What's new

Orbi Lbr20 - OpenDNS problems and other questions

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

MamaLbh

New Around Here
Hi,
I am used to my previous setup - broadband internet and a pcWRT modem which made it easy to have different groups with different rules. So kids devices had moderate-restricted YouTube, went through OpenDNS, had scheduled calendars regulating access, etc where as IoT device had no rules or filters. Now we are in a rural area and our only option is cellular internet,

1) I have tried to get Orbi to use OpenDNS. In Advanced > Setup > Internet Setup I put in OpenDNS servers, click "Apply", restart router and computer, and it reverts to "Automatic from ISP"
How do I get OpenDns to stick?

2) High importance - where do I go to force Youtube to use moderate restricted mode and force safe search? I don't see a place in the GUI to do CNAMEs, maybe there's a way with command line?

3) Is there a way (using commands possibly) to set up the orbi with different groups (mac address based) with different rules? Or will it be easier just to hook up my pcWRT router to the Orbi via ethernet?

Thanks :)
 
Last edited:
Some hints for you:

3) Is there a way (using commands possibly) to set up the orbi with different groups (mac address based) with different rules? Or will it be easier just to hook up my pcWRT router to the Orbi via ethernet?

There was relatively old thread. Examples for R7800/R9000 but it should be the same for Orbi.

https://www.snbforums.com/threads/selective-parental-control-in-my-build-of-firmware.54815/


2) High importance - where do I go to force Youtube to use moderate restricted mode and force safe search? I don't see a place in the GUI to do CNAMEs, maybe there's a way with command line?

Maybe you should try to use DNSCryptProxy-2 with cleanbrowsing-family server:​
Blocks access to all adult, pornographic and explicit sites. It also blocks proxy and VPN domains that are used to bypass the filters. Mixed content sites (like Reddit) are also blocked. Google, Bing and Youtube are set to the Safe Mode. Warning: This server is incompatible with anonymization. By https://cleanbrowsing.org/
https://dnscrypt.info/public-servers/

I myself have to use DNSCryptProxy-2 cleanbrowsing-family server. Parental control. Works fine.

It is enough to change /etc/dnscrypt-proxy-2.toml file:

server_names = ['doh-cleanbrowsing-family']


Voxel.
 
Voxel, thank you for your reply.

I am very new to using telnet/SSH
How do I get to where I would type this in?

/opt/scripts/firewall-start.sh


#!/bin/sh
# Parental Control (forward DNS requests to OpenDNS Family DNS)
# Smartphone
iptables -t nat -I PREROUTING -i br0 -m mac --mac-source AA:BB:CC:DD:EE:FF -p udp --dport 53 -j DNAT --to 208.67.222.123
iptables -t nat -I PREROUTING -i br0 -m mac --mac-source AA:BB:CC:DD:EE:FF -p tcp --dport 53 -j DNAT --to 208.67.222.123
# Windows PC
iptables -t nat -I PREROUTING -i br0 -m mac --mac-source 11:22:33:44:55:66 -p udp --dport 53 -j DNAT --to 208.67.222.123
iptables -t nat -I PREROUTING -i br0 -m mac --mac-source 11:22:33:44:55:66 -p tcp --dport 53 -j DNAT --to 208.67.222.123



And, where do I go to make CNAME rules? Or, would this be something I could/should do in iptables?
1642536186579.png
 
Last edited:
I am very new to using telnet/SSH
How do I get to where I would type this in?

Well... It is troublesome to explain all this...
You should understand all this. And to read my QuickStart.txt re: how-to.

Maybe it has a sense as a first step to setup DNSCryptProxy-2 with cleanbrowsing-family.

From SSH/Telnet:

Code:
nvram set dnscrypt2=1
nvram commit
mkdir -p /mnt/circle/overlay/etc
cp -p /etc/dnscrypt-proxy-2.toml /mnt/circle/overlay/etc
nano /mnt/circle/overlay/etc/dnscrypt-proxy-2.toml

Find the line in 'nano' editor

server_names = ['cloudflare', 'scaleway-fr', 'dnscrypt.eu-nl', 'dnscrypt.eu-dk']

and change it to

server_names = ['doh-cleanbrowsing-family']

After that reboot your LBR.

Check that it is working after reboot, from SSH/Telnet:

Code:
cat /var/log/dnscrypt-proxy-2.log

If it is OK there should be something like

[2022-01-18 19:31:07] [NOTICE] dnscrypt-proxy 2.1.1
[2022-01-18 19:31:07] [NOTICE] Network connectivity detected
[2022-01-18 19:31:07] [NOTICE] Now listening to 127.0.0.1:64153 [UDP]
[2022-01-18 19:31:07] [NOTICE] Now listening to 127.0.0.1:64153 [TCP]
[2022-01-18 19:31:07] [NOTICE] Now listening to [::1]:64153 [UDP]
[2022-01-18 19:31:07] [NOTICE] Now listening to [::1]:64153 [TCP]
[2022-01-18 19:35:45] [NOTICE] Source [public-resolvers] loaded
[2022-01-18 19:35:46] [NOTICE] Source [relays] loaded
[2022-01-18 19:35:47] [NOTICE] Firefox workaround initialized
[2022-01-18 19:35:47] [NOTICE] Loading the set of blocking rules from [/etc/blacklist.txt]
[2022-01-18 19:35:47] [NOTICE] [doh-cleanbrowsing-family] OK (DoH) - rtt: 92ms
[2022-01-18 19:35:47] [NOTICE] Server with the lowest initial latency: doh-cleanbrowsing-family (rtt: 92ms)
[2022-01-18 19:35:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1




Voxel.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top