The router guide - what is best.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › The router guide - what is best.

1 | ... | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22

1515 posts

Uber Geek

Subscriber

#2027742 3-Jun-2018 09:57

Tinkerisk:

rb99:

Does anyone know how to enter static routes into the GWN7000 (to block Google) ? I had them on my Asus but everything seems to have a different name

Asus -

Wot R U doing? You just have to replace the Google DNS servers 8.8.8.8 and 8.8.4.4 against an other DNS like 84.200.69.80 and 84.200.70.40. No static routing.

Think I got that from a How To from a certain DNS provider. As far as I know on most routers you can't redirect you have to block. And seeing as this new router I have apparently can redirect, thats why I'm asking for help.

rb99

freitasm

BDFL - Memuneh
65633 posts

Uber Geek

Administrator

Trusted

Geekzone

Lifetime subscriber

#2027772 3-Jun-2018 11:42

@Batman: Sorry i don't under stand why block Google? Genuine question

For both @Tinkerisk and @Batman

Some apps (such as Netflix) will do a DNS request to Google DNS regardless of what is in your router, to make sure results aren't different - in case you use a DNS unblocking service to try and watch geoblocked content available in different regions. By blocking Google DNS (and in some case OpenDNS as well) some clients can be fooled to believe they are in the right region to access some content.

Some routers allow you to intercept all DNS traffic, some will not in which case you can use Static Routes to direct the traffic somewhere else, effectively blocking requests.

Tinkerisk

836 posts

Ultimate Geek

#2027818 3-Jun-2018 14:35

freitasm:

Some apps (such as Netflix) will do a DNS request to Google DNS regardless of what is in your router, to make sure results aren't different - in case you use a DNS unblocking service to try and watch geoblocked content available in different regions.

Ok, understood. I don't use Netflix but in that case it makes sense. I was too much on the server fooling side ;-)

- ISP1: OneBox FTTH modem, 1/.5G, full DS, VLAN7, VoIP + ipTV streaming flat

- ISP2: 4G/LTE USB modem + TL-MR3020, 100/40M data plan (wireless fallback)

- NET: ZBOX CI329 router, 2 C2960X-48TS-L, 3 GWN7630/LR, EL1600, EL800

- SVR: E3C236 32G/24T, 2 H2 16G/500G, HC1 1T, N2 128G | HC2 14T, HC2 4T

- USR: DeskMini 9i5, NUC8i7HVK, Aspire E5, EliteBook 840, Galaxy Tab, 4K TV

- IoT (EU868): 4/14 LoRaWAN GW/Nodes, CCU3 (openHAB), Vantage Pro 2 +

- 3D: 2 Ender-3/Pro, 4 Ultimaker 2E+/3/3+/S5, MP-CNC, EleksLaser-A3 Pro

- ipPBX: GO-Box, 2 GRP2613, SPA112 (Fax & W-48, a 1948 Siemens phone)

michaelmurfy

/dev/null
9087 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2029640 5-Jun-2018 09:46

@rb99 Sorry didn't see this until now. Did you manage to get the D-NAT rules sorted?

I don't have the router anymore but @Dratsab has this configured on his from memory can likely share some screenshots.

rb99

1515 posts

Uber Geek

Subscriber

#2029643 5-Jun-2018 09:52

michaelmurfy:

@rb99 Sorry didn't see this until now. Did you manage to get the D-NAT rules sorted?

I don't have the router anymore but @Dratsab has this configured on his from memory can likely share some screenshots.

Thanks for your reply. Any help with settings would be appreciated if possible. Its not sorted yet but I've been using the old Asus over the long weekend as any fiddling wouldn't have been appreciated. Will also be using the Asus today as the midgets are still using it today but hopefully I can hook up the Grandstream tomorrow.

So yes, if there are any screenshots / suggestions lying about it would be really nice thanks.

rb99

Dratsab

3523 posts

Uber Geek

Trusted

Lifetime subscriber

#2029937 5-Jun-2018 17:52

@rb99 - I only have one DNAT rule set up. You do this under Firewall\Advanced. Easy rule to set up - simply replace the x's with the main IP address you use for your DNS provider.

EDIT: The things that's missing from the screen shot is setting your destination port to 53.

rb99

1515 posts

Uber Geek

Subscriber

#2030028 5-Jun-2018 19:17

Dratsab:

@rb99 - I only have one DNAT rule set up. You do this under Firewall\Advanced. Easy rule to set up - simply replace the x's with the main IP address you use for your DNS provider.

EDIT: The things that's missing from the screen shot is setting your destination port to 53.

Thanks. So like you say xxx.... wouldn't be 192.168.... but DNS provider. Doesn't the DNS provider supply an IP and a second backup ?

Would you happen to know how to set destination port to 53. Maybe it'll be really obvious but unfortunately few things seem to be obvious to me...

rb99

1515 posts

Uber Geek

Subscriber

#2030814 6-Jun-2018 13:34

Would you know if I use this port forwarding for the Port 53 thing ? If so, would you happen to know what to put where please ?

rb99

freitasm

BDFL - Memuneh
65633 posts

Uber Geek

Administrator

Trusted

Geekzone

Lifetime subscriber

#2030831 6-Jun-2018 13:52

One person supports this post

You should never forward port 53 from WAN to anywhere inside your network.

Dratsab

3523 posts

Uber Geek

Trusted

Lifetime subscriber

#2031016 6-Jun-2018 19:19

rb99: Thanks. So like you say xxx.... wouldn't be 192.168.... but DNS provider. Doesn't the DNS provider supply an IP and a second backup ?

Correct - not 192.168... In general, DNS providers have a series of DNS IP's. Just point at the main one you'd be using.

rb99: Would you happen to know how to set destination port to 53. Maybe it'll be really obvious but unfortunately few things seem to be obvious to me...

When you hit the Add button on the DNAT page, you'll see a number of onscreen boxes into which you will type various bits of information. Port number is one of those.

In relation to your other post regarding port forwarding, I have no need for it so have no port forwards at all set up.

rb99

1515 posts

Uber Geek

Subscriber

#2031073 6-Jun-2018 20:56

Dratsab:

rb99: Thanks. So like you say xxx.... wouldn't be 192.168.... but DNS provider. Doesn't the DNS provider supply an IP and a second backup ?

Correct - not 192.168... In general, DNS providers have a series of DNS IP's. Just point at the main one you'd be using.

rb99: Would you happen to know how to set destination port to 53. Maybe it'll be really obvious but unfortunately few things seem to be obvious to me...

When you hit the Add button on the DNAT page, you'll see a number of onscreen boxes into which you will type various bits of information. Port number is one of those.

In relation to your other post regarding port forwarding, I have no need for it so have no port forwards at all set up.

Thanks for the info. Hopefully will be able to have a go tomorrow. Sorry for being such a pest

rb99

1515 posts

Uber Geek

Subscriber

#2031353 7-Jun-2018 11:40

Dratsab:

rb99: Thanks. So like you say xxx.... wouldn't be 192.168.... but DNS provider. Doesn't the DNS provider supply an IP and a second backup ?

Correct - not 192.168... In general, DNS providers have a series of DNS IP's. Just point at the main one you'd be using.

rb99: Would you happen to know how to set destination port to 53. Maybe it'll be really obvious but unfortunately few things seem to be obvious to me...

When you hit the Add button on the DNAT page, you'll see a number of onscreen boxes into which you will type various bits of information. Port number is one of those.

In relation to your other post regarding port forwarding, I have no need for it so have no port forwards at all set up.

Would you (or anyone) happen to know if these are correct please -

especially should that blank stuff be blank ? Thanks again.

rb99

1515 posts

Uber Geek

Subscriber

#2031459 7-Jun-2018 15:13

Also, If I wanted to do static routes, so that I can put the DNS into the device (PC, Fire TV, etc) instead of the router, would anyone know if this might be correct

Am particularly wondering about next hop - on this website https://dns4me.net/guides/routers/static-routes/netgear

it seems some of the routers mentioned want it to be the router itself, and others say anything but the router. Confused (again).

rb99

michaelmurfy

/dev/null
9087 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2031469 7-Jun-2018 15:30

@rb99 You don't need static routes if you've got the D-NAT rule configured. Basically the idea behind D-NAT is it redirects all DNS traffic either back to your router (192.168.x.x) or to your DNS provider.

Under "Rewrite IP" in your D-NAT rule put your routers IP. Click enabled, save, restart services and done. Don't mess around with static routes.

rb99

1515 posts

Uber Geek

Subscriber

#2031484 7-Jun-2018 15:42

michaelmurfy:

@rb99 You don't need static routes if you've got the D-NAT rule configured. Basically the idea behind D-NAT is it redirects all DNS traffic either back to your router (192.168.x.x) or to your DNS provider.

Under "Rewrite IP" in your D-NAT rule put your routers IP. Click enabled, save, restart services and done. Don't mess around with static routes.

Well not sure if I've got D-NAT configured correctly yet but anyway, am just trying to have options. Far as I can tell doing this D-NAT thing sets up everything on the router, which is easy and quick (well if you know what you're doing). OTOH the static routes thing on the router means I can block using Google something on the router but I can set up say the upstairs Fire TV to access 'something overseas that streams' but leave the downstairs Fire TV to access the same 'something that streams but local'.

I'm (hopefully) not asking for advice from you guys and then ignoring it, but like I say, would like to be able to have both setup correctly (though not at the same time) so I have the option to swap, and having it written down might help others as well.

Edit: also am confused as you said put the routers IP (192.whatever I presume) under 'Rewrite IP' but Dratsab to put the DNS services IP (101.etc) under 'Rewrite IP'

rb99

1 | ... | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22