- This topic is empty.
March 1, 2012 at 12:56 am #43295hojendizMember
I have one eth00 in my zeroshell box connected to 3 gateway modems through one switch.
I’m using net balancer to balance and failover those 3 gateways with dynamic IP.
In order to use OpenDNS blocking feature you must use the native client for openDNS of zeroshell.
The problem is that the client obviously updates one IP at a time, using the IP of just one of my gateways to configure the blocking feature, leaving the other 2 gateways out of the configuration.
So because of the load balancing the computers go through differents gateways constantly depending on the traffic. And the blocking works if you are lucky enough (or from the user perspective, have the bad luck) of going out to the internet through the gateway that the client of zeroshell has updated the IP.
So my question is: how can I update the IP of my 3 gateways on my OpenDNS account?.
one awful solution is to have 3 different computers each one connected to a gateway with the opendns software client to report the IP.
I’m thinking in one “magical” script that can handle the work using the labeled network advantage of the OpenDNS configuration.
thank you for reading and I’ll really appreciate any help
*Sorry for the bad english 😕March 1, 2012 at 4:50 pm #52243athelingMember
Your English is quite good.
I think you can get around this by setting up a traffic classification rule so that all DNS traffic uses one of your dynamic links. Let the client always update OpenDNS for that one link.
General HTTP, mail, etc. traffic can be load balanced as usual.
One down side will be that if that link fails you will have to move all your DNS setup to another link to restore your Internet service.
By the way, I was unfamiliar with OpenDNS so I did a web search to find out what you were referring to. A number of the hits I got were posts by teenagers trying to figure out how to get around OpenDNS blocking their parents had set up. Typically the response was to set a new DNS server IP address on their individual computer. If you are worried about that, and if you are using OpenDNS I suppose you are, then you might go a bit farther and setup blocking rules in Zeroshell so no DNS request from your LAN can be made to servers other than either OpenDNS or Zeroshell.
I haven’t done this type of thing in the Zeroshell GUI but know it can be done via iptables commands through the command line. Probably possible in the GUI but you’ll have to research it.
The next thing they can do is use a web browser to access a DNS lookup web site and find the IP address for the server(s) you have blocked through OpenDNS. They can then use the IP adddress directly to access the site(s). On a case by case basis you can block those by blocking IP address ranges in Zeroshell.
Best of luck. Personally I’d rather not have to be playing spy/counter spy with my family.March 1, 2012 at 6:52 pm #52244hojendizMember
atheling thanks for the quick response and for giving me another way to try to go arround this issue
Fulvio did a great tutorial on setting up ZeroShell with openDNS [url][http://www.zeroshell.net/eng/opendns/][/url] and also thought on how to disable any intent of using another DNS (“Firewall setup to prevent non OpenDNS DNS use”) which worked fine.
I’m using the restrictions for a company environment. Through proxy (black/withe list) and firewall I was able to restrict Messenger, Facebook, and other web contect forbidden by “Company Policy”, but as you know https is harder to block using a proxy, so I thought I can use the OpenDNS method to control that. Mainly I want to prevent the webchats through https.
Of course I belive tha the best method to prevent the internet abuse among co-workers is to educate them… but try to explain that philosophy to your boss.
The good thing is that this is not urgent (yet).
- You must be logged in to reply to this topic.