Hello,
I've been trying to replicate the DNS Filter functionality of the ASUSWRT/Merlin firmware in WRT3200ACM with LEDE latest davidc502 build (r5113):
but I'm failing, probably beacuse I'm not so experienced user in LEDE/Openwrt environment. Basically the DNS Filter allows to configure the global DNS that router assign to all clients (both in LAN/WLAN and guest WLAN) and some exception, for using either:
- DNS of the WAN interface
- 3 different custom DNS specified by the user (one at time)
- Custom defined by client DNS
Furthermore, the DNS filter enforces the DNS client assignment, not allowing the clients to modify the DNS the router assign to them (excpeting for special rule 2 and 3 above)
I enclose my dhcp, firewall and network configuration files; I've been trying to achieve partially those functionalities, by specifying TAGs on dhcp file, but it seems they are not retained correctly in some way.
DHCP:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv6 'server'
option ra 'server'
option leasetime '24h'
option ra_management '1'config dhcp 'wan'
option interface 'wan'
option ignore '1'config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'config host
option name 'pc-tati'
option dns '1'
option mac 'XX:XX:XX:XX:XX:XX'
option ip '192.168.1.10'
option tag 'google'config tag 'google'
list dhcp_option '6,8.8.8.8,8.8.4.4'config tag 'opendns'
list dhcp_option '6,208.67.222.222,208.67.220.220'config dhcp 'languest'
option start '100'
option limit '150'
option interface 'languest'
option leasetime '3h'
I truncated all the host I configured in the environment; in this case I leave only one of them with the tag 'google'
Following the FIREWALL personal script for blocking the clients selecting different DNS than the ones of the router:
iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53
And in the end the NETWORK file:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'config globals 'globals'
option ula_prefix 'fdd9:ed74:2177::/48'config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option dns '208.67.222.222 208.67.220.220 8.8.8.8 8.8.4.4'config interface 'wan'
option ifname 'eth1.2'
option _orig_ifname 'eth1.2'
option _orig_bridge 'false'
option proto 'pppoe'
option username 'aliceadsl'
option password 'aliceadsl'
option ipv6 'auto'
option peerdns '0'config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'config interface 'languest'
option _orig_ifname 'wlan1-1'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option dns '208.67.222.222 208.67.220.220'config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'
Unfortunately it seems the DNS have been assigned randomically and I can't allow some clients to select DNS by their own (rule 3).
So what I can do (or in which way i can modify those files) in order to have all the funcionalities of the DNS Filter?