PORN Control: Help Please

RouterOS Beginner Basics
1

I have been looking all over to find a solution that I can implement into MK router that would auto deny access to sites containing
adult content but been falling short finding it.

The closest match I have found was opendns but when trying to add the firewall filter as:

/ip firewall nat add chain=dstnat src-address=10.10.10.0/24 protocol=tcp dst-port=53 action=dst-nat to-addresses=208.67.222.222 to-ports=53
/ip firewall nat add chain=dstnat src-address=10.10.10.0/24 protocol=udp dst-port=53 action=dst-nat to-addresses=208.67.222.222 to-ports=53

I get no change at all!

I have tried all kind of ways trying to change dns setting under dns and dhcp server to the ip provided by Opendns
208.67.222.222
208.67.220.220

I get no change at all…

help is really wanted because this is a setup for public internet access involving kids going online.

2

use openDNS service, you choose antiporn mode.!

regards

3

I guess I found the problem why openDNS is not working for me!
I am behind local ip address in 192.168.x.x format. openDNS can only see public ip.

is there any solution out there?

thank you,

4

OpenDNS is working in any way

5

A little walk through will be greatly thanked.

6

use only:
/ip firewall nat
add chain=dstnat dst-port=53 action=dst-nat to-addresses=208.67.222.222 to-ports=53

then:

  • open an account on opendns
    -setcontent filter categories you want to block
7

It seems like I must indicate udp or tcp otherwise will get MT error.

I’ve been doing lots of search but I came across a post here “can’t remember which one” it was talking about if
the ISP deny local udp port 53 lookup… so is there a bypass for that if that was the problem? I mean I have
done everything possible, step by step almost for the last 15 hours but not made it work. Have setup open dns,
configured it, have added the entries into MT but not working.

would masquerade have anything to do with it?

I have also manually changed pc’s dns setting to the ones of opendns, but porn sites get no effect.

8

Yes, you need to add “protocol=udp” to that line.

Masquerade shouldn’t interfere with this.

If your ISP is blocking outside DNS then there’s pretty much nothing you can do. You can check if that’s the case by directly querying OpenDNS - assuming you’re on a Windows machine, move it outside of the Mikrotik router, open the command line and run “nslookup http://www.google.com 208.67.222.222” and see if you get a reply. If you do, your router is misconfigured. If you don’t, your ISP is very most likely blocking OpenDNS. That’s outside your sphere of influence and a good first step would be to call the provider and see if they can help you out.

It’s also possible that your provider is doing the same thing you are doing, just on a larger scale - redirect all DNS directly to their DNS servers. Again, that’s outside your sphere of influence and you’d likely have to talk to them for a workaround.

9 
nslookup http://www.google.com 208.67.222.222
Server:  resolver1.opendns.com
Address:  208.67.222.222

*** resolver1.opendns.com can't find http://www.google.com: Non-existent domain

This is what I got running nslookup! is this a bad luck or a good luck?

10

nslookup need to be in this way…


Default Server: ns4.wifi4india.com
Address: 192.168.9.250

http://www.google.com
Unrecognized command: http://www.google.com
google.com
Server: ns4.wifi4india.com
Address: 192.168.9.250

Non-authoritative answer:
Name: google.com
Addresses: 74.125.53.100, 74.125.67.100, 74.125.45.100

11

Now I got this what do you think please give me a lucky answer:

C:\>nslookup www.google.com 208.67.222.222
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    www.l.google.com
Addresses:  209.85.229.106, 209.85.229.147, 209.85.229.99, 209.85.229.103
          209.85.229.104, 209.85.229.105
Aliases:  www.google.com