Announcement

Collapse
No announcement yet.

Local Recursive?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Local Recursive?

    Greetings!

    I apologize for repeating a question if it may have already been answered, however I can't find a search function in the forums.

    I am attempting to use NxF as a website content filter for my children's home school computer. I would like to block them from all websites except a handful of educational domains.
    I was reviewing the instructions here: NxFilter Tutorial (hopefully I'm in the ballpark?)

    I'm running a windows 10 machine with the following settings:

    IP 192.168.4.55
    subnet 255.255.252.0
    default gateway 192.168.4.1
    IPv4 DNS server 192.168.12.1

    Do I need to point the dns to 192.168.4.55:5353 after I set in NxF: DNS ==> Setup ==> Upstream DNS Server Home ==> 192.168.4.55:5353

    I have never done a port in windows wireless settings before - is it the same thing as a suffix?

    Thanks!

  • #2
    Local Recursive is for when you want to run a recursive DNS server on the same machine with NxFilter. I don't think it's for you.

    Which DNS server you want to use as your upstream server? You need to use its IP address only normally as its default port is 53.

    Click image for larger version  Name:	dns-setup.png Views:	33 Size:	57.9 KB ID:	2858
    Last edited by support200; 07-07-2024, 06:40 AM.

    Comment


    • #3
      In the attached image, I use 8.8.8.8 and 8.8.4.4 as my upstream server. This is what most people do. If you run a recursive DNS server in your network and if it's 192.168.12.1 then you need to add it into Upstream DNS server 1 and the others will be empty.

      Comment


      • #4
        Local Recursive is for when you want to run a recursive DNS server on the same machine with NxFilter. I don't think it's for you.
        Actually, I think this is me. I installed NxFilter on this machine, and I have a user account set up on it for the kids. So it would be 192.168.4.55 correct?

        Comment


        • #5
          NxFilter is basically for network filtering. So, you are supposed to install it on a separated machine and you kids use it as their DNS server. So, we say that it's not a personal DNS filter

          However, it sounds like you install it on your kid's machine. In that case, upstream server is not a problem. You can use 8.8.8.8 for that. What you have to do is to use NxFilter IP as your kid's DNS server IP. Set it to 192.168.4.55 if it's your kid's computer IP.

          Comment


          • #6
            Sorry, I think I'm a little slow. I'm not sure I follow you. Here is what I've done.

            Click image for larger version  Name:	image.png Views:	0 Size:	20.7 KB ID:	2873

            Click image for larger version  Name:	image.png Views:	0 Size:	58.8 KB ID:	2874

            Probably way off what it needs to be... but I do now finally see it blocking something:

            Click image for larger version  Name:	image.png Views:	0 Size:	111.5 KB ID:	2875

            It doesn't seem to honor the policy I set up though.

            Comment


            • #7
              These are your situation?
              1. 192.168.4.55 is your kid's PC.
              2. You run a DNS server on 192.168.12.1.
              3. You want to block something from 192.168.4.55.
              You don't need other upstream servers than 192.168.12.1. You may have a redundancy by having 8.8.8.8 though. It depends on how stable 192.168.12.1 that is your own DNS server.

              However, if I consider your subnet mask that is 255.255.252.0, I am not sure if they can communicate with each other.

              127.0.0.1:5353 is not needed unless you have another DNS sever on 192.168.4.55. Do you have it?

              Why do you think it's not honoring your policy? Did you block something on Default policy? When something blocked, you need to see the block reason. Those cloudflare-dns.com blocked because of they can by used for DNS over HTTPS to bypass your filtering. So, it's blocked at default.

              Comment


              • #8
                Thank you for getting back to me. I think I am figuring this out. I removed the newly created "Kids" policy and just checked some categories on the Default policy, and it seems to work now.

                I also noticed the whitelist exception domains into "Domains" list didn't seem to work bypass the filter. They did start working when I typed them into the "common bypass" section.

                Here is my network config:

                192.168.12.1 (ISP Device - T-Mobile 5G Home Internet - I believe this is handing out IP assignments and DNS?)

                192.168.4.1 (eero mesh network wi-fi router)

                192.168.4.55 (Kid's PC, Has NxFilter Installed on it)

                Yes, I want to have dns control on the Kid's PC - because the eero router wants you to pay a monthly subscription to unlock filtering capabilities. The T-mobile router doesn't appear to have the capability. So, I was trying to do it locally on the PC itself. There isn't any other server tools installed on this kids PC. This dns filtering used to be easy to do on my old dlink router that stopped working a decade ago.

                I am now trying to get the Block Redirection IP working. Default sends it to 10.0.12.21 (which doesn't exist) and needs to be changed to 127.0.12.21 (which does work), but after I submit changes it reverts to 10.0.12.21
                Last edited by Wijitmaker; 04-19-2024, 02:52 AM.

                Comment


                • #9
                  I think you better use 8.8.8.8 and 8.8.4.4 as your upstream DNS servers. Don't use others. It just make things complicated.

                  When you add a whitelist, you need to set bypass_filter option on its properties to bypass it.

                  Set Block Redirection IP to 192.168.4.55.

                  If you want to use multiple policies, you need to enable User Authentication and set policies. However, it's installed on your kid's PC and it only filters its own system then you don't need that.

                  Comment


                  • #10
                    Ok, great - looks like it is all working. Just one issue. When I put any IP address in the block redirection IP and click submit it does not save the new IP it reverts to the original IP of 10.0.12.21. Is there a way to change it through the browser GUI? Or perhaps a .cfg file?

                    Comment


                    • #11
                      You probably use v4.6.9.3. There's a bug for updating system setup. Update it to v4.6.9.4.

                      Comment

                      Working...
                      X