Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[pctech4747]

I take it that this router does not support outgoing port blocking?  i tried to call support but they want my credit card. 

Anyone know? 

I have a router in a box, i think its a linksys wrt54g.  maybie i have to have 2 routers to accomplish this?

I want to block outgoing port 53 because i heard that is what people use to get around DNS servers that the router hands out via DHCP.  I want all clients to not be able to get around my dns policy restrictions using opendns.

[FurryNutz]

You could try using Virtual Server options and select Deny ALL. However this is for Inbound only.

[FurryNutz]

Some reading:
http://forums.opendns.com/comments.php?DiscussionID=879

[fraggboy]

I *think* this might be accomplished by using Access Control.

Go to Advanced -> Access Control.  Enable Access Control.

Then click Add policy.

Go through the wizard.

When you get to Add Machine, you can add all PC's at once.

Default is "Block some access".
Click "Apply Advanced Port Filters".
Give it a name, and keep the Dest IP address and End IP address default.  Just change the port to 53.
Then click Save.

That should work for you.  I can't test it myself due to me being at work.

[FurryNutz]

Good info, forgot about Block Some Access.


Let us know if that works.

[pctech4747]

I *think* this might be accomplished by using Access Control.

Go to Advanced -> Access Control.  Enable Access Control.

Then click Add policy.

Go through the wizard.

When you get to Add Machine, you can add all PC's at once.

Default is "Block some access".
Click "Apply Advanced Port Filters".
Give it a name, and keep the Dest IP address and End IP address default.  Just change the port to 53.
Then click Save.

That should work for you.  I can't test it myself due to me being at work.

you say just change port to 53.  well i did that on start and end on the ports for all protocols.  i tested on me and it would not even resolve google.  NOT WORKING even after checking that my network card is all on automatic dhcp.

[fraggboy]

Hmm..

I'd have to run some tests when I get home to figure out if there is another way.  Sorry about that.

[pctech4747]

ok i bookmarked this thread.  I really would be happy to see if you can figure it out.  Your solution seems like it should work.   I know this router is for gamers, so who would want to block any outgoing ports.   Me cause i game, but also give out free internet to my upstairs roommates.  I want opendns to be forced to them and if they know how to change the dns servers on their computers, I want it to not work unless they set to Automatic DHCP and DNS in networking properties of their NIC card.

[fraggboy]

Sorry I took so long to respond.  Morning meetings (Plural).

So, I'm taking that you have enabled "DNS Relay" (Found on Basic -> Network Settings Page)?
(If might be greyed out if you have "Enable Advanced DNS Service" checked. (Found on Basic -> Internet -> Manual Configure).

If you do have DNS Relay enabled, then I'm thinking the only way would be to disable DNS Relay, use a LAN-side DNS server as a virtual server, and then set up the port block as described above.

[pctech4747]

 i found dns relay, and wasnt checked, neither was adv dns,  checked dns relay, rebooted, flushed dns on client, still did not work, and also it made my remote support with teamviewer not work properly.  can you test your config to see if it works.  maybie i did it wrong.

p.s. i appreciate your input on this. 

[fraggboy]

Yes, I will check later on tonight. I have to run a few errands after work, but will check and see if the settings work on my end.  They are pretty cut-and-dry so I feel I might get the same results (But I will give it a shot).

If it doesn't work, then I think you might have to resort to running a LAN-based DNS server.

[fraggboy]

OK, I tested it out.. The router is only passing the DNS information to the LAN computers to use for inquiry.  Which in reality, makes sense now.  It's not a DNS server/router..  

Here is my log entry when I try (And then it hit me): [INFO]   Thu Dec 15 18:33:10 2011   DNS relay ALG rejected packet from 192.168.0.100:64253 to 204.194.232.200:53  It's not pointing to the router.

So, what I said above *should* work.  I don't have a server to check it out unfortunately but create a DNS server on the LAN side and then block port 53 using Access Control.  Then, you will want to edit the primary/secondary DNS IP's pointing to your DNS server on page: Basic -> Internet -> Manual Configure.  It will be greyed out if the Advanced DNS service is enabled (Disable it).

[pctech4747]

i dont have an extra pc to put up 24/7 as a dns server.  this is for home use.  i do have  a spare linksys wrt54g router, and a spare Syswan duolinks sw24 http://www.syswan.com/SW24_Overview.htm

would hooking up one of these do the task?

[fraggboy]

No.  You will need to set up a server.