I am trying to push OpenDNS filtering on to the guest network for when my kids friends come over, i found a post from a couple years ago that detailed how it was done, however i can't get it to work with the latest release of merlin:
http://www.snbforums.com/threads/guest-network-with-dns-filtering.17740/
firewall script that detaches wl0.1 from br0, creates br1 and adds it to it:
dnsmasq.conf.add
I can run the firewall script and created the dnsmasq.conf.add file but i can't connect to the guest SSID. When i try to connect it just says "connecting" on my phone then it fails.
Any ideas?
http://www.snbforums.com/threads/guest-network-with-dns-filtering.17740/
firewall script that detaches wl0.1 from br0, creates br1 and adds it to it:
Code:
#!/bin/sh
exec 1>>/tmp/firewall-start.log 2>&1
date
set -x
WANIP=$(/sbin/ifconfig eth0|grep 'inet addr'|cut -d':' -f2|awk '{print $1}')
brctl delif br0 wl0.1
brctl addbr br1
brctl addif br1 wl0.1
ifconfig br1 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255
iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to $WANIP
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -d 192.168.1.0/24 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p udp --dport bootps --sport bootpc -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport domain -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport domain -j ACCEPT
#Force all guests to use filtered DNS (Norton Children)
iptables -t nat -I PREROUTING -i br1 -p tcp --dport domain -j DNAT --to 199.85.126.30
iptables -t nat -I PREROUTING -i br1 -p udp --dport domain -j DNAT --to 199.85.126.30
dnsmasq.conf.add
Code:
interface=br1
dhcp-range=br1,192.168.3.2,192.168.3.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.3.1
I can run the firewall script and created the dnsmasq.conf.add file but i can't connect to the guest SSID. When i try to connect it just says "connecting" on my phone then it fails.
Any ideas?