ER605 V1 Routing Help

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 V1 Routing Help

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 V1 Routing Help
ER605 V1 Routing Help
2022-06-19 14:09:20 - last edited 2022-08-08 07:43:08
Tags: #Route
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.2.0 Build 20220114 Rel.76871

On my network I have two local DNS servers that get assigned via DHCP. The local DNS servers filter known malicious website, adult websites, and illegal downloads. If a DNS request is not for a local resource or does not get caught in the filter, the request gets forwarded to OpenDNS' Family Friendly Public DNS Servers. I have a friend that when they are connected to my network, they manually set there DNS to Google's Public DNS Servers to avoid my DNS filters.

 

I have a route setup to redirect Google DNS (8.8.8.8) to my local DNS server (192.168.1.53), but it does not seem to work. If the route is active I can't ping 8.8.8.8, but if it is disabled it does respond to pings. Also, to test I setup a route from an unused local IP (192.168.1.183) to a local website (192.168.1.250). If I browse to https://192.168.1.183 the website does not load.

 

Am I doing this correctly, or is there a different/better way to accomplish this?

 

Current Custom Routes:

 

Google DNS 1

Destination IP: 8.8.8.8

Subnet Mask: 255.255.255.255

Next Hop: 192.168.1.53

Interface: Private_LAN

Metric: 0

Status: Enabled

 

Google DNS 2

Destination IP: 8.8.4.4

Subnet Mask: 255.255.255.255

Next Hop: 192.168.1.54

Interface: Private_LAN

Metric: 0

Status: Enabled

 

Local Website

Destination IP: 192.168.183

Subnet Mask: 255.255.255.255

Next Hop: 192.168.1.250

Interface: Private_LAN

Metric: 0

Status: Enabled

  0      
  0      
#1
Options
2 Reply
Re:ER605 V1 Routing Help
2022-06-19 14:36:43

  @HellBent 

 

Why not route to a Black hole, (an ip that not in use on your LAN)

you can use same nex hop ip to all routing.

 

 

 

  0  
  0  
#2
Options
Re:ER605 V1 Routing Help
2022-06-20 07:45:57

  @HellBent The test you made for local website is not useful. The static routing will only take effect when destination IP is in a different netwrok/subnet.

 

I think a solution is to use Access Control to block all other public DNS servers.

I don't use Standalone mode anymore but I find a screenshot from tplink FAQ. You just need to change the "IPSec" to "DNS" to block all public DNS server.

But you may also need an Allow rule before this Block rule, to allow the OpenDNS' Family Friendly Public DNS.

 

See how to use ACL guide.

 

  0  
  0  
#3
Options