2
1
I'm running Shibby's Tomato firmware on my ASUS RT-N66U. What I'm trying to do is force OpenDNS IP's for certain clients (i.e. my kids) based on MAC address, while other clients get the router's default values. So far, so good (mostly). Here is the Dnsmasq script I'm using to do this:
# Assign alternate DNS for select hosts
# Set Specific Clients to be affected
dhcp-mac=set:altdns,XX:XX:XX:XX:XX:XX # kids laptop
dhcp-mac=set:altdns,XX:XX:XX:XX:XX:XX # kids ipod
# Set Alternate DNS
dhcp-option=tag:altdns,option:dns-server,208.67.220.220,208.67.222.222
This works great... on the 2.4Ghz band. If they connect to the 5Ghz band they get the router's default DNS entries.
Question #1: Is there a way to make this script apply to both 2.4Ghz (eth1) and 5Ghz (eth2)? Failing that, does Tomato allow me to whitelist devices for the 5Ghz band? I can whitelist/blacklist for wireless in general, but I don't see how to do this for one or the other.
I can always just use a different key for 5Ghz, so that's not a huge deal. The bigger loophole is that this only works with DHCP. Changing the DNS settings on the laptop completely bypasses this. My 12yo son is getting to the point that he could figure this out without much trouble.
Question #2: How can I force DNS for a particular client if they're not using DHCP? I was thinking some sort of Firewall rule only allowing DNS traffic to specific IP's for specific MAC addresses or something, but I have no idea how to go about that. Alternatively, is there any way to force DHCP (or block certain clients if they aren't using DHCP)?
Just wanted to add that "Intercept DNS" works, but there's no way to limit it to certain clients. Is there a way to accomplish the same thing for only select clients using iptables? – jluce50 – 2014-09-06T20:22:57.717