How to block port 53 on TP-Link TD-W8980 v1?
I cannot figure out how to block port 53 on my TP-Link TD-W8980 v1. I have the OpenDNS servers configured, but the users on my network can bypass the DNS if they know how to manually configure their network settings on their computers. Please help with detailed instructions.
-
According to your manual http://www.tp-link.com/res/down/doc/TD-W8980_V1_UG.pdf you configure rules for "WAN hosts" as of chapter 4.14, especially as of section 4.14.3. The WAN hosts represent DNS server IP addresses or IP address ranges to be blocked. And you block them for port 53, of course.
-
Sorry to revive an old thread, but I'm having the same problem as the OP, and have been reading threads here for several days trying to find the answer. While my router is similar to the OP's, it's a different model, and mine doesn't allow me to configure rules for WAN hosts that I've been able to find.
I'm using an Archer C7 /AC1750 (manual here: http://www.manualslib.com/products/Tp-Link-Archer-C7-3049405.html); is it still possible for me to block all DNS resolvers besides OpenDNS?
If so, I would greatly appreciate instructions similar to the detailed instructions above. Thanks very much. -
This is how I did it (under IPv4 Firewall):
1. Create WAN Hosts: OpenDNS Primary, OpenDNS Scndary, All Other
2. Create IPv4 Firewall Rules (Default--Allow): OpenDNS Primary, OpenDNS Scndary, Block RestSee attachments for examples
WAN Host 2.jpg
WAN Host 3.jpg
Rule.jpg
Rule 1.jpg
WAN Host.jpg
WAN Host 1.jpg -
Thanks rotblitz and matoxltr for the help. I'm almost there. So--I set things up like the examples matoxltr provided, and somehow, I managed to block all access because my internet went down while the rules were enabled.
Rotblitz: in matoxltr's WAN Host 3 image, the ip address range is left blank but the port is specified. This is what I did when I accidentally blocked all access. However, I see that you said the following in response to matoxltr's question:- WAN Host IP address rule: 0.0.0.0 - 208.67.220.122, port 53 - 53
- WAN Host IP address rule: 208.67.222.223 - 255.255.255.255, port 53 - 53
These should block all DNS resolver addresses except the OpenDNS ones.
I tried to go back and create a new rule using those address ranges, but it didn't work. I assume I'm doing something wrong. First image is my input and second image is the result when I open the rule. Any ideas?Thanks again for your time and help.
1.png
2.png -
Did anyone ever resolve this issue? I have the Archer C7 and upgraded the firmware but I cannot seem to be able to add both allow and deny rules. It's either all ALLOW or all DENY. The screens I see from someone above with the TP-Link TD-W8980 make more sense to me. The Archer config screens are tough to decipher.
IF ANYONE HAS GOTTEN THIS TO WORK ON AN ARCHER C7 please give me a link or tell me how!
Tx!
-
For the ANSWER that WORKS, go to http://forum.tp-link.com/showthread.php?77773-Block-Port-53&highlight=opendns
and check the response near the bottom of the thread with screenshots by user coca kaola.
Essential you do the following: It works with the C7 because all the rules are ALLOW
Allow the packets specified by any enabled access control policy to pass through the Router
rule1: Allow for 8.8.8.8 on port 53 <--- put OPENDNS IP here
rule2: Allow for any target on port 1~52
rule3: Allow for any target on port 54~65535
Please sign in to leave a comment.
Comments
11 comments