Protect the LAN clients by OpenDNS FamilyShield service (Vigor3900/2960)

OpenDNS provides the free Family Shield service that helps screen out potentially objectionable content that you may prefer not to see or don't want others in your family to stumble across. To use the service, we need to use Open DNS IP 208.67.222.123 and 208.67.220.123 as the DNS server IP. The example below will show how to configure Vigor3900 to use the OpenDNS as the DNS server and block specific LAN clients from using other DNS servers, thus to make them be protected by the Family Shield service.

1. Assign OpenDNS server IP to LAN DHCP Clients: Go to LAN >> General Setup, and click on the LAN profile in use.

  1. Click Add in DHCP DNS
  2. Enter IP 208.67.222.123 and 208.67.220.123, and click Save
  3. Click Apply to save the changes

2. Create IP objects for Open DNS server IP. Go to Objects Setting >> IP Object, and click Add to create a new profile.

  1. Enter Profile name
  2. Select "Single" for Address Type
  3. Enter 208.67.222.123 for Start IP Address
  4. Click Apply to save the changes

3. Similarly, create another IP object for another Open DNS server IP. Go to Objects Setting >> IP Object, and click Add to create a new profile.

  1. Enter Profile name
  2. Select "Single" for Address Type
  3. Enter 208.67.220.123 for Start IP Address
  4. Click Apply to save the changes

4. Create an IP object for the LAN PC's IP that you would like to protect. Go to Objects Setting >> IP Object, and click Add to create a new profile.

  1. Enter Profile name
  2. Select "Single" for Address Type
  3. For Start IP Address, enter the IP of the LAN PC you'd like to protect
  4. Click Apply to save the changes

5. Go to Firewall >> IP Filter, and click Add to create an IP Filter Group profile.

  1. Enter Group profile name
  2. Check Enable
  3. Click Apply to save the changes

6. Create a Firewall IP Filter rule to pass all packets to the OpenDNS server IP address. Go to Firewall >> IP Filter >> Child_Protect, and click Add to create an IP Filter rule.

  1. Enter a rule profile name
  2. Check Enable
  3. Select "Accept" for Action
  4. Select the LAN profile in use for Input Interface
  5. Select the WAN profile in use for the Output Interface
  6. In the Destination IP area, select the OpenDNS objects we just created
  7. Click Apply to save the changes

7 Create another Firewall IP Filter rule to block the DNS packets from Child PC's IP address to any other IP address. Go to Firewall >> IP Filter >> Child_Protect, and click Add to create an IP Filter rule.

  1. Enter a rule profile name
  2. Check Enable
  3. Select "Block" for Action
  4. Select the LAN profile in use for the Input Interface
  5. Select the LAN profile in use for the Output Interface
  6. In the Service Protocol area, select "DNS" for Service Type Object
  7. In the Source IP area, select the IP Object Child_PC we created
  8. Click Apply to save the changes

8. After completing the above configurations, Child's PC won't be able to query other DNS servers about domain names. They can only use the OpenDNS FamilySheild server.

9. While the child tries to browse a website that contains content improper for children, it will be blocked by OpenDNS Family Shield service

Published On:2016-07-20 

Was this helpful?   

book icon

Related Articles