Teldat configuration

overview to activate the containment filter on teldat devices, please connect to the control panel by entering the ip address of the teldat router in your browser then, enter your administrative login credentials to access the configuration change the device dns for web filtering to work on your devices, you need to configure the router and replace the current dns addresses with our cloud servers to do this, go to the router panel and enter the following configuration routeros feature dns ; dns resolver user configuration ; server 185 236 104 104 server 185 236 105 105 exit dynamic ip configuration web filtering works perfectly with both dynamic and static ips if you have a dynamic ip address, you must configure the dynamic dns service directly on the router when configuring the dyndns client on your teldat device, it is strictly necessary to use the specific username and password assigned to your dynamic network inside our dashboard do not use your main account email address enter the following configuration, making sure to replace the placeholder tags with your actual data routeros feature dns updater ; dns updater configuration ; enable entry 1 protocol dyndns system dynamic entry 1 interface \<interface wan> entry 1 hostname \<hostname> entry 1 servername members dyndns org entry 1 user \<username> password \<password> exit optional deny dns changes by users you can significantly strengthen your network security by preventing unauthorized user dns changes to do this, simply create a new access list for use on the wan interface to block external dns resolution, and apply it to your external interface as follows routeros network direct ipl ; generic direct ip encapsulation user configuration ; description wan ip access group 100 out exit optional configure multiprofile the advanced multiprofile feature allows you to create multiple filtering profiles for each client or license and associate them with a single network or ip address our web filter recognizes the remote network and the specific configuration profile based on the public ip and the destination port used for the dns request for example, if you have the address 1 2 3 4, you can route your traffic using different ports standard port 53 used for the default profile alternative ports used for secondary profiles, choosing among 110, 143, 5402, and 5403 if you want to create two or more profiles for a network with the same ip address, you need to configure a different destination port for each profile enable afs and configure nat first, you must enable the afs feature on your teldat device enter these commands routeros feature afs enable exit then, you need to change the dns request originating on port 53 to the new port via nat please note that a port other than 53 must be entered in the port profile2 tag, choosing exclusively from 110, 143, 5402, or 5403 the default port 53 connects directly, so no special nat configuration is needed for your primary profile routeros protocol ip ; internet protocol user configuration ; nat rule 1 out \<lan interface profile2> static rule 1 translation source tcp 185 236 104 104 \<port profile2> 185 236 104 104 53 ; rule 2 out \<lan interface profile2> static rule 2 translation source udp 185 236 104 104 \<port profile2> 185 236 104 104 53 ; rule 3 out \<lan interface profile2> static rule 3 translation source tcp 185 236 105 105 \<port profile2> 185 236 105 105 53 ; rule 4 out \<lan interface profile2> static rule 4 translation source udp 185 236 105 105 \<port profile2> 185 236 105 105 53 ; exit ; exit ; feature dns updater no cache enable exit full configuration example here is a complete example of configuring the web filter with multiprofile and dynamic dns in teldat, so that only the designated dns servers can be used on the network routeros ; ; user admin hash password 3a574faf7e28f15516beb5c876d8b5bc global profiles dial ; dial profiles configuration ; profile internet default profile internet dialout profile internet 3gpp apn movistar es exit ; network cellular1/0 ; interface at configuration ; pin ciphered 0xbe35df12fbfa1154 network mode automatic network domain cstps exit ; network direct ipl ; generic direct ip encapsulation user configuration ; description wan ip access group 100 out ip address dhcp negotiated exit ; base interface ; base interface configuration ; base interface cellular1/1 link base interface cellular1/1 profile internet exit ; direct ip ; direct ip encapsulator user configuration ; address dhcp authentication sent user movistar ciphered pwd 0xd2650cef62fbef55d3ac337da700103f exit ; network ethernet0/0 16 ; ethernet subinterface configuration ; description vlan 16 ip address 172 16 0 1 255 255 0 0 encapsulation dot1q 16 exit ; protocol ip ; internet protocol user configuration ; nat rule 4 translation source udp 185 236 105 105 5403 185 236 105 105 53 rule 10 out direct ipl dynamic overload rule 10 translation source interface direct ipl exit exit ; ; feature dns ; dns resolver user configuration ; no cache enable server 185 236 104 104 server 185 236 105 105 exit ; feature dns updater ; dns updater configuration ; enable entry 1 protocol dyndns system dynamic entry 1 interface direct ipl entry 1 hostname ejemplo entry 1 servername members dyndns org entry 1 user ejemplo username ciphered pwd 0x5e8102555edec919914fd3e6d9ad48cd exit ; dump command errors