The router guide - what to look for and what is best.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › The router guide - what to look for and what is best.

1 | ... | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | ... | 34

3409 posts

Uber Geek

Lifetime subscriber

#2027742 3-Jun-2018 09:57

Tinkerisk:

rb99:

Does anyone know how to enter static routes into the GWN7000 (to block Google) ? I had them on my Asus but everything seems to have a different name

Asus -

Wot R U doing? You just have to replace the Google DNS servers 8.8.8.8 and 8.8.4.4 against an other DNS like 84.200.69.80 and 84.200.70.40. No static routing.

Think I got that from a How To from a certain DNS provider. As far as I know on most routers you can't redirect you have to block. And seeing as this new router I have apparently can redirect, thats why I'm asking for help.

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

freitasm

BDFL - Memuneh
79141 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2027772 3-Jun-2018 11:42

@Batman: Sorry i don't under stand why block Google? Genuine question

For both @Tinkerisk and @Batman

Some apps (such as Netflix) will do a DNS request to Google DNS regardless of what is in your router, to make sure results aren't different - in case you use a DNS unblocking service to try and watch geoblocked content available in different regions. By blocking Google DNS (and in some case OpenDNS as well) some clients can be fooled to believe they are in the right region to access some content.

Some routers allow you to intercept all DNS traffic, some will not in which case you can use Static Routes to direct the traffic somewhere else, effectively blocking requests.

Tinkerisk

4204 posts

Uber Geek

#2027818 3-Jun-2018 14:35

freitasm:

Some apps (such as Netflix) will do a DNS request to Google DNS regardless of what is in your router, to make sure results aren't different - in case you use a DNS unblocking service to try and watch geoblocked content available in different regions.

Ok, understood. I don't use Netflix but in that case it makes sense. I was too much on the server fooling side ;-)

- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT: thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D: two 3D printers, 3D scanner, CNC router, laser cutter

michaelmurfy

meow
13217 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2029640 5-Jun-2018 09:46

@rb99 Sorry didn't see this until now. Did you manage to get the D-NAT rules sorted?

I don't have the router anymore but @Dratsab has this configured on his from memory can likely share some screenshots.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

rb99

3409 posts

Uber Geek

Lifetime subscriber

#2029643 5-Jun-2018 09:52

michaelmurfy:

@rb99 Sorry didn't see this until now. Did you manage to get the D-NAT rules sorted?

I don't have the router anymore but @Dratsab has this configured on his from memory can likely share some screenshots.

Thanks for your reply. Any help with settings would be appreciated if possible. Its not sorted yet but I've been using the old Asus over the long weekend as any fiddling wouldn't have been appreciated. Will also be using the Asus today as the midgets are still using it today but hopefully I can hook up the Grandstream tomorrow.

So yes, if there are any screenshots / suggestions lying about it would be really nice thanks.

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

Dratsab

3946 posts

Uber Geek

Trusted

Lifetime subscriber

#2029937 5-Jun-2018 17:52

@rb99 - I only have one DNAT rule set up. You do this under Firewall\Advanced. Easy rule to set up - simply replace the x's with the main IP address you use for your DNS provider.

EDIT: The things that's missing from the screen shot is setting your destination port to 53.

rb99

3409 posts

Uber Geek

Lifetime subscriber

#2030028 5-Jun-2018 19:17

Dratsab:

@rb99 - I only have one DNAT rule set up. You do this under Firewall\Advanced. Easy rule to set up - simply replace the x's with the main IP address you use for your DNS provider.

EDIT: The things that's missing from the screen shot is setting your destination port to 53.

Thanks. So like you say xxx.... wouldn't be 192.168.... but DNS provider. Doesn't the DNS provider supply an IP and a second backup ?

Would you happen to know how to set destination port to 53. Maybe it'll be really obvious but unfortunately few things seem to be obvious to me...

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

Wise

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).

rb99

3409 posts

Uber Geek

Lifetime subscriber

#2030814 6-Jun-2018 13:34

Would you know if I use this port forwarding for the Port 53 thing ? If so, would you happen to know what to put where please ?

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

freitasm

BDFL - Memuneh
79141 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2030831 6-Jun-2018 13:52

You should never forward port 53 from WAN to anywhere inside your network.

Dratsab

3946 posts

Uber Geek

Trusted

Lifetime subscriber

#2031016 6-Jun-2018 19:19

rb99: Thanks. So like you say xxx.... wouldn't be 192.168.... but DNS provider. Doesn't the DNS provider supply an IP and a second backup ?

Correct - not 192.168... In general, DNS providers have a series of DNS IP's. Just point at the main one you'd be using.

rb99: Would you happen to know how to set destination port to 53. Maybe it'll be really obvious but unfortunately few things seem to be obvious to me...

When you hit the Add button on the DNAT page, you'll see a number of onscreen boxes into which you will type various bits of information. Port number is one of those.

In relation to your other post regarding port forwarding, I have no need for it so have no port forwards at all set up.

rb99

3409 posts

Uber Geek

Lifetime subscriber

#2031073 6-Jun-2018 20:56

Dratsab:

rb99: Thanks. So like you say xxx.... wouldn't be 192.168.... but DNS provider. Doesn't the DNS provider supply an IP and a second backup ?

Correct - not 192.168... In general, DNS providers have a series of DNS IP's. Just point at the main one you'd be using.

rb99: Would you happen to know how to set destination port to 53. Maybe it'll be really obvious but unfortunately few things seem to be obvious to me...

When you hit the Add button on the DNAT page, you'll see a number of onscreen boxes into which you will type various bits of information. Port number is one of those.

In relation to your other post regarding port forwarding, I have no need for it so have no port forwards at all set up.

Thanks for the info. Hopefully will be able to have a go tomorrow. Sorry for being such a pest

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

3409 posts

Uber Geek

Lifetime subscriber

#2031353 7-Jun-2018 11:40

Dratsab:

rb99: Thanks. So like you say xxx.... wouldn't be 192.168.... but DNS provider. Doesn't the DNS provider supply an IP and a second backup ?

Correct - not 192.168... In general, DNS providers have a series of DNS IP's. Just point at the main one you'd be using.

rb99: Would you happen to know how to set destination port to 53. Maybe it'll be really obvious but unfortunately few things seem to be obvious to me...

When you hit the Add button on the DNAT page, you'll see a number of onscreen boxes into which you will type various bits of information. Port number is one of those.

In relation to your other post regarding port forwarding, I have no need for it so have no port forwards at all set up.

Would you (or anyone) happen to know if these are correct please -

especially should that blank stuff be blank ? Thanks again.

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

3409 posts

Uber Geek

Lifetime subscriber

#2031459 7-Jun-2018 15:13

Also, If I wanted to do static routes, so that I can put the DNS into the device (PC, Fire TV, etc) instead of the router, would anyone know if this might be correct

Am particularly wondering about next hop - on this website https://dns4me.net/guides/routers/static-routes/netgear

it seems some of the routers mentioned want it to be the router itself, and others say anything but the router. Confused (again).

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

michaelmurfy

meow
13217 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2031469 7-Jun-2018 15:30

@rb99 You don't need static routes if you've got the D-NAT rule configured. Basically the idea behind D-NAT is it redirects all DNS traffic either back to your router (192.168.x.x) or to your DNS provider.

Under "Rewrite IP" in your D-NAT rule put your routers IP. Click enabled, save, restart services and done. Don't mess around with static routes.

rb99

3409 posts

Uber Geek

Lifetime subscriber

#2031484 7-Jun-2018 15:42

michaelmurfy:

@rb99 You don't need static routes if you've got the D-NAT rule configured. Basically the idea behind D-NAT is it redirects all DNS traffic either back to your router (192.168.x.x) or to your DNS provider.

Under "Rewrite IP" in your D-NAT rule put your routers IP. Click enabled, save, restart services and done. Don't mess around with static routes.

Well not sure if I've got D-NAT configured correctly yet but anyway, am just trying to have options. Far as I can tell doing this D-NAT thing sets up everything on the router, which is easy and quick (well if you know what you're doing). OTOH the static routes thing on the router means I can block using Google something on the router but I can set up say the upstairs Fire TV to access 'something overseas that streams' but leave the downstairs Fire TV to access the same 'something that streams but local'.

I'm (hopefully) not asking for advice from you guys and then ignoring it, but like I say, would like to be able to have both setup correctly (though not at the same time) so I have the option to swap, and having it written down might help others as well.

Edit: also am confused as you said put the routers IP (192.whatever I presume) under 'Rewrite IP' but Dratsab to put the DNS services IP (101.etc) under 'Rewrite IP'

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

1 | ... | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | ... | 34