FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
323 views 1 comments
by anonymous

Setup

  - RUT240 (FW Version: RUT2XX_R_00.01.14)

Problem

If I enable Site Blocking (hostblock), the google DNS (config-key hostblock.config.icmp_host) is used by dnsmasq to resolve all DNS requests. The mobile provider itself wants that all DNS requests are been resolved by its own DNS servers provides by DHCP. Google DNS servers might be blocked. 

All Websites that are whitelisted are not accessible, because they cannot be resolved

Background

I want to use the Site Blocking Feature (hostblock) to do DNS based whitelisting on IoT devices that are given to customers. I do not know the mobile provider before, but many of our customers uses a VPC with a custom APN (M2M Simcard) to connect their devices to the internet. In this VPC, the google DNS servers are not available. On the other hand other customers use "normal" SimCards where the google Servers are available. These devices are working well. But in both situations it needs to be working with the same configuration.

I need a working `hostblock` configuration for all future devices (with all variants of connection types) that resolves DNS requests to the nameservers that are provided by the mobile operator via DHCP and fallback to e.g. 8.8.8.8. This configuration needs to be applied to all routers that are going through the manufacturing process before the mobile provider and the DNS servers are known. Can this use case be handled with the RUT240 firmware? 

Does anybody had solved this issue before? 

What did I miss in my configuration?


/tmp/dnsmasq.d/server: (written by hostblock)

server=/example.com/8.8.8.8
server=/example.org/8.8.8.8
server=/example.net/8.8.8.8

/tmp/resolv.conf.auto: (given by the DNS provider, 8.8.8.8 not accessible through VPC)

# Interface ppp
nameserver xxx.yyy.zzz.1
nameserver xxx.yyy.zzz.2

/etc/config/hostblock

config hostblock 'config'
  option mode 'whitelist'    
  option enabled '1'
  option icmp_host <needs to be dynamic based on the dhcp response of the provider>
config block
  option enabled '1'
  option host 'example.com'
config block
  option enabled '1'
  option host 'example.org'
config block
  option enabled '1'
  option host 'example.net'
by anonymous
In addition: The "Proxy Based Content Filter" (privoxy) is not an option because HTTPS traffic is ignored on this.

1 Answer

0 votes
by anonymous

Hi,
This configuration needs to be applied to all routers that are going through the manufacturing process before the mobile provider and the DNS servers are known. Can this use case be handled with the RUT240 firmware? 

Fort this, please contact with your direct sales representative from Teltonika Networks..