Bitbull Tech Notes - home of free minds ...

OpenWRT Parental control WLAN Router

Recently I had to search a secure WLAN solution for disabled Kids.

 

Keypoints:

  • Kids get WLAN on their own devices
  • Kids get LAN for own devices (Workstations/Playstations, ...)
  • Internet Access should be as secure as possbile
  • WLAN needs time based scheduling (Web configurator)
  • Restrict WAN Access to ports: 80,443,8080,8443 + 587,110,143,993,995
  • Restrict internet site access:
    • No porn
    • No violence
    • Secure Google search
    • Restricted Youtube
    • No proxy sites

 

Solution:

  • Buy TP-Link TL-WR1043ND, power on
  • Connect PC to LAN port and set manual IP: 192.168.0.100/24
    Log into the Router: admin/admin
    http://192.168.0.1
  • upload Firmware: wr1043nd.bin (original name zu lang -> umbenennen)
    Get Firmware here
    System > Firmware Upgrade > Upload
  • Router is booting, PC LAN reconnect LAN
    PC gets IP in range: 192.168.1.0/24
  • Log into OpenWRT Luci: root/"no pw"
    http://192.168.1.1
  • Restore KidsNet Router config:
    Backup-KidsNet-2017-02-02.tar.gz
  • Router is booting, PC LAN reconnect LAN
    PC gets IP in range: 192.168.77.0/24
  • Log into OpenWRT Luci: root/toor
    http://192.168.77.1
  • WLAN: KidsNet
    PW: SecureNet

Now, router configuration is finished:

  • Change Password
  • Change WLAN SSID and PW
  • Modify Wifi scheduling

 

Want to know how it works?
Examine Backup or see install draft below:

####################################################################################                                                                                                  
# PROJEKT: openwrt-parental                                                                                                                                                                                              
# VERSION: 20170201                                                                                                                                                                                                      
####################################################################################                                                                                                                                     
DESCRIPTION:                                                                                                                                                                                                             
----------------------                                                                                                                                                                                                   
HW: TP-Link TL-WR1043ND                                                                                                                                                                                                  
OS: OpenWrt Chaos Calmer 15.05                                                                                                                                                                                           
DESC: Parental Control Router                                                                                                                                                                                            
                                                                                                                                                                                                                         
IMPORTANT NOTES:                                                                                                                                                                                                         
------------------------------                                                                                                                                                                                           
mv openwrt-15.05.1-ar71xx-generic-tl-wr1043nd-v2-squashfs-factory.bin wr1043nd.bin                                                                                                                                       

ifconfig eth0 192.168.0.100 netmask 255.255.255.0
http://192.168.0.1
user: admin
pw: admin
System > Firmware Upgrade > Upload wr1043nd.bin

telnet 192.168.1.1
passwd # set new root password
uci set network.lan.proto=static
uci set network.lan.ipaddr=192.168.77.1
uci set network.lan.netmask=255.255.255.0
network.wan.peerdns=0   
network.wan.dns='208.67.220.123 208.67.222.123'

uci commit network
reboot
ssh -lroot 192.168.77.1

# --------------------------------------------------------------------------------------------------------------------
cp /etc/config/dhcp /etc/config/dhcp.orig
cat > /etc/config/dhcp << EOF
config dnsmasq
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option rebind_protection '0'
list server '208.67.222.123'
list server '208.67.220.123'
option local '/lan/'
option domain 'lan'
option authoritative '1'
option logqueries '0'

config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option start '20'
option limit '50'
option force '1'
#option dhcp_option '3,192.168.77.1' #default route
EOF

# --------------------------------------------------------------------------------------------------------------------
cp /etc/config/firewall /etc/config/firewall.orig
cat > /etc/config/firewall << EOF

config defaults 
option syn_flood '1' 
option input 'ACCEPT' 
option output 'ACCEPT' 
option forward 'REJECT' 
option drop_invalid '1'

config zone 
option name 'lan' 
list network 'lan' 
option input 'ACCEPT' 
option output 'ACCEPT' 
option forward 'REJECT'

config zone 
option name 'wan' 
list network 'wan' 
list network 'wan6' 
option input 'REJECT' 
option output 'ACCEPT' 
option forward 'REJECT' 
option masq '1' 
option mtu_fix '1'

config forwarding 
option src 'lan' 
option dest 'wan'

config rule 
option name 'Allow-DHCP-Renew' 
option src 'wan' 
option proto 'udp' 
option dest_port '68' 
option target 'ACCEPT' 
option family 'ipv4'

config rule 
option name 'Allow-Ping' 
option src 'wan' 
option proto 'icmp' 
option icmp_type 'echo-request' 
option family 'ipv4' 
option target 'ACCEPT'

config include 
option path '/etc/firewall.user'

config rule 
option target 'ACCEPT' 
option src 'lan' 
option dest 'wan' 
option family 'ipv4' 
option proto 'tcp' 
option name 'web traffic' 
option dest_port '80 8080 443 8443'

config rule 
option target 'ACCEPT' 
option src 'lan' 
option dest 'wan' 
option family 'ipv4' 
option proto 'tcp' 
option name 'mail traffic' 
option dest_port '587 110 143 993 995'

config rule 
option src 'lan' 
option dest 'wan' 
option name 'deny any' 
option target 'REJECT'

EOF

# --------------------------------------------------------------------------------------------------------------------
cp /etc/config/wireless /etc/config/wireless.orig
cat > /etc/config/wireless << EOF

config wifi-device 'radio0' 
option type 'mac80211' 
option channel '11' 
option hwmode '11g' 
option path 'platform/qca955x_wmac' 
option htmode 'HT20' 
option country 'CA' 
option txpower '25'

config wifi-iface 
option device 'radio0' 
option network 'lan' 
option mode 'ap' 
option ssid 'KidsNet' 
option encryption 'psk2+ccmp' 
option key 'SecureNet' 
option wmm '0'

EOF

# --------------------------------------------------------------------------------------------------------------------
cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
SIP="216.239.38.120"
echo '# youtube restricted search' > /etc/dnsmasq.conf
for u in www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
do
   echo "address=/$u/$SIP" >> /etc/dnsmasq.conf
done
echo >> /etc/dnsmasq.conf
echo "# mobile client restrictions" >> /etc/dnsmasq.conf
for u in android.googleapis.com www.googleapis.com android.clients.google.com 
do
   echo "address=/$u/$SIP" >> /etc/dnsmasq.conf
done
echo >> /etc/dnsmasq.conf
echo "# google safe search" >> /etc/dnsmasq.conf
for u in com ac ad ae af ag al am as at az ba be bf bg bi bj bs bt by ca cat cc cd cf cg ch ci cl cm cn co.ao co.bw co.ck co.cr co.hu co.id co.il co.im co.in co.je co.jp co.ke co.kr co.ls co.ma co.mz co.nz co.th co.tz co.ug co.uk co.uz co.ve co.vi co.za co.zm co.zw com.af com.ag com.ai com.ar com.au com.bd com.bh com.bn com.bo com.br com.by com.bz com.cn com.co com.cu com.cy com.do com.ec com.eg com.et com.fj com.ge com.gh com.gi com.gr com.gt com.hk com.iq com.jm com.jo com.kh com.kw com.lb com.ly com.mm com.mt com.mx com.my com.na com.nf com.ng com.ni com.np com.nr com.om com.pa com.pe com.pg com.ph com.pk com.pl com.pr com.py com.qa com.ru com.sa com.sb com.sg com.sl com.sv com.tj com.tn com.tr com.tw com.ua com.uy com.vc com.ve com.vn cv cz de dj dk dm dz ee es eus fi fm fr frl ga gal ge gg gl gm gp gr gy hk hn hr ht hu ie im in info iq ir is it it.ao je jo jobs jp kg ki kz la li lk lt lu lv md me mg mk ml mn ms mu mv mw ne ne.jp net ng nl no nr nu off.ai pk pl pn ps pt ro rs ru rw sc se sh si sk sm sn so sr st td tel tg tk tl tm tn to tt ua us uz vg vu ws
do
   echo "address=/www.google.$u/$SIP" >> /etc/dnsmasq.conf
done

mv /etc/dnsmasq.conf /etc/config/
ln -s /etc/config/dnsmasq.conf /etc/dnsmasq.conf
ls -l /etc/dnsmasq.conf

for d in /etc/init.d/cron /etc/init.d/dnsmasq /etc/init.d/uhttpd
do
   $d enable
   $d restart
done
# --------------------------------------------------------------------------------------------------------------------
cd /
wget http://www.bitbull.ch/dl/wifischedule-root.tar
tar vxf wifischedule-root.tar
rm -f wifischedule-root.tar

cp /etc/sysupgrade.conf /etc/sysupgrade.conf.orig
cat > /etc/sysupgrade.conf << EOF
/usr/bin/wifi_schedule.sh
/usr/lib/lua/luci/view/wifischedule/file_viewer.htm
/usr/lib/lua/luci/model/cbi/wifischedule/wifi_schedule.lua
/usr/lib/lua/luci/controller/wifischedule/wifi_schedule.lua
EOF

reboot

 

 

OpenDNS, google SafeSearch and Youtube restricted by OpenWrt Router

For parental control, I testet to build a cheap solution which can protect a small network.
I testet with a D-Link DIR-505 and OpenWRT BB v14.7 r42625

https://support.google.com/youtube/answer/6214622?hl=de

With DNSMasq, it is not possible to configure "Response Policy Zones" than creates the needed CNAME to force the protected mode on youtube and google searches. BUT, we can create simple A records, that do the job.

It is a good idea to block the whole categorie "search engines" in OpenDNS dashboard. After that, do an exception for google, that is safe enough to protect growing children at home.

Here are my notes, how to build this protection with a simple OpenWRT router.

Setup OpenWRT and configure IP Range as needed.

  • Configure DNS Masq to serve OpenDNS Nameserver by dhcp /etc/config/dhcp
config dnsmasq
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option rebind_protection '0'
list server '208.67.222.222'
list server '208.67.220.220'
option local '/lan/'
option domain 'lan'
option authoritative '1'
option logqueries '0'

config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option start '20'
option limit '50'
option force '1'
#option dhcp_option '3,192.168.1.254' #default route
  • Register account on www.opendns.com and configure your network depending on your needs
  • Install DDNS scripts on OpenWRT
opkg update
opkg install wget ca-certificates
  • Configure ddns script to update your home wan ip
    /etc/config/opendns_updater.sh
#!/bin/sh
# DESC: script to change dyn IP at openvpn.com
# $Revision: 1.1 $
# $RCSfile: opendns_updater.sh,v $
# $Author: chris $
# Copyright (c) Chris Ruettimann <chris@bitbull.ch>

# This software is licensed to you under the GNU General Public License.
# There is NO WARRANTY for this software, express or
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
# along with this software; if not, see
# http://www.gnu.org/licenses/gpl.txt

# OpenWRT: opkg update ; opkt install wget
#           vi /etc/config/opendns_updater.sh #put script here
#           chmod 700 /etc/config/opendns_updater.sh
#           crontab -e  #put: */10 * * * * /etc/config/opendns_updater.sh
#           /etc/init.d/cron enable ; /etc/init.d/cron restart

PATH=/sbin:/bin:/usr/sbin:/usr/bin
#------------------ MyVariables -------------------------------------
USR=user@domain.com
PW=secret123
NETW=MyNetworkName
#------------------------------------------------------------------
URL="https://updates.opendns.com/nic/update?hostname=$NETW"

test -f /tmp/odns.ip || touch /tmp/odns.ip
LASTIP=`cat /tmp/odns.ip`
CURRENTIP=`wget -q -O - ip.changeip.com | grep ^[0-9]`

# compare
if [ "$CURRENTIP" != "$LASTIP" ]
then
   logger -t `basename $0` "LASTIP=$LASTIP CURRENTIP=$CURRENTIP, update it now"
   wget -nv --http-user="$USR" --http-password="$PW" -O - "$URL" 2>&1 | grep -q good
   if [ $? -eq 0 ]
   then                                                                    
      logger -t `basename $0` "update successful"                          
      echo "$CURRENTIP" > /tmp/odns.ip                                     
   else                                                                                                                     
      logger -t `basename $0` "update failed, try exec: wget -nv --http-user=\"$USR\" --http-password=\"$PW\" -O - \"$URL\""
   fi                                                                           
else                                                                            
   logger -t `basename $0` "LASTIP=$LASTIP CURRENTIP=$CURRENTIP, do noting"     
fi                                                                              
                                                                                
                                                                                
################################################################################
  • Change the VARS according your needs and enable the script
chmod 700 /etc/config/opendns_updater.sh

crontab -e  
---------------------
*/10 * * * * /etc/config/opendns_updater.sh
---------------------

/etc/init.d/cron enable 
/etc/init.d/cron restart

Configure DNS Masq to force Google and Youtube safe search in /etc/dnsmasq.conf

# youtube restricted search
address=/youtubei.googleapis.com/216.239.38.120
address=/m.youtube.com/216.239.38.120
address=/www.youtube.com/216.239.38.120

# youtube mobile clients
address=/android.googleapis.com/216.239.38.120
address=/android.clients.google.com/216.239.38.120
address=/www.youtube-nocookie.com/216.239.38.120
address=/android.googleapis.com/216.239.38.120
address=/www.googleapis.com/216.239.38.120

# google safe search
address=/www.google.com/216.239.38.120
address=/www.google.ac/216.239.38.120
address=/www.google.ad/216.239.38.120
address=/www.google.ae/216.239.38.120
address=/www.google.af/216.239.38.120
address=/www.google.ag/216.239.38.120
address=/www.google.al/216.239.38.120
address=/www.google.am/216.239.38.120
address=/www.google.as/216.239.38.120
address=/www.google.at/216.239.38.120
address=/www.google.az/216.239.38.120
address=/www.google.ba/216.239.38.120
address=/www.google.be/216.239.38.120
address=/www.google.bf/216.239.38.120
address=/www.google.bg/216.239.38.120
address=/www.google.bi/216.239.38.120
address=/www.google.bj/216.239.38.120
address=/www.google.bs/216.239.38.120
address=/www.google.bt/216.239.38.120
address=/www.google.by/216.239.38.120
address=/www.google.ca/216.239.38.120
address=/www.google.cat/216.239.38.120
address=/www.google.cc/216.239.38.120
address=/www.google.cd/216.239.38.120
address=/www.google.cf/216.239.38.120
address=/www.google.cg/216.239.38.120
address=/www.google.ch/216.239.38.120
address=/www.google.ci/216.239.38.120
address=/www.google.cl/216.239.38.120
address=/www.google.cm/216.239.38.120
address=/www.google.cn/216.239.38.120
address=/www.google.co.ao/216.239.38.120
address=/www.google.co.bw/216.239.38.120
address=/www.google.co.ck/216.239.38.120
address=/www.google.co.cr/216.239.38.120
address=/www.google.co.hu/216.239.38.120
address=/www.google.co.id/216.239.38.120
address=/www.google.co.il/216.239.38.120
address=/www.google.co.im/216.239.38.120
address=/www.google.co.in/216.239.38.120
address=/www.google.co.je/216.239.38.120
address=/www.google.co.jp/216.239.38.120
address=/www.google.co.ke/216.239.38.120
address=/www.google.co.kr/216.239.38.120
address=/www.google.co.ls/216.239.38.120
address=/www.google.co.ma/216.239.38.120
address=/www.google.co.mz/216.239.38.120
address=/www.google.co.nz/216.239.38.120
address=/www.google.co.th/216.239.38.120
address=/www.google.co.tz/216.239.38.120
address=/www.google.co.ug/216.239.38.120
address=/www.google.co.uk/216.239.38.120
address=/www.google.co.uz/216.239.38.120
address=/www.google.co.ve/216.239.38.120
address=/www.google.co.vi/216.239.38.120
address=/www.google.co.za/216.239.38.120
address=/www.google.co.zm/216.239.38.120
address=/www.google.co.zw/216.239.38.120
address=/www.google.com.af/216.239.38.120
address=/www.google.com.ag/216.239.38.120
address=/www.google.com.ai/216.239.38.120
address=/www.google.com.ar/216.239.38.120
address=/www.google.com.au/216.239.38.120
address=/www.google.com.bd/216.239.38.120
address=/www.google.com.bh/216.239.38.120
address=/www.google.com.bn/216.239.38.120
address=/www.google.com.bo/216.239.38.120
address=/www.google.com.br/216.239.38.120
address=/www.google.com.by/216.239.38.120
address=/www.google.com.bz/216.239.38.120
address=/www.google.com.cn/216.239.38.120
address=/www.google.com.co/216.239.38.120
address=/www.google.com.cu/216.239.38.120
address=/www.google.com.cy/216.239.38.120
address=/www.google.com.do/216.239.38.120
address=/www.google.com.ec/216.239.38.120
address=/www.google.com.eg/216.239.38.120
address=/www.google.com.et/216.239.38.120
address=/www.google.com.fj/216.239.38.120
address=/www.google.com.ge/216.239.38.120
address=/www.google.com.gh/216.239.38.120
address=/www.google.com.gi/216.239.38.120
address=/www.google.com.gr/216.239.38.120
address=/www.google.com.gt/216.239.38.120
address=/www.google.com.hk/216.239.38.120
address=/www.google.com.iq/216.239.38.120
address=/www.google.com.jm/216.239.38.120
address=/www.google.com.jo/216.239.38.120
address=/www.google.com.kh/216.239.38.120
address=/www.google.com.kw/216.239.38.120
address=/www.google.com.lb/216.239.38.120
address=/www.google.com.ly/216.239.38.120
address=/www.google.com.mm/216.239.38.120
address=/www.google.com.mt/216.239.38.120
address=/www.google.com.mx/216.239.38.120
address=/www.google.com.my/216.239.38.120
address=/www.google.com.na/216.239.38.120
address=/www.google.com.nf/216.239.38.120
address=/www.google.com.ng/216.239.38.120
address=/www.google.com.ni/216.239.38.120
address=/www.google.com.np/216.239.38.120
address=/www.google.com.nr/216.239.38.120
address=/www.google.com.om/216.239.38.120
address=/www.google.com.pa/216.239.38.120
address=/www.google.com.pe/216.239.38.120
address=/www.google.com.pg/216.239.38.120
address=/www.google.com.ph/216.239.38.120
address=/www.google.com.pk/216.239.38.120
address=/www.google.com.pl/216.239.38.120
address=/www.google.com.pr/216.239.38.120
address=/www.google.com.py/216.239.38.120
address=/www.google.com.qa/216.239.38.120
address=/www.google.com.ru/216.239.38.120
address=/www.google.com.sa/216.239.38.120
address=/www.google.com.sb/216.239.38.120
address=/www.google.com.sg/216.239.38.120
address=/www.google.com.sl/216.239.38.120
address=/www.google.com.sv/216.239.38.120
address=/www.google.com.tj/216.239.38.120
address=/www.google.com.tn/216.239.38.120
address=/www.google.com.tr/216.239.38.120
address=/www.google.com.tw/216.239.38.120
address=/www.google.com.ua/216.239.38.120
address=/www.google.com.uy/216.239.38.120
address=/www.google.com.vc/216.239.38.120
address=/www.google.com.ve/216.239.38.120
address=/www.google.com.vn/216.239.38.120
address=/www.google.cv/216.239.38.120
address=/www.google.cz/216.239.38.120
address=/www.google.de/216.239.38.120
address=/www.google.dj/216.239.38.120
address=/www.google.dk/216.239.38.120
address=/www.google.dm/216.239.38.120
address=/www.google.dz/216.239.38.120
address=/www.google.ee/216.239.38.120
address=/www.google.es/216.239.38.120
address=/www.google.eus/216.239.38.120
address=/www.google.fi/216.239.38.120
address=/www.google.fm/216.239.38.120
address=/www.google.fr/216.239.38.120
address=/www.google.frl/216.239.38.120
address=/www.google.ga/216.239.38.120
address=/www.google.gal/216.239.38.120
address=/www.google.ge/216.239.38.120
address=/www.google.gg/216.239.38.120
address=/www.google.gl/216.239.38.120
address=/www.google.gm/216.239.38.120
address=/www.google.gp/216.239.38.120
address=/www.google.gr/216.239.38.120
address=/www.google.gy/216.239.38.120
address=/www.google.hk/216.239.38.120
address=/www.google.hn/216.239.38.120
address=/www.google.hr/216.239.38.120
address=/www.google.ht/216.239.38.120
address=/www.google.hu/216.239.38.120
address=/www.google.ie/216.239.38.120
address=/www.google.im/216.239.38.120
address=/www.google.in/216.239.38.120
address=/www.google.info/216.239.38.120
address=/www.google.iq/216.239.38.120
address=/www.google.ir/216.239.38.120
address=/www.google.is/216.239.38.120
address=/www.google.it/216.239.38.120
address=/www.google.it.ao/216.239.38.120
address=/www.google.je/216.239.38.120
address=/www.google.jo/216.239.38.120
address=/www.google.jobs/216.239.38.120
address=/www.google.jp/216.239.38.120
address=/www.google.kg/216.239.38.120
address=/www.google.ki/216.239.38.120
address=/www.google.kz/216.239.38.120
address=/www.google.la/216.239.38.120
address=/www.google.li/216.239.38.120
address=/www.google.lk/216.239.38.120
address=/www.google.lt/216.239.38.120
address=/www.google.lu/216.239.38.120
address=/www.google.lv/216.239.38.120
address=/www.google.md/216.239.38.120
address=/www.google.me/216.239.38.120
address=/www.google.mg/216.239.38.120
address=/www.google.mk/216.239.38.120
address=/www.google.ml/216.239.38.120
address=/www.google.mn/216.239.38.120
address=/www.google.ms/216.239.38.120
address=/www.google.mu/216.239.38.120
address=/www.google.mv/216.239.38.120
address=/www.google.mw/216.239.38.120
address=/www.google.ne/216.239.38.120
address=/www.google.ne.jp/216.239.38.120
address=/www.google.net/216.239.38.120
address=/www.google.ng/216.239.38.120
address=/www.google.nl/216.239.38.120
address=/www.google.no/216.239.38.120
address=/www.google.nr/216.239.38.120
address=/www.google.nu/216.239.38.120
address=/www.google.off.ai/216.239.38.120
address=/www.google.pk/216.239.38.120
address=/www.google.pl/216.239.38.120
address=/www.google.pn/216.239.38.120
address=/www.google.ps/216.239.38.120
address=/www.google.pt/216.239.38.120
address=/www.google.ro/216.239.38.120
address=/www.google.rs/216.239.38.120
address=/www.google.ru/216.239.38.120
address=/www.google.rw/216.239.38.120
address=/www.google.sc/216.239.38.120
address=/www.google.se/216.239.38.120
address=/www.google.sh/216.239.38.120
address=/www.google.si/216.239.38.120
address=/www.google.sk/216.239.38.120
address=/www.google.sm/216.239.38.120
address=/www.google.sn/216.239.38.120
address=/www.google.so/216.239.38.120
address=/www.google.sr/216.239.38.120
address=/www.google.st/216.239.38.120
address=/www.google.td/216.239.38.120
address=/www.google.tel/216.239.38.120
address=/www.google.tg/216.239.38.120
address=/www.google.tk/216.239.38.120
address=/www.google.tl/216.239.38.120
address=/www.google.tm/216.239.38.120
address=/www.google.tn/216.239.38.120
address=/www.google.to/216.239.38.120
address=/www.google.tt/216.239.38.120
address=/www.google.ua/216.239.38.120
address=/www.google.us/216.239.38.120
address=/www.google.uz/216.239.38.120
address=/www.google.vg/216.239.38.120
address=/www.google.vu/216.239.38.120
address=/www.google.ws/216.239.38.120

Move DNS Masq config file into config folder

mv /etc/dnsmasq.conf /etc/config/
ln -s /etc/config/dnsmasq.conf /etc/dnsmasq.conf
ls -l /etc/dnsmasq.conf
  • Enable all the services (make sure :)
for d in /etc/init.d/cron /etc/init.d/dnsmasq /etc/init.d/uhttpd
do
   $d enable
   $d restart
done

That's all, not bad for 25 CHF :-)

 

A small note at the end:

Android Youtube clients drove me crazy, safe search did not work with it and I got no hint on the internet ... even not with google :-)
Enable DNS query logging: option logqueries '1' in /etc/config/dhcp
/etc/init.d/dnsmasq restart
lograd -r
Fire pron query on mobile client :-)

 

 

 

Home