Prevent P2P Fileharing with Parental Controls & DNS Filtering

[cowboy]

• Under AiProtection → Parental Controls one can create rules to block P2P and File Transfer for individual clients. Is there a option to create a rule for all the clients on the network instead of creating rules for every client separately ? Or even better create rules for just the clients on a specific Guest Network ?

• I have set OpenDNS with web content filtering on my router and it is working. But the problem is that it is easy to bypass by changing the DNS Address on the clients side. Under AiProtection → DNS Filtering → Global Filter Mode there is a option called "Router". If I understand this correctly it should force the clients to use the DNS address specified in the router. So they will be forced to use the DNS Address specified in the router no matter what, did I understand this correctly ?

 

[bilboSNB]

With regards to the dns filter, that should be how it works yes, test it and try. If that doesn't work, as I know it didn't used to a while back just create a custom entry with your routers lan ip instead.

 

[cowboy]

With regards to the dns filter, that should be how it works yes, test it and try it. If that doesn't work, as I know it didn't used to a while back just create a custom entry with your routers lan ip instead.

So I can go back to WAN → Internet Connection → WAN DNS Settings and set the DNS back to automatic and in the AiProtection → DNS Filtering → Global Filter Mode set it to Router and insert the OpenDNS Address there. Every client specified in the client list will be forced to use the OpenDNS address. I will try to see if it works like I imagine it to be working. But as I said it would be much more better if I could set such a rule for a Guest Network.

 

[ColinTaylor]

Every client specified in the client list will be forced to use the OpenDNS address.

No. At least not in the screen shot you provided.

Each client specified in the list will be forced to use the DNS you specify for it. If you specify Router, it will use the routers DNS which (because you set the WAN DNS to automatic) will in turn be forward to your ISPs DNS.

If you want a specific client to be forced to use OpneDNS you would have to specify a Filter Mode of Custom 1, or Custom 2, or OpenDNS Home or OpenDNS Family.

Given your screen shot, any client not specified in the list (Global Filter Mode) will be forced to use the routers DNS which will in turn be forward to you ISPs DNS

 

[cowboy]

No. At least not in the screen shot you provided.

Each client specified in the list will be forced to use the DNS you specify for it. If you specify Router, it will use the routers DNS which (because you set the WAN DNS to automatic) will in turn be forward to your ISPs DNS.

If you want a specific client to be forced to use OpneDNS you would have to specify a Filter Mode of Custom 1, or Custom 2, or OpenDNS Home or OpenDNS Family.

Given your screen shot, any client not specified in the list (Global Filter Mode) will be forced to use the routers DNS which will in turn be forward to you ISPs DNS

Let me make sure that I understood correctly.

If I want all my clients to use OpenDNS except for a client X which should use the Router's DNS (set in the WAN settings), I have to set the Global Filter Mode to OpenDNS Home and the X client (Wii U) should be added to the client list like in the image below, right ?

 

[ColinTaylor]

If I want all my clients to use OpenDNS except for a client X which should use the Router's DNS (set in the WAN settings), I have to set the Global Filter Mode to OpenDNS Home and the X client (Wii U) should be added to the client list like in the image below, right ?

Correct.

Be aware though, that because your clients (apart from the Wii U) are going directly to OpenDNS for their name resolution you will not be able to resolve names of devices on your LAN. i.e If you have a network printer called "my-printer" and you try to do an "nslookup my-printer" from one of your PCs it will fail because OpenDNS doesn't know anything about the printer.

For most people this is not an issue, but I thought I'd point it out.

The alternative is to do everything the opposite way around. Set the Router's WAN DNS to the IP for OpenDNS Home and then set the Global Filer Mode to router. Create a Custom DNS entry for your ISPs DNS and then create a client entry for the Wii U that uses it.

This way, by default everybody uses the routers DNS first (for local name resolution) and if that fails the request is forwarded to the WAN DNS (OpenDNS). You create an exception for the Wii U so that it goes directly to your ISPs DNS server.

The choice is yours.

 

[RMerlin]

If you are going to set the default filtering to OpenDNS, might as well disable the setting where you use your ISP's DNS servers, and enter the two OpenDNS servers there, and disable DNSFilter's global option. Then, set the unrestricted clients to Custom1, and enter either your ISP's DPS as Custom1, or Google's 8.8.8.8. That way, all clients going through OpenDNS will still be able to do LAN name resolution.

 

[cowboy]

Thanks for the help. Now I understand how the set properly the DNS Filtering.

I created a Guest Network and gave the password to my neighbor. But I want to be sure my router is blocking P2P File Sharing. I think the best way to accomplish this is through Parental Controls, but the problem is that I can't know how many devices the neighbor has. So is there a option to block P2P File Sharing for all the clients or even better only for the clients on the Guest Network ?

What's the upper left checkbox for ?