Hello!
I am attempting to set-up my AR-750S (with firmware v.3.101) to block calls to Google’s DNS servers when using a SmartDNS service with my Chromecast. The box works fine with services that don’t use Google’s DNS servers, so the DNS Settings I applied are otherwise normally inherited.
Using the Advanced view I’ve tried a few approaches, but only Static Routing seems to ‘do’ anything (e.g I was able to configure Static Routing to re-direct all calls to 8.8.8.8/.4.4 to the router’s IP). This however didn’t seem to stop apps streaming via the Chromecast to geoblock me.
So I then went and tried to set-up Traffic Rules via the Firewall. I added in two entries:
IPv4-traffic - From any host in lan - To IP 8.8.8.8 in wan - Refuse forward
IPv4-traffic - From any host in lan - To IP 8.8.4.4 in wan - Refuse forward
I also then removed the Static Routing, however I quickly realised it was never applying these rules (even when restarting firewall and even when rebooting), as I could still ping these IPs and a trace route leads it back to Google’s DNS servers.
I then lastly tried appending the following to the end of Custom Rules:
iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination Router IP
iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination Router IP
But once again, this seemed to have no effect (e.g. ping’s still worked, etc).
The following settings have been enabled via normal interface in Custom DNS Server settings:
- DNS Rebinding Attack Protection
- Override DNS Settings for All Clients
- Manual DNS Server Settings
(+ DNS Server 1/2 listed below it)
Strangely when I run iptables -list via SSH it includes the following:
Chain zone_lan_forward (1 references)
target prot opt source destination
forwarding_lan_rule all -- anywhere anywhere /* !fw3: Custom lan forwarding rule chain */
zone_wan_dest_REJECT tcp -- anywhere 8.8.8.8 /* !fw3: DNS */
zone_wan_dest_REJECT udp -- anywhere dns.google /* !fw3: DNS */
zone_wan_dest_REJECT tcp -- anywhere dns.google /* !fw3: DNS 2 */
zone_wan_dest_REJECT udp -- anywhere dns.google /* !fw3: DNS 2 */
zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: Zone lan to wan forwarding policy */
ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
But in spite of this I can still ping 8.8.8.8…
Can someone please help as I’ve thrown everything I can find at it, but can’t get it to do something that was easier for me to set-up on DD-WRT previously by comparison (this is my first OpenWRT router).
Thanks!