Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




196 posts

Master Geek
+1 received by user: 7


Topic # 159842 14-Dec-2014 19:40
Send private message

Hi all

Need some help with setting up static routes to block forced DNS lookups on several devices on my network (Chromecast, PS3) so that I can use Global mode with them. I will admit to not really knowing how this works and just following serveral online guides that tell you how to do this.

This is what the applicable page in my router settings looks like:


This does not seem to have worked, when I ping the DNS servers I still get a response:


and the devices in question still aren't able to use global mode.

Using an Orcon genius lite.
Have tried using a different gateway IP

Thanks for your help

Create new topic
3259 posts

Uber Geek
+1 received by user: 643

Trusted

  Reply # 1197453 14-Dec-2014 21:54
Send private message

Are you trying to redirect dns to your router?
If so then static routes wont do that.

you need to perform a reverse NAT translation. I dont think thats possible in most routers unless you can specify a destination IP address in the port forward table in your router.
So you need to redirect destination 8.8.8.8 port 53 to 10.1.1.1

With the static route you have programmed there, you have told it
Any Traffic with the destination IP address 8.8.8.8 is to be forwarded to gateway 10.1.1.1
The router at 10.1.1.1 then receives it and forwards it to It's gateway which is supplied via dhcp and will be a router at your ISP.

Static routes are only used when you have multiple WAN internet connections going out of the one router, or if you have a large network of more than 256 computers on your LAN and you need to subnet it.

One thing i wonder is if you can just specify 10.1.1.1 in your router as the dns server address on the chrome and playstation. Then to completley stop it from reaching its own dns servers, you could use the firewall settings in the router to drop or block any data to 8.8.8.8




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here






196 posts

Master Geek
+1 received by user: 7


  Reply # 1197690 15-Dec-2014 12:29
Send private message

Thanks for your reply.

Are you trying to redirect dns to your router?


All I am trying to do is prevent devices on my network from being able to reach public DNS servers, have a look at this.

you could use the firewall settings in the router to drop or block any data to 8.8.8.8


I tried this but I still seem to be able to ping the DNS servers. Am I right in assuming that if I can ping the servers then the other devices on the network will also be able to reach them?

Any other ideas?

 
 
 
 


2985 posts

Uber Geek
+1 received by user: 293


  Reply # 1197709 15-Dec-2014 12:56
Send private message

What happens if you make the gateway IP address some non-existant IP address like 192.168.100.100?





3259 posts

Uber Geek
+1 received by user: 643

Trusted

  Reply # 1197943 15-Dec-2014 16:55
Send private message

cgreenwood: Thanks for your reply.

Are you trying to redirect dns to your router?


All I am trying to do is prevent devices on my network from being able to reach public DNS servers, have a look at this.

you could use the firewall settings in the router to drop or block any data to 8.8.8.8


I tried this but I still seem to be able to ping the DNS servers. Am I right in assuming that if I can ping the servers then the other devices on the network will also be able to reach them?

Any other ideas?


Use the firewall to prevent port 53 (ping will still work, but dns protocol on port 53 wont) to any server except your isp's dns server.
Just look at what the upstream dns servers are and set three block rules
anything <>to<> destination of 0.0.0.1 to 103.5.98.1 <> drop port 53
anything <>to<> destination of 103.5.98.3 to 103.5.99.1 <> drop port 53
anything <>to<> destination of 103.5.99.3 to 255.255.255.254 <> drop port 53

Would be the example rules that allow port 53 (dns) traffic to reach an isp's servers of 103.5.98.2 and 103.5.99.2





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.