RT-AC66U - DNS settings for guest Network

[bgcole]

Hello -

I have an AC66U running the latest Merlin firmware (380.64)

What I am trying to do is have wireless networks with different DNS settings. One that is for my kids that I can run through openDNS with very strong internet filtering settings, to protect them and to keep their friends from getting into trouble on my Network.

And then the other that I can connect to all of my other devices and adult phones to go through my normal ISP DNS settings.

The easiest way would have been if there were separate DNS settings for the 2.4 and 5 ghz networks, or an option for separate guest network DNS settings but none of those things are there or Im missing the option to configure them..

I do have another linksys router running dd-wrt that can be pulled in if needed but if anyone has an idea of how I can achieve this while just using the AC66U, it would be greatly appreciated. I hate that lnksys router. Thanks and Merry Christmas

 

[dmikester1]

Hello -

I have an AC66U running the latest Merlin firmware (380.64)

What I am trying to do is have wireless networks with different DNS settings. One that is for my kids that I can run through openDNS with very strong internet filtering settings, to protect them and to keep their friends from getting into trouble on my Network.

And then the other that I can connect to all of my other devices and adult phones to go through my normal ISP DNS settings.

The easiest way would have been if there were separate DNS settings for the 2.4 and 5 ghz networks, or an option for separate guest network DNS settings but none of those things are there or Im missing the option to configure them..

I do have another linksys router running dd-wrt that can be pulled in if needed but if anyone has an idea of how I can achieve this while just using the AC66U, it would be greatly appreciated. I hate that lnksys router. Thanks and Merry Christmas

I am wondering the exact same question. Do any of the 3rd party firmwares support this feature?

 

[Martineau]

Do any of the 3rd party firmwares support this feature?

Yes, if you are comfortable with creating a script - even cut'n'paste etc.!

There are many examples...probably a minimum of 11 lines? etc., although the script can be as complex as you like!

Spoiler: Example of a script

./GuestSubnet.sh -h
#=========================================================================================================== v01.01
#
# Configure Guest WiFi with new DHCP subnet and DNS using '/etc/dnsmasq.conf'
#
#
# Usage:    GuestSubnet  [ [wifi_interface | ssid ] | ['del'] ['autodnsmasq']] | ['help'|'-h']
#
#           GuestSubnet
#                        Guest WiFI interface wl0.1 will have the new DHCP subnet and DNS applied (default)
#           GuestSubnet  del
#                        Guest WiFI interface wl0.1 will be reset to default.
#           GuestSubnet  wl0.2 autodnsmasq
#                        Guest WiFi interface wl0.2 will have new DHCP and DNS directives inserted into /jffs/configs/dnsmasq.conf.add
#                        NOTE: dnsmasq will be bounced.
#           GuestSubnet  Guest242
#                        Guest WiFI SSID 'Guest242' (possibly wl0.2?) will have the new DHCP subnet and DNS applied
#
# /jffs/configs/dnsmasq.conf.add:
#
# e.g.
#
# 2.4GHz Guest #1 uses DHCP pool 10.88.241.2 - 10.88.241.20 and OpenDNS/Google DNS
#        interface=wl0.1
#        dhcp-range=wl0.1,10.88.241.2,10.88.241.20,255.255.255.0,21600s
#        dhcp-option=wl0.1,3,10.88.241.1
#        dhcp-option=wl0.1,6,208.67.220.220,8.8.8.8
#
# and will be included in /'etc/dnsmasq.conf' by command 'service restart_dnsmasq' and @boot time etc.

e.g. Assign DHCP/DNS to Guest Wifi 5GHz #3 (wl1.3)

./GuestSubnet.sh wl1.3
(GuestSubnet.sh): 7537 Guest WiFi 5GHz Client 3 SSID: G241 (wl1.3) 10.88.53.0/24 subnet created, using DNS 208.67.220.220,8.8.8.8

and check the status after connected to WiFi Guest 5GHz #3 and open https://ipleak.net to check IP address and DNS etc.

./GuestSubnet.sh wl1.3 status

  Guest WiFi wl1.3 Status
  =======================
wl1.3     Link encap:Ethernet  HWaddr AC:9E:17:7E:E4:A7
          inet addr:10.88.53.1  Bcast:10.88.53.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:3850 errors:0 dropped:0 overruns:0 frame:4143
          TX packets:4329 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:639108 (624.1 KiB)  TX bytes:1730268 (1.6 MiB)

 Guest WiFi wl1.3 Statistics
 ===========================
13: wl1.3: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
    link/ether ac:9e:17:7e:e4:a7 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    639108     3850     0       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    1730268    4329     0       0       0       0
 
 Guest WiFi wl1.3 -t filter INPUT rules
 ======================================
    3  1000 ACCEPT     udp  --  wl1.3  *       0.0.0.0/0            0.0.0.0/0            multiport dports 53,67
    0     0 ACCEPT     tcp  --  wl1.3  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
  141 12017 DROP       all  --  wl1.3  *       0.0.0.0/0            0.0.0.0/0            state NEW

 Guest WiFi wl1.3 -t filter FORWARD rules
 ========================================
 2237  279K ACCEPT     all  --  wl1.3  eth0    0.0.0.0/0            0.0.0.0/0
 
 Guest WiFi wl1.3 ebtables
 =========================
-p ARP -i wl1.3 -j DROP
-p IPv6 -i wl1.3 -j DROP
-p IPv4 -i wl1.3 -j DROP
-p IPv4 -i wl1.3 --ip-dst 10.88.8.0/24 --ip-proto tcp -j DROP

Reset back to default.....

./GuestSubnet.sh wl1.3 del
(GuestSubnet.sh): 8602 Guest WiFi 5GHz Client 3 SSID: G53 (wl1.3) 10.88.53.0/24 subnet deleted, reset to Asus default. 10.88.8.0/24