Is there any way to configure a peplink router to ensure that a given domain destination (i.e. foo.com) will never receive traffic from a certain IP assigned via DHCP? My current DHCP IP is fine but I am trying to avoid it getting reset automatically back to a specific previous value.
I would also be happy with a configuration that drops all traffic if DHCP reassigns to this specific bad IP.
Hello, Gus.
Please… Are you talking about dhcp relay at LAN ?
DHCP is done by my ISP, I don’t run my own DHCP server if that’s what you mean.
How would that help with this issue? I’m fine with my current DHCP service, I just want to avoid getting assigned a specific IP (for example 252.122.80.41), or at least detect if I am and drop traffic until I can come in and fix it.
Sorry… I’m not a Peplink engineer. I can’t help you.
Let me read this back to you.
So what you’re asking is, if your ISP assigns a specific IP address via DHCP for some way to block traffic from that IP address from reaching devices at a specific domain?
Although you can do this for an IP address on the LAN :
You can’t use an outbound firewall policy and set the source as a specific WAN IP.
What you could do is use a hosted DNS service that gives you filtering control based on your WAN source IP, then send all DNS requests that way. When it sees a dns lookup for foo.bar from the IP in question it can then return null or a redirect.
I used to use nxfilter.org to do similar things in an educational network setting but there will be others.
Thanks for the write up Martin. Do you know of any free online services that could do DNS based filtering like that, or would I need to run my own DNS server like nxfilter.
Note that I would be okay with completely dropping traffic when assigned a specific WAN IP via DHCP, doesn’t have to be domain specific.
Sure. https://www.opendns.com/ will let you do this under their free home account.
I see I can create an openDNS network using a specific WAN IP and I can create one using a dynamic IP which gets updated via dns-o-matic. Would I set it to the specific IP I want to block and have it drop all DNS requests?
I was expecting to have it set up using dns-o-matic and then configure some rule that would block the WAN IP I don’t want, but I don’t see any settings in openDNS that would do that.
