1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.


Discussion in 'Tomato Firmware' started by jersully, Sep 9, 2008.

  1. jersully

    jersully LI Guru Member

    I had been meaning to enable Open DNS on my Tomato router for quite some time and finally got around to it last night. I was only going to explore the improved DNS speeds and was surprised at all the other features it has. The content blocking is very cool. I'm mostly concerned with blocking timekiller sites so my son can concentrate on his homework. He knows I "spy" on his activites and thus far porn hasn't been a problem.

    Now I'm wondering three things.

    1) How easy would Open DNS be for him to bypass? He's a smart kid but not computer savvy. Open DNS supposedly blocks proxies but I know he couldn't use a proxy without help from a friend.

    2) What would be the easiest way to temporarily disable Open DNS? When he gets done with his homework, or on the weekend, I'd like to be able to allow him to check out his Facebook or YouTube. Can this be scripted via the SES button?

    3) What would be the easiest way to allow ONE computer in the house to not be blocked? I don't see why I should suffer while he's doing his homework! :) I haven't yet tried to manually assign an IP and DNS for a single computer - it was very late when I enabled Open DNS and I'm now at work.

    Overall I'm very pleased with the free service.
  2. i1135t

    i1135t Network Guru Member

    Log into Opendns.com and and within the network settings, you can "whitelist" sites that your son needs to use, so they aren't blocked by OpenDNS. For you, to bypass OpenDNS servers on your one computer, you will have to set manual DNS servers, ie. your ISP's DNS servers, on that computer. Also, be sure to uncheck 'intercept DNS requests' within the Tomato Settings (I forgot where, maybe the firewall settings), for that option to work, otherwise all DNS requests will be forwarded to the router's assigned DNS, which are the OpenDNS servers. Hope that helps...
  3. jersully

    jersully LI Guru Member

    Thanks, that sounds good and about what I thought would work. It would still be nice to be able to script it, but I'm no scripter.

    As an added precaution I'm going to lock down his network registry settings so he can't piggyback any open APs in our neighborhood.
  4. bigclaw

    bigclaw Network Guru Member

    If you manually specify DNS servers on your PC to bypass OpenDNS, he can do the same thing on his PC. Let's hope he never figures it out.
  5. jersully

    jersully LI Guru Member

    It's highly unlikely he'd figure that out, and if he did it's even less likely that he'd know to check registry security. If worst comes to worst I'll enable a policy within Windows.

    Actually, I'd take away his computer before we got to that point.
  6. JPorter

    JPorter LI Guru Member

    Actually, you should keep both "Use Internal Caching DNS Forwarder" and "Intercept DNS Port (UDP 53)" turned on. Make sure that Use Received DNS With Static DNS is turned off. If OpenDNS is set manually in the config, these options will force all devices on the network to use OpenDNS and abide by the filters.

    If you want to restrict certain sites at certain times, but allow them at others, don't filter them using OpenDNS... just add them to the Access Restriction rules in Tomato to filter by named http request, and set up an automatic schedule by day and time.

    You can set up an "All Except" for the rule and enter in the MAC address of your own PC, so that the rule applies to every device on the network except for your own. This can be useful if you want to extend the security policy to any potential devices (friend brings laptop over, friend with a Wi-Fi cell phone, etc) while keeping your own internet access on your PC open and unaffected.

Share This Page