Force the use of OpenDNS with an Edimax router

1

1

I am using an Edimax router on my home network and have set the default DNS addresses to those of OpenDNS's Family Shield. But now I realise the protection is safe only if I force the use of OpenDNS from the router and block any request to an exterior DNS service.

So what I need to do is - see this discussion on their forums and here - to create a new filtering rule on my Edimax router to disable outbound UDP 53 traffic for my LAN. I can do this as shown page 50 of my router's manual.

The problem is that I lose all internet connectivity after creating these rules. I can't figure out how to allow the traffic to go through OpenDNS's addresses in my router.

Here is what I did :

1/ Make OpenDNS the default DNS provider :

enter image description here

2/Disable outbound UDP 53 traffic for my LAN :

enter image description here

3/ This is my problem : how can I add a second rule that allows port 53 tcp,udp to OpenDNS's servers ? The "Outbound IP filtering" only allows to set blocking filters.

Any suggestions ?

Note

  • The problem here is from the router because I'd like an OS-independent solution.

Ismael Lemhadri

Posted 2013-03-14T14:27:04.700

Reputation: 49

Answers

0

You have to consult the manual on how to allow specific IPs and ports.

If the router does not support rules to open a specific ip:port, you could deny the range of IPs combinatorially preceding and succeeding the IP you want to leave open. As in:

1 block
2 block
3 open
4 block
5 block

It makes more sense to place a rule to allow traffic to a specific server -before- denying all other traffic. Otherwise the packets would never make it the the rule that allows them to leave the filter (at least that's how it works with Linux netfilter).

Ярослав Рахматуллин

Posted 2013-03-14T14:27:04.700

Reputation: 9 076

I wasn't able to find how to allow traffic to a specific server. The "Outbound IP filtering" says "By default, all outgoing IP traffic from LAN is allowed, but some IP traffic can be BLOCKED by setting up filters." Could it be in the "Inbound IP filtering" ? – Ismael Lemhadri – 2013-03-14T22:11:37.880

You will probably meet the same limitation there. – Ярослав Рахматуллин – 2013-03-14T22:16:13.430

But shouldn't what I want to realize be doable ? I really want to believe there is a solution... – Ismael Lemhadri – 2013-03-14T22:25:59.323

It should be not only doable, but easy to do. Some routers provide more options if you connect via telnet. – Ярослав Рахматуллин – 2013-03-14T22:44:58.120

No, it could not. If this is really important to you get a router with dd-wrt or see if the one you have is supported. Alternatively, configure firewall restrictions in the OS. The situation with "consumer grade" routers is horrible, it's the hard truth. The reason I suggested such a backwards solution is because I know that there is often no straight forward way around this problem. At least you can specify ranges in the interface! – Ярослав Рахматуллин – 2013-03-14T22:57:51.757

Actually, the reason I'm setting up all this is mainly for iPads at home, and it's quite impossible to lock the DNS settings on them. Is it easy to install dd-wrt on that router ? Or alternatively, are there any good models you would recommend ? Ones that would include this feature, would be easy to set up and not too expensive ? Thanks. P.-S : Could you elaborate your last sentence ? – Ismael Lemhadri – 2013-03-15T12:26:40.523

Asked: 2013-03-14T14:27:04.700

Viewed: 1 039 times

Active: 2014-09-07T06:22:27.483