[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Buffalo WHR-HP-G54

Posted on 2014-09-02
21
Medium Priority
?
44 Views
Last Modified: 2015-09-23
I have Buffalo WHR-HP-G54 router.
I would like to know is this device has feature to support "Bypass DNS Hijacking"

Some devices allow to direct all DNS request from port 53 to port 54 so the DNS request will escape the filtering.
In order to do this in the router support IP tables where port forwarding needs to be configured.

Let me know if this can be configured in the Buffalo WHR-HP-G54 router
0
Comment
Question by:SrikantRajeev
  • 11
  • 10
21 Comments
 
LVL 37

Expert Comment

by:Kimputer
ID: 40298256
Yes, your router is listed in the compatibility list of the DD-WRT custom firmware, see: http://dd-wrt.com/wiki/index.php/WHR-HP-G54
But before you risk bricking your router, are you even sure your DNS request are being filtered?
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40298644
Yeah it is confirmed that the DNS request are being filtered.
But what is the command by which I will be able to configure it. Let me know how to configure it in this router.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40298647
First step is to totally change the software, which is a risky move. Only after that new firmware is working can we continue with the correct command.
Read this page thouroughly before you proceed to update your router: http://dd-wrt.com/wiki/index.php/Installation#WHR-G54S.2C_WHR-HP-G54.2C_WZR-HP-G54

I assume you have a subscription for a special DNS server? Otherwise you do this all for nothing.
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40298679
I would like to know what is the right command by which this can be achieved.
Let me know the right commands to achieve this.

I have the subscription for the special DNS server.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40298790
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to IP_NR_SPECIAL_DNS_SERVER:54
 iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to IP_NR_SPECIAL_DNS_SERVER:54

Open in new window


of course, replace IP_NR_SPECIAL_DNS_SERVER with the real IP number
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40300232
thanks.
The commands provided above will it work on Buffalo WHR-HP-G54 router.
Are the above commands specific to this router model or is it generic.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40300849
Generic IPtables command (works on a linux machine, for instance). It will work on the Buffalo AFTER you switch to the DD-WRT firmware as described earlier.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40303664
Thanks.
Sorry i could not make out what is the firmware version that should be running in my router to have this work.
Let me know what is the version required to be running so that i can check in my router.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40304641
The version was already embedded in the url i posted earlier. You don't need to check the version, as this is a complicated process I'm pretty sure you never did. It's a totally different firmware, not from Buffalo, as I said, it's from DD-WRT.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40309210
Thanks.
What will happen once I add the above commands to the router ?
How exactly it will help me for the "Bypass DNS Hijacking". What exactly I need to check to ensure that it is working after adding the command.
I exactly i should do this to my router is it by telnetting to this router. Is there any manual I can find to do this.
Also let me know what is the command i should use in case i need to roll back.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40311716
If you need to roll back, make a full backup of your configuration first. Restore this backup file if you see something isn't working properly after you changed some settings.
You are now asking questions about your own questions. Your question was "Some devices allow to direct all DNS request from port 53 to port 54 so the DNS request will escape the filtering.
 In order to do this in the router support IP tables where port forwarding needs to be configured."

That's what the command is for. But now you're asking it again? You also checked that all your DNS is in fact being filtered right now. So the only check needed is to see if the DNS is resolving addresses after you input this command.
Telnetting to the DD-WRT firmware is described here: http://www.dd-wrt.com/wiki/index.php/Telnet/SSH_and_the_command_line
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40311752
Hi Kimputer - Help me with the above...
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40311769
The above was an answer. What else do you need help with? Be more specific?
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40313603
Thanks.
If i want to roll back the configurations let me know how should i do it.
What commands are required for this....
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40314042
Administration > Backup > Use the backup button to save your configuration. Use Restore button to restore a backup file (firrst browse to select the file).
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40315427
If i need to roll back the below commands , will I be not able to do it via any commands. I can only do it by replacing the backup file.

iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to IP_NR_SPECIAL_DNS_SERVER:54
 iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to IP_NR_SPECIAL_DNS_SERVER:54

Basically i want to roll back the above commands if it is not working.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40316459
To delete instead of using files to backup and restore:

iptables -t nat -D PREROUTING -i br0 -p udp --dport 53 -j DNAT --to IP_NR_SPECIAL_DNS_SERVER:54
  iptables -t nat -D PREROUTING -i br0 -p udp --dport 53 -j DNAT --to IP_NR_SPECIAL_DNS_SERVER:54

Open in new window

0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40321220
Is the below command is to save the configurations after I enter the IP tables.

nvram commit
0
 
LVL 37

Accepted Solution

by:
Kimputer earned 2000 total points
ID: 40321917
Yes, also reboot just to make sure everything works and is saved.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 40332016
thanks
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 40992212
Thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month19 days, 17 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question