Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Why aren't my static routes working?
cgreenwood

201 posts

Master Geek
+1 received by user: 9


#159842 14-Dec-2014 19:40
Send private message

Hi all

Need some help with setting up static routes to block forced DNS lookups on several devices on my network (Chromecast, PS3) so that I can use Global mode with them. I will admit to not really knowing how this works and just following serveral online guides that tell you how to do this.

This is what the applicable page in my router settings looks like:


This does not seem to have worked, when I ping the DNS servers I still get a response:


and the devices in question still aren't able to use global mode.

Using an Orcon genius lite.
Have tried using a different gateway IP

Thanks for your help

Create new topic
raytaylor
4076 posts

Uber Geek
+1 received by user: 1296

Trusted

  #1197453 14-Dec-2014 21:54
Send private message

Are you trying to redirect dns to your router?
If so then static routes wont do that.

you need to perform a reverse NAT translation. I dont think thats possible in most routers unless you can specify a destination IP address in the port forward table in your router.
So you need to redirect destination 8.8.8.8 port 53 to 10.1.1.1

With the static route you have programmed there, you have told it
Any Traffic with the destination IP address 8.8.8.8 is to be forwarded to gateway 10.1.1.1
The router at 10.1.1.1 then receives it and forwards it to It's gateway which is supplied via dhcp and will be a router at your ISP.

Static routes are only used when you have multiple WAN internet connections going out of the one router, or if you have a large network of more than 256 computers on your LAN and you need to subnet it.

One thing i wonder is if you can just specify 10.1.1.1 in your router as the dns server address on the chrome and playstation. Then to completley stop it from reaching its own dns servers, you could use the firewall settings in the router to drop or block any data to 8.8.8.8




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here



cgreenwood

201 posts

Master Geek
+1 received by user: 9


  #1197690 15-Dec-2014 12:29
Send private message

Thanks for your reply.

Are you trying to redirect dns to your router?


All I am trying to do is prevent devices on my network from being able to reach public DNS servers, have a look at this.

you could use the firewall settings in the router to drop or block any data to 8.8.8.8


I tried this but I still seem to be able to ping the DNS servers. Am I right in assuming that if I can ping the servers then the other devices on the network will also be able to reach them?

Any other ideas?

CYaBro
4708 posts

Uber Geek
+1 received by user: 1182

ID Verified
Trusted

  #1197709 15-Dec-2014 12:56
Send private message

What happens if you make the gateway IP address some non-existant IP address like 192.168.100.100?




Opinions are my own and not the views of my employer.



raytaylor
4076 posts

Uber Geek
+1 received by user: 1296

Trusted

  #1197943 15-Dec-2014 16:55
Send private message

cgreenwood: Thanks for your reply.

Are you trying to redirect dns to your router?


All I am trying to do is prevent devices on my network from being able to reach public DNS servers, have a look at this.

you could use the firewall settings in the router to drop or block any data to 8.8.8.8


I tried this but I still seem to be able to ping the DNS servers. Am I right in assuming that if I can ping the servers then the other devices on the network will also be able to reach them?

Any other ideas?


Use the firewall to prevent port 53 (ping will still work, but dns protocol on port 53 wont) to any server except your isp's dns server.
Just look at what the upstream dns servers are and set three block rules
anything <>to<> destination of 0.0.0.1 to 103.5.98.1 <> drop port 53
anything <>to<> destination of 103.5.98.3 to 103.5.99.1 <> drop port 53
anything <>to<> destination of 103.5.99.3 to 255.255.255.254 <> drop port 53

Would be the example rules that allow port 53 (dns) traffic to reach an isp's servers of 103.5.98.2 and 103.5.99.2




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright