Would this be the way to ban 8.8.8.8? In /etc/config/firewall
:
config rule
option name 'block-8888'
option src 'lan'
list proto 'all'
option dest 'wan'
list dest_ip '8.8.8.8'
option target 'REJECT'
Would this be the way to ban 8.8.8.8? In /etc/config/firewall
:
config rule
option name 'block-8888'
option src 'lan'
list proto 'all'
option dest 'wan'
list dest_ip '8.8.8.8'
option target 'REJECT'
The DNS hijacking rule works as expected. Banning access to 8.8.8.8 will change nothing.
Check the dump for DNS queries like
4+ A? ec2-3-228-179-21.compute-1.amazonaws.com. (58)
4+ A? ec2-3-228-179-21.compute-1.amazonaws.com. (58)
5+ AAAA? ec2-3-228-179-21.compute-1.amazonaws.com. (58)
5+ AAAA? ec2-3-228-179-21.compute-1.amazonaws.com. (58)
If you don't see any, you may need to manually prohibit the access from lan to the corresponding IP addresses.
You can see domain names or IP addresses, but not both. Starting tcpdump with the -n
option will make it almost impossible to find what you need.
EDIT:
In your case, the IP address is visible in the domain name.
ec2-34-231-31-253.compute-1.amazonaws.com # 34.231.31.253
ec2-44-197-43-221.compute-1.amazonaws.com # 44.197.43.221
The approach is wrong. *.compute-1.amazonaws.com
is a PTR record, result of the reverse lookup made by tcpdump. The A record that should be blocked may not contain compute-1
at all.
Try blocking all subdomains of amazonaws.com
to see if that will make a difference, or gather some information about the DNS queries, made by the Fire 10.
hostip=$(nslookup FIRE10.lan | grep Address | grep -v \# | grep -v \:: | sed 's/^.*: //')
tcpdump -i any host $hostip and port 53
Thank you.
Whiling trying to start afresh and log my activities better. I made this interesting discovery, to wit:
If block tabletcaptiveportal.com
, i.e. use the following in /etc/config/dhcp
config dnsmasq
list server '/tabletcaptiveportal.com/'
then the Amazon tablet on WiFi becomes "Connected, no internet."
Quick research tells me that tabletcaptiveportal dot com is an Amazon owned site.
If I were to think as follows (in broad conceptual terms), would I be right?
An example of 4 would be establishing a SOCKS proxy in LAN and a dynamic (SSH) forwarding from the tablet to that proxy.
I realize that this means the apps on the tablet cannot go online unless they let you set a proxy server.
Better create an Amazon account and contact the manufacturer.
Thank you. I'll try.