{"id":188,"date":"2011-05-24T20:45:27","date_gmt":"2011-05-24T19:45:27","guid":{"rendered":"http:\/\/emtunc.org\/blog\/?p=188"},"modified":"2013-06-15T13:15:32","modified_gmt":"2013-06-15T12:15:32","slug":"force-dd-wrt-to-use-opendns-servers-for-dns-queries","status":"publish","type":"post","link":"https:\/\/emtunc.org\/blog\/05\/2011\/force-dd-wrt-to-use-opendns-servers-for-dns-queries\/","title":{"rendered":"Force DD-WRT to use OpenDNS Servers for DNS Queries"},"content":{"rendered":"<p>In one of my <a title=\"Choosing the right channel for your wireless network\" href=\"http:\/\/emtunc.org\/blog\/05\/2011\/choosing-the-right-channel-for-your-wireless-network\/\" target=\"_blank\">recent articles<\/a>, I explained how I set-up a guest wireless network for our work place (after getting it to work with the right wireless channel :))<\/p>\n<p>After configuring the guest access point, I set up the DNS servers to point to <a title=\"OpenDNS\" href=\"http:\/\/www.opendns.com\/\" target=\"_blank\">OpenDNS<\/a> in order to provide a safer and faster DNS service (compared to the default DNS servers our ISP provides) as well as choosing what web-sites should be allowed on the network.<br \/>\nFor example, bandwidth hogging (Media\/Video Sharing) and other web-sites which could potentially be used for illicit purposes (P2P\/File Sharing) are forbidden on the network.<\/p>\n<p>However, without any firewall rules on the router itself, it would still be possible for a guest on the network to change their DNS settings on their wireless adapter to point to any other DNS server; effectively bypassing all OpenDNS filters on the network for that specific client.<\/p>\n<p><!--more--><\/p>\n<p>Luckily, the DD-WRT is a Linux powered firmware which is encompassed with many useful features including flexible firewall rules. Also known as iptables.<\/p>\n<p>This article assumes you already have OpenDNS set up on a DD-WRT powered router but should also with any Linux powered router.<\/p>\n<ol>\n<li>Go to the <em>Administration <\/em>tab on your DD-WRT gateway page.<\/li>\n<li>Click on the <em>Commands <\/em>tab.<\/li>\n<li>In the <em>Commands <\/em>box, enter the following then click <em>Save Firewall<\/em><\/li>\n<\/ol>\n<p style=\"text-align: center;\"><strong><span style=\"font-size: x-small;\">iptables -t nat -A PREROUTING -i br0 -p udp <code>--<\/code>dport 53 -j DNAT <code>--<\/code>to $(nvram get lan_ipaddr)<br \/>\niptables -t nat -A PREROUTING -i br0 -p tcp <code>--<\/code>dport 53 -j DNAT <code>--<\/code>to $(nvram get lan_ipaddr)<\/span><\/strong><\/p>\n<p>There you have it. All DNS queries are now intercepted (TCP\/UDP port 53)\u00a0 by the iptable rules and forced to use the DNS servers configured on the router.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In one of my recent articles, I explained how I set-up a guest wireless network for our work place (after getting it to work with the right wireless channel :)) After configuring the guest access point, I set up the DNS servers to point to OpenDNS in order to provide a safer and faster DNS [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1],"tags":[19,30,29,20,7,27],"class_list":["post-188","post","type-post","status-publish","format-standard","hentry","category-tech","tag-ddwrt","tag-dns","tag-iptables","tag-linux","tag-networking","tag-opendns"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1trTO-32","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/comments?post=188"}],"version-history":[{"count":2,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/188\/revisions"}],"predecessor-version":[{"id":938,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/188\/revisions\/938"}],"wp:attachment":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/media?parent=188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/categories?post=188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/tags?post=188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}