr`
iptables -I FORWARD -i br0 -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp --dport 8118 -j ACCEPT

Is it possble for this to run in conjunction with the new dns feature?

Oh and any chance of adding dyn.com's internet guide service which I switched to from opendns due to at the time better filtering and a nice clean block page as well as them providing dyndns. :D
 
Last edited:
Sorry guys but what's the difference of version 39 vs 39_em for the N66U? I'm running 38_em now. Is either ok or the "em" version better for the 66?

Tanks as always Merlin. Someone buy this guy a frosty one! ..... if you drink. ;)
 
Merlin,
I noticed that asus releases 3.0.0.4.374_2239 on their website recently, is this using the source as yours or a newer source?
 
There is no source code for _2239 since it's a Beta release. Merlin's .39 firmware is based from 374.583 GPL.
 
RMerlin, can you reproduce the Norton DNS filter problem some are reporting on the RT-N66U? (IPv6 = Off)

No, it's been working perfectly for me on all three devices that I tested it (Nexus 7, my wifi laptop and a wired desktop).

It's either a regional thing, or your computer has an IPv6 DNS configured - verify by using "ipconfig /all". Even if you don't have an IPv6 connection, you could still have an IPv6 DNS configured somehow.
 
Hey Merlin I originally setup opendns as such

iptables -I FORWARD 1 -p udp -o `nvram get wan0_ifname` -d 208.67.222.222 --dport 53 -j ACCEPT
iptables -I FORWARD 2 -p udp -o `nvram get wan0_ifname` -d 208.67.220.220 --dport 53 -j ACCEPT
iptables -I FORWARD 3 -p udp -o `nvram get wan0_ifname` --dport 53 -j DROP

Do I no longer need this setup since its under parental controls? I would like to use the option to set it to a specific IP instead of globally.

That's correct. DNSFilter goes one step further by automatically redirecting DNS queries to the desired DNS, while the rules you implemented would simply
prevent clients from connecting at all to other DNS.
 
Is it possble for this to run in conjunction with the new dns feature?

No idea. You will have to give it a try, just make sure your rules are applied before the DNSFilter rule in the PREROUTING chain.

Oh and any chance of adding dyn.com's internet guide service which I switched to from opendns due to at the time better filtering and a nice clean block page as well as them providing dyndns. :D

Not sure what you are referring to, I don't see any "internet guide" reference on their website.
 
Merlin,
I noticed that asus releases 3.0.0.4.374_2239 on their website recently, is this using the source as yours or a newer source?

374_583 is probably slightly older, tho I cannot be sure by how much since they didn't release the 2239 source code. But based on some of its changelog entries, it's probably a week or two newer than 583.

The most recent MIPS code I have from them is 2078, which is about the same as ARM's 542.
 
Sorry guys but what's the difference of version 39 vs 39_em for the N66U? I'm running 38_em now. Is either ok or the "em" version better for the 66?

The difference is explained in the changelog.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top