We have launched the new version of the DrayTek website, and this content is no longer being maintained.
You will find more information on our new site; however, we will keep this page for a few months.

[Vigor3900] How to make the LAN clients be protected by OpenDNS FamilyShield service?

OpenDNS provides the free Family Shield service that helps screen out potentially objectionable content that you may prefer not to see or don't want others in your family to stumble across. To use the service, we just need to use Open DNS IP 208.67.222.123 and 208.67.220.123 as the DNS server IP! The example below will show how to configure Vigor Router to use the OpenDNS IP as DNS server and block specific LAN clients from using other DNS servers, thus to make them be protected by the Family Shield service.

1. Assign OpenDNS server IP to LAN DHCP Clients: Go to LAN >> General Setup, and click on the LAN profile in use.

  1. Click Add in DHCP DNS
  2. Enter IP 208.67.222.123 and 208.67.220.123, and click Save
  3. Click Apply to save the changes
   

2. Create IP objects for Open DNS server IP. Go to Objects Setting >> IP Object, and click Add to create a new profile.

  1. Enter Profile name
  2. Select Single for Address Type
  3. Enter 208.67.222.123 for Start IP Address
  4. Click Apply to save the changes
   

3. Similarly, create another IP object for another Open DNS server IP. Go to Objects Setting >> IP Object, and click Add to create a new profile.

  1. Enter Profile name
  2. Select Single for Address Type
  3. Enter 208.67.220.123 for Start IP Address
  4. Click Apply to save the changes

 

   

4. Create IP object for the LAN PC's IP that you would like to protect. Go to Objects Setting >> IP Object, and click Add to create a new profile.

  1. Enter Profile name
  2. Select Single for Address Type
  3. For Start IP Address, enter the IP of the LAN PC you'd like to protect
  4. Click Apply to save the changes
   

5. Go to Firewall >> IP Filter, and click Add to create a IP Filter Group profile.

  1. Enter Group profile name
  2. Check Enable
  3. Click Apply to save the changes
   

6. Create a Firewall IP Filter rule to pass all packets to OpenDNS server IP address. Go to Firewall >> IP Filter >> Child_Protect, and click Add to create an IP Filter rule.

  1. Enter rule profile name
  2. Check Enable
  3. Select Accept for Action
  4. Select the LAN profile in use for Input Interface
  5. Select he WAN profile in use for the Output Interface
  6. In Destination IP area, select the OpenDNS objects we just created
  7. Click Apply to save the changes
   

7 Create another Firewall IP Filter rule to block the DNS packets from Child PC's IP address to any other IP address. Go to Firewall >> IP Filter >> Child_Protect, and click Add to create an IP Filter rule.

  1. Enter rule profile name
  2. Check Enable
  3. Select Block for Action
  4. Select the LAN profile in use for the Input Interface
  5. Select the LAN profile in use for the Output Interface
  6. In Service Protocol area, select DNS for Service Type Object
  7. In Source IP area, select the IP Object Child_PC we created
  8. Click Apply to save the changes

     

   

8. After completing the above configurations, Child's PC won't be able to query other DNS server about domain names, they can only use the OpenDNS FamilySheild server.

   

9. While the child tries to browse a website that contains content improper for children, it will be blocked by OpenDNS Family Shield service.

   
Was this article helpful?
19[Vigor3900] How to make the LAN clients be protected by OpenDNS FamilyShield service? has been viewed------ 19 ------times.