Redirect traffic to Restricted YouTube?

Discussion in 'Tomato Firmware' started by macster2075, Dec 25, 2018.

  1. macster2075

    macster2075 Reformed Router Member

    I can have everyone connected to my router be redirected to the Restricted mode of Youtube...but, I don't want to do that... I am looking to have certain devices only to be redirected to YouTube restricted mode.

    are there iptables I can use to achieve this?
     
  2. cloneman

    cloneman LI Guru Member

    You can use dnsmasq custom configuration to advertise a different DNS server in DHCP config, to different LAN clients, one DNS that will redirect and one that will not.
     
  3. macster2075

    macster2075 Reformed Router Member

    how would I do that?
    Right now I have this inside dnsmasq address=/www.bing.com/204.79.197.220
    which redirects all traffic to Bing SafeSearch.

    How would I only redirect a specific device by either IP or mac address?
     
  4. Cliffield

    Cliffield Connected Client Member

    Like cloneman proposed, you probably need a second DNS Server at your LAN or you use a public dns server which has such restrictions included. Than you can assign this DNS server to specific clients.
    More: https://www.linksysinfo.org/index.php?threads/assign-specific-dns-to-only-certain-clients.68865/
    If you don't want to specify every single MAC you could put all those devices in an own subnet and
    assign your restricted dns server to the clients of the whole subnet ( dhcp-option=tag:br2,6,192.168.1.123 or whatever the ip of the restricted dns server is).

    Maybe there are other/better solutions.
     
  5. macster2075

    macster2075 Reformed Router Member

    I thought there might be a firewall rule or something like that to achieve this.
     
  6. cloneman

    cloneman LI Guru Member

    Filtering isn't usually one of those nice features; it creates inconvenience for users and the smart users can often bypass it.


    Selling whack-a-mole content filtering to Schools is big business , where they sell easy to use routers for lots of money. You'd be better off with a custom DNS solution, or other solution, most likely.

    https://www.draytek.com/en/faq/faq-...an-clients-to-use-youtube-in-restricted-mode/

    Here are some instructions I found online
    Code:
    Youtube
     
     For youtube, add a CNAME for the following records:
    
    www.youtube.com
    m.youtube.com
    youtubei.googleapis.com
    youtube.googleapis.com
    www.youtube-nocookie.com
    And point them to:
    
    For Strict Restricted YouTube access, add restrict.youtube.com as a CNAME for these domains. For Moderate Restricted YouTube access, add restrictmoderate.youtube.com as a CNAME for these domains.
     
  7. macster2075

    macster2075 Reformed Router Member

    Aren't CNAMEs used in DNS Servers? - If so, I don't have one. Unless Tomato firmware has an option to configure cnames.
     
  8. cloneman

    cloneman LI Guru Member

    Right, you either have to install a 2nd DNS server on another device, or perhaps you can do what you want with a service like OpenDNS that will act as the 2nd server. I don't know of another way to do this, I don't think iptables can do it. I would image iptables' operates mostly in the realm ip addresses and ports, and not web services, dns names, or deep packet inspection.
     
  9. macster2075

    macster2075 Reformed Router Member

    Well, I do use OpenDns as my current DNS server, but that server is applied to everyone connected to the router.
    What I am looking for is to have only certain devices to be forced to use a specific DNS server.

    I've been looking online that I've found some places where they talk about iptables to accomplish this, but they do not mention which iptable to use.
     
  10. cloneman

    cloneman LI Guru Member

    using the DNSmasq custom configuration you should be able to point some people to openDNS and others to the router's internal DNS server I think.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice