2016年2月6日土曜日

DD-WRT-NXT : How to configure web filtering

I just updated the movie on YouTube. it describes about how to configure web filtering on DD-WRT-NXT.




On this movie, describing about DNS based web filtering. So if you want to block the access to something bad for your family, you could block the access by this method.
It's described in movie, but this method doesn't cover the accessing method such as input IP address directly on browser.

Only below command you need to execute on the console of DD-WRT-NXT to block the access.
     uci add_list dhcp.@dnsmasq[0].address=/yahoo.com/0.0.0.0
     uci commit dhcp
     /etc/init.d/dnsmasq restart

This is basically when client try to ask the IP address of yahoo.com, router answers "hey, it's 0.0.0.0". So client can't get the IP address, then can't access to specified URL.

But as you can see, if client uses external DNS server such as google DNS (8.8.8.8), client still can get IP address of blocked url. To prevent this hole, you need little more configuration.

Below is the command to prevent the access to external DNS server.
     uci add firewall redirect
     uci set firewall.@redirect[0].src=lan
     uci set firewall.@redirect[0].proto=tcpudp
     uci set firewall.@redirect[0].src_dport=53
     uci commit
     /etc/init.d/firewall restart

This command add the rule for firewall (on linux, iptables), to redirect to router itself if he get the packet which destination port is 53 (DNS). So after this configuration, client can't send the DNS resolve request over the router.

It would be great if this contents helps you to have a healthy life.



Tomorrow is another day!
Spike.

Notes :
referred page : http://dd-wrt.com/nxt/wiki/doku.php?id=howto:use_cases:dns_blocking

0 件のコメント:

コメントを投稿