Thank you for your assistance in advance; I have read the Hotspot documentation and have tried to find the answer on my own before posting.
I have the 450G setup as a bandwidth shaper and for this purpose it is working great however, I need to use two different DNS servers for different user profiles.. Meaning:
I have a large home, many adults and several children..
I wish to have the adults with a profile or rules that would allow them to use regular DNS server; i.e. 4.2.2.1
I then wish to have the children’s profile or rules that would make sure their DNS requests were forwarded to OpenDNS; i.e. 208.67.222.222
OpenDNS offers filtered queries while the adults use unfiltered…
Could someone please help me with a configuration that would solve two different profiles for two groups of users.
Under the Hotspot User Profiles you can set a value for an address list - users that log into the profile get dynamically added to that address list, and removed when they log out.
Use that to write mangle rules that mark DNS packets accordingly and dst-nat them to the desired DNS servers.
Could someone give me an example of how to write the Mangled rule to send them to dst-nat to the DNS server.. I have no idea of how to customize rules in the firewall.. I will take time to learn however, could someone with experience help me with a “example” of what it would look like?
All packets are being sent according to the “list” they are in…
Child or Adult…
However, the correct DNS server is not being requested of.. Meaning…
From profile 1, with adult list does go through the rule that matches.. However, the user is getting the default DNS server response regardless of what is specified in the rule..
I have the RB450G configured to use OpenDNS by default.. So even if there is a dst-nat rule that says that the adult profile will be dst-nat to 4.2.2.1 port 53.. the response to the user is default…
I hope this is clear enough.. The packets are going through the rules.. but the dns response is almost like it is transparently redirected to the RB450g default dns servers…
yes, the address-list is populated with “child or adult” entries.. I see the rules with packets being counted..
The weird issues is that I have both the rules pointing towards different DNS servers..
The user is getting the system default response.. it is like the rule is 1. being ignored 2. being redirected
the reason I say this is that OpenDNS responses to a porn domain is always back to a “blocked” ip.. Filtered.. If that same query is to 4.2.2.1 it gets a normal recursive lookup and IP address reply.. The client regardless of what URL that is typed in and regardless of what address-list is is on and regardless of the rules for the address-list.. the response is always from the system default dns..
My config is:
Default System DNS ip address is OpenDNS (Filtered)
There are 2 rules; one for each of the address-list’s… Adult Child (filtered and non-filtered)
The user always gets response from Default system DNS server configured.. I tested by using 4.2.2.1 as system default too and same happens.. it is as if it gets redirected or ignored.
This is where the issue is: 4 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53
I have to find some how to return the packet back to the user.. I see the user listed in the address-list, I see the counter counting packets, but the DNS is being intercepted and handled by the default DNS of the RouterBoard.. It is not returning the packet’s response.
Ah, that’s true. Try inserting a rule before that dynamic one hits. There’s a jump to pre-hotspot higher up, so maybe instead of the rules I posted earlier, try
Same happens, I can see the address-list filled, see packets being counted via the appropriate rule, all dns requests are still being answered by the Hotspot itself