In my last post on Open DNS I showed you how to set up the firewall to block any unauthorised DNS queries bypassing your Open DNS settings.
Depending on your reasons for blocking certain sites there may be times when you want to be able to bypass Open DNS and get straight out onto the internet. Perhaps you have blocked access to some sites because you think they are unsuitable for your children but you would still like to be able to get to them!
To do this from a particular machine is relatively easy.
Again using my Huwai HG533 as the example router.
First step is not directly related to the firewall but if you haven't already set fixed IPs for your machines it is worth doing (at least for the one you wish to have full access) otherwise your bypassing rule may not always apply to the same computer.
Go to Basic, LAN, and click NEW next to the IP Address Reserve.
Then enter the MAC address of the machine you want to bypass your Open DNS rules and give it an IP address like 192.168.42.10, remember however that you will have two MAC addresses if you have a machine with both wired and wireless internet. Make sure you choose the right one (or both) and give each one a different IP (most routers won't let you give two MACs the same IP in case they are both connected at the same time)
Once this is done and you have clicked Submit you will need to disconnect and reconnect your machine from the network or refresh your connection so that the new IP will be picked up.
Now that you have a known IP you can go to the advanced settings, firewall section and add a new rule.
This time the rule will be under IP Filtering so select the appropriate radio button.
First we will give the rule a name e.g. Unsecure DNS
Set the protocol to UDP and add the IP address you set earlier.
Destination start and end port should be set to 53 as this is the port used for DNS queries and status should be set to Accept.
If you only want access to a particular DNS server say Googles 8.8.8.8 you can add this to the rule too in the destination address. If you leave this blank then any DNS Server can be used.
The last step once the rule is created is to change the dns server on your PC. How you do this will depend on the OS you are using but the DNS Server setting can normally be found under network settings. Change this on your unrestricted PC to your alternate DNS IP address, reconnect your network connection and you are done.
Obviously doing this invalidates all the hard work you did to implement a secure Open DNS server in the first place but only on one machine so if your kids have tablets or you have a family computer those can be left protected.
