Access restriction with Local DNS server

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
mhtrinh
DD-WRT Novice


Joined: 10 Feb 2020
Posts: 8
PostPosted: Fri Aug 06, 2021 10:47    Post subject: Access restriction with Local DNS server Reply with quote
Hi,

I have PiHole installed on 192.168.1.20
The upstream DNS is the provider DNS.

Setup > Router IP > LocalDNS : 192.168.1.20
Services > Dnsmasq >Dnsmasq : Enable
Services > Dnsmasq > Additional Dnsmasq Options: dhcp-option=6,192.168.1.20

Everything work as expected. I can see all phones DNS request go through my DNS server on 192.168.1.20 and dropping ads server

I want to enable Access crontrol on a phone.
Access Restrictions > Policy > 1
Access Restrictions > PCs : tried fill the MAC only, fill the IP only, tried fill MAC and IP
Access Restrictions > Filter
Access Restrictions > Blocked services > http [dpi]

As soon as I enable the Policy : no more internet on All devices, including the local DNS server (no ping, even to 8.8.8.8), doesn't matter if the time match or not.

What did I missed ? I follow https://wiki.dd-wrt.com/wiki/index.php/Access_Restrictions

Even when enabling an empty policy : no more internet.
Is this have to do with the local DNS ?

Edit:
DD-WRT v3.0-r42287 std (02/06/20)
Netgear WNDR4300
Back to top View user's profile Send private message
Sponsor
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 555
PostPosted: Sat Aug 07, 2021 12:42    Post subject: Reply with quote
Disclaimer - I don't use Access Restrictions

Have you seen this:

https://svn.dd-wrt.com//ticket/4942

My understanding is that for Access Restrictions to be any good you have to put in ALL devices and Allows for each device you DON'T want to filter. That is' when you turn it on the default is to block everything.

This prevents a child's friend from coming over to the house with their phone and surfing unrestricted

Most people I know with kids who want to restrict Internet usage buy a Circle box. They are pretty cheap.

I'm probably an old fart on this since what worked for us was just 2 wifi networks. One was for us the other was for the kids. We would unplug the kids one when we wanted them to do their homework.
Back to top View user's profile Send private message
mhtrinh
DD-WRT Novice


Joined: 10 Feb 2020
Posts: 8
PostPosted: Sun Aug 29, 2021 11:06    Post subject: Reply with quote
This feature looks a bit unstable IMHO ...
So I implement my own way, using a seperate linux box with dnsmasq and iptables
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14221
Location: Texas, USA
PostPosted: Sun Aug 29, 2021 11:52    Post subject: Reply with quote
You need to be on a recent build, i.e. the next release:
BrainSlayer wrote:
access restrictions are fixed in next rev

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum