Using OpenDNS and DD-WRT

I was in a situation very much like this guy and I need to block access to other DNS from within our company network. Some coworkers are technology savvy enough to disable the static network configs on their workstations and in effect bypass our web filters.

Here’s what I did on our dd-wrt router:

1. Administration -> Commands (after typing the code below, click on Save Startup)

dnsmasq -S 208.67.222.222 -R -i br0 -p 1054

2. Administration -> Commands (after typing the codes below, click on Save Firewall)

iptables -t nat -A PREROUTING -p udp -i br0 -s 192.168.0.0/24 --dport 53 -j DNAT --to $(nvram get lan_ipaddr):1054
iptables -t nat -A PREROUTING -p tcp -i br0 -s 192.168.0.0/24 --dport 53 -j DNAT --to $(nvram get lan_ipaddr):1054
Advertisements

3 thoughts on “Using OpenDNS and DD-WRT

  1. bassmadrigal

    Just so you know, you can do this with a lot less of a command.

    iptables -I FORWARD 1 -p tcp –dport 53 -j DROP; iptables -I FORWARD 2 -p udp –dport 53 -j DROP

    I did a blog post on this back in August. Basically as far as I understood, all you had to do was block port 53 through the router. This would block all external nameserver queries.

    More info here:
    http://bassmadrigal.com/blog/2008/08/17/disabling-secondary-dns-server-in-dd-wrt-for-opendns/

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s