🔌 Router Guides

Draytek configuration

3min

1. FILTER CONFIGURATION ON DRAYTEK ROUTER

To activate Cloud filtering on Draytek devices proceed as follows:

1.1 Please access the link below to register

If you have not yet registered for the service you can do so by clicking on the following link: Register here. Connect to the control panel by entering the IP address of the Draytek in the address bar of any Browser. Then log in by entering your credentials. To configure Dynamic DNS service, open the [Applications] menu and then click on [Dynamic DNS]. Check "Enable Dynamic DNS Account" and fill in the various fields as follows:

» Service Provider: Choose Customized or User-Defined. » Provider Host: Enter https://ddns.flashstart.com. » Service API: Type /nic/update?. »Auth Type: Choose basic. » Connection Type: Select Https. » Server Response: Leave this field blank. » Login Name: Enter the email/username of the Filter. » Password: Enter the password of the Filter. » Determine Real WAN IP: Select WAN IP. Finally, click [OK] to make the changes.

FlashStart filter compilation and activation page in Draytek devices
Cloud filter activation on Draytek devices




1.2 At this point you can enable the DHCP Server so that it automatically assigns network parameters, including our DNS, to the various internal devices

Then open the [LAN] menu and click on [General Setup]. Click on the [Details Page] button for your LAN and enable the Enable Server item to activate the DHCP service. Then configure it as follows: » Start IP Address: Enter the first private IP in the range. » IP Pool Counts: Set the number of IPs to be handled by DHCP. » Gateway IP Address: Enter the IP of your gateway (usually the IP of your router). » Lease Time: Leave the default value (86400) or enter the desired one. » Primary IP Address: Enter 185.236.104.104. » Secondary IP Address: Type 185.236.105.105.

Enabling DHCP server to automatically set DNS to internal devices
DHCP Server


Alternatively, the DNS of the various devices within the network can be changed manually.

2. OPTIONAL: Deny DNS changes by users

It is possible to increase security by denying the user the ability to browse unfiltered, as a result of changing the DNS on their device. Then open the [Firewall] menu and click on [Filter Setup]. At this point you need to create rules to allow traffic on port 53 (DNS Service), both TCP and UDP, only to our IPs. Click on the first available number, under the Set column, and then on the [1] button (under the Filter Rule column) to create a new rule. Then enable it by selecting Check to enable the Filter Rule and configure it as follows: » Direction: Choose LAN/RT/VPN -> WAN. » Source IP: Leave Any. » Destination IP: Click [Edit], select Single Address and enter 185.236.104.104. » Service Type: Click [Edit], choose User defined, with TCP/UDP protocol, and enter the value 53 in the Source and Destination Port fields. Click [OK] to save. » Filter: Choose Pass Immediately from the drop-down menu. Click [OK] to save and apply the changes.

Now we need to create another rule similar to the previous one except for the IP address of the Destination IP field, which should be 185.236.105.105.

 Creating another rule with, unlike the previous one, a different IP withing the "destination IP" field
Changing the other filter rule




Finally, it is necessary to create a rule to block all DNS traffic directed to other IPs, other than our own. Then proceed as follows: » Direction: Choose LAN/RT/VPN -> WAN. » Source IP: Leave Any. » Destination IP: Leave Any. » Service Type: Click [Edit], choose User defined, with TCP/UDP protocol, and enter the value 53 in the Source and Destination Port fields. Click [OK] to save. » Filter: Choose Block Immediately. Finally, click [OK] to create the rule.

Blocking dns traffic to other ip
Blocking dns traffic to other ip




Other ways to ask: » How to configure Draytek router. » Draytek router configuration. How to.