Guest Network Different DNS Server

[vlord]

How would I setup DHCP/DNS on my guest networks so that the guest network clients obtain a different DNS server than on the non guest network? This is for 374.43_2-11E1j9527 on an AC66R.

Are the guest network DHCP settings configurable? I've looked at the dnsmasq.conf but wasn't sure what to set to be specific to just the guest network.

 

[vlord]

So I've been playing with a number of options to accomplish something that I would have believed to be otherwise something simple. I have internal DNS for my home network but want to keep my guest network segregated as much as possible.

Options I've considered:

1. Creating a separate wl0.1 and wl1.1 network with separate DHCP scope
2. Use ebtables to limit access from wl0.1 and wl1.1 to port 53 on my DNS server on my home network
3. Use ebtables to limit access from wl0.1 and wl1.1 to my DNS server on my home network

Option 1 is ideal but no ideal how to use dnsmasq to accomplish this.

Option 2: Tried the following -

#!/bin/sh


# Allows DNS Resolution for Guest Network Users
DNS1=192.168.0.4
DNS2=192.168.0.6

# First we will enable wl0 which is the 2.4GHz network
ebtables -I FORWARD -o wl0.1 -p IPv4 --ip-source $DNS1 --ip-protocol UDP --ip-source-port 53 -j ACCEPT
ebtables -I FORWARD -o wl0.1 -p IPv4 --ip-source $DNS2 --ip-protocol UDP --ip-source-port 53 -j ACCEPT
ebtables -I FORWARD -i wl0.1 -p IPv4 --ip-destination $DNS1 --ip-protocol UDP --ip-destination-port 53 -j ACCEPT
ebtables -I FORWARD -i wl0.1 -p IPv4 --ip-destination $DNS2 --ip-protocol UDP --ip-destination-port 53 -j ACCEPT

# Next we will enable wl1 which is the 5.8GHz network
ebtables -I FORWARD -o wl1.1 -p IPv4 --ip-source $DNS1 --ip-protocol UDP --ip-source-port 53 -j ACCEPT
ebtables -I FORWARD -o wl1.1 -p IPv4 --ip-source $DNS2 --ip-protocol UDP --ip-source-port 53 -j ACCEPT
ebtables -I FORWARD -i wl1.1 -p IPv4 --ip-destination $DNS1 --ip-protocol UDP --ip-destination-port 53 -j ACCEPT
ebtables -I FORWARD -i wl1.1 -p IPv4 --ip-destination $DNS2 --ip-protocol UDP --ip-destination-port 53 -j ACCEPT

Not sure why the above doesn't work. Maybe I need to select a source of /24?

Option 3: This is what I've been able to get working. It's the least ideal solution.

#!/bin/sh

ebtables -I FORWARD -s 00:0C:29:11:12:13 -j ACCEPT                    #MAC of DNS1
ebtables -I FORWARD -d 00:0C:29:11:12:13 -j ACCEPT                    #MAC of DNS1
ebtables -I FORWARD -s 00:0C:29:12:12:14 -j ACCEPT                    #MAC of DNS2
ebtables -I FORWARD -d 00:0C:29:12:12:14 -j ACCEPT                    #MAC of DNS2

Of note, ebtables already drops wl0.1 and wl1.1 in and out.

Any ideas / help would be greatly appreciated.

 

[vlord]

Bump

 

[hardtotell]

I would like to know this too. FYI, the router has two bridge tables.
ebtables -t filter -L
ebtables -t broute -L