Guest WiFi Prevent certain websites

Hello i wanna prevent my guest to check our networks WAN IP's

for example i want to prevent them from accessing

whatismyip.com

anywebsite that displays the wan ip

even google

can i achieve this through firewall?DNS??

If it is not many then you can just add them as static DNS entries pointing to 127.0.0.1,
Or you might want to look into the adblock options for openwrt that allows you to add your own entries.
https://openwrt.org/docs/guide-user/services/ad-blocking

1 Like

unfortunately i have a limited space now on my OpenWRT router, i would like to block anysite(if possible) that displays the WAN ip

EDIT: plus there are tons of website that displays wan ip so i cant really do it manually

Than best might be to put your guest into a VPN

3 Likes

Thanks i've never think of that, well im still open to any options

I'm not sure how you can block "any site that shows IP". The IP is a required value for the far-end server to return traffic to the client. Anyone can add a script, applet, etc. to a server to display the IP of the connecting client. Only a VPN could hide that.

There's also some protocols that would display the IPs as well (e.g. SMTP-based email client sending mail from the guest network - the headers of the transmitted email will contain this information).

3 Likes

A guest could always run their own web server. When they connect to it, the server will know the WAN ip from which they were connecting.

There are lots and lots of web sites that show the WAN ip of the client. I do not think it is realistic to block all of them. There are likely thousands of sites which will do this.

2 Likes

i guess running my guest interface on a vpn is the option, thanks guys

As an alternative, you can use Tor:
https://openwrt.org/docs/guide-user/services/tor/client

Would a Raspberry PI with Pi-Hole be more suited as you can make client group with CIDR's.

How I did it was A using docker and make a MacVLAN to connect it to the local domain and then have my guest network forward all DNS traffic to the Pi-hole server.

Private network has full access with this set and the Guest network is limited from accessing anything that's not kid friendly.

In fact as I am using docker to run pi-hole in, I was also able to run a TS3 server, Database Server, Webserver with ease.

It's just a thought. If your new to docker you can use Portainer GUI.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.