Hello Team, I modifeid port 1 vlan and I connect a new lan for some pc of my daughters. Everything runs good but not with site blocking. I made a list of site blockling for lan2 but it doesn’t work. They can use every site in the list !?!!?
Can you explain me please ? Thank you
Regards
Hello @Fax,
To begin, could you please provide a screenshot of the VLAN and LAN interface setting changes you’ve made to confirm whether there are no misconfigurations made?
I’ve tested the web filter in blocklist mode on my side, and everything appears to be working as intended, so reviewing your configuration might help identify any potential issues more accurately.
Regarding the proxy based blocker, it cannot be used to block HTTPS websites. For HTTPS domains, you should use site blocking instead.
Looking forward to hearing back from you.
Best regards,
Hello Martynas,
I send you my screenshot.
I recieve error even if I put https:// site on my lan/all lan interfeces…
-Regarding the proxy based blocker, it cannot be used to block HTTPS websites. For HTTPS domains, you should use site blocking instead. I used site blocking but it doesn’ t go. As I told you I recieve an error and I cannot use https:// site…
Thank you
It’s expected and normal that http(s):// prefixes can’t be used in webfilter, instead, at the beginning, you should use www. or simply specify hostname.com (e.g. youtube.com) which’ll work properly.
Regarding your setup, could you unselect Bridge interfaces and enable the DHCP server on the Lan2 interface. Additionally, after making these changes, restart the webfilter service and check whether specified hostnames are blocked.
Note: Before checking web-filtered domains, you might need to clear the browser cache or test it in incognito window.
Let me know how it goes.
Yes Martynas, I unselected bridge interface on Lan2 and now the filter site is running. But now it blocks the site of school too, like axios !! Why ??? I don’t understand !!
My god, What’s a so complicate life…
Another thing…one pc block everything and I have to allow by Microsoft account, the other one pc don’t block anything !!!
Good morning, @Fax,
Thank you for the update.
Could you please check and confirm the following:
192.168.3.1/24 (Lan2) DHCP pool ?Additionally, for testing purposes, please try:
If the issue still persists after these checks, let me know so I can take a deeper look into this matter privately.
Best regards,
Hello Martynas
1 - Both PCs on Lan2 receive different static ip address from 192.168.3.1
2 - yes, there is a switch network before the two PCs. I connect this two PCs by this switch but I don’t think to get enter inside this switch…it’s a very simple switch.
I mean, I get out from Rutx11 with port 1 as Vlan to have LAN2 and enter in this switch to connect two PCs. Every PC has a static IP address.
Do I need a different switch ?
For additionally I’ll try it when I come back home.
Thank you for help me
Regards
Thank you for the update.
No, you don’t need a different switch; your setup should work just fine with any basic switch. Just make sure that both PCs on Lan2 are using the correct gateway IP (192.168.3.1/24). In this case, assuming the correct IPs, default gateway, and netmask are specified on PCs, then the DHCP server can be disabled on the Lan2 interface.
As an additional check for the previous suggestion, try the following when testing:
ping games.it || nslookup games.it)If these hostnames cannot be resolved or pinged, it means the webfilter is working correctly.
Please let me know the outcome of these tests or if you’re still experiencing any difficulties.
Best regards,
ok. Later I send you update after testing.
Thank you very much again
Best regards
Hello Martynas,
So…I tried the test you told me but like yesterday only some site are blocked. And only in one pc and only one pc connect to Microsoft. But not all site !! I tried to block Roblox but both PCs can access.
I find a iussue in my router config and I cannot fix it. I’m not sure if is it the problem…If I put 1.1.1.1 DNS in Lan2 they cannot navigate in some site (like Zanichelli) but if I change DNS with Cisco dns 208.67.222.222 they can use it. If I put dns in their PCs like gateway 192.168.3.1 they cannot navigate.
I send some screenshot
What do you think about it ? Can I solve it by CLI ? and how ?
Thank you
Best regards
Hello @Fax,
If I understood correctly, you’re using a wired WAN connection (from the Cisco device) on your RUTX11 as your primary internet source. It’s a bit unusual that DNS servers are not inherited automatically from that WAN interface.
You could try setting 208.67.222.222 as a custom DNS server directly in the WAN interface settings via Network → WAN → WAN (Edit), then navigate to the Advanced tab and specify only that DNS server, avoiding the use of others like Google or Cloudflare.
This way, there’s no need to configure DNS manually on the PCs and on the router’s DNS settings page. Leave the DNS assignment on the PCs as Automatic, so they receive the Cisco DNS directly from the router (specified in WAN settings).
In brief, multiple DNS servers may interfere with web filtering and result in inconsistent behavior; therefore, you should remove them and test the configuration with a single DNS. Also, it’s a bit unusual why your router doesn’t receive DNS automatically from the Cisco WAN interface.
Let me know whether this gives an improvement.
Best regards,
Sorry Martynas,
Maybe I didn’t explain the iussue so well…
I connect only by sim mobile in my Rutx11.
Nothing else.
But I use the cisco dns (208.67.222.222) in my router and in every my devices and I don’t use dhcp because I have a lot of device connect (12 wired and 15 wi-fi) and it’s more fast to have ip static for everyone than dhcp server…
So, I explained that I cannot fix the iussue to delete the other dns, Network-dns-general
I sent screeenshot before. I don’t know why but I receive an error when I try to delete theme ! I asked you how can I solve it , if is it possibile by CLI
So I cannot try different way to solve the problem to block site on Lan2
I hope I explain me better and sorry for my poor english 
PS: I try to remove DNS from every pc to keep from router but some pc can navigate normally some other not ! …it’s a very strange things…
Hello @Fax,
Thank you for the clarification. It might seem like the previously added DNS entries may be corrupted. As mentioned previously, webfiltering will only work correctly if a single, either inherited from the ISP or specified manually, consistent DNS provider is used.
To move forward, could you try the following:
Manually set a single DNS on your mobile WAN interface (e.g., 1.1.1.1) in the Network → WAN page by editing the mob1s1a1 interface in Advanced tab:
On your PCs, leave DNS assignment to automatic;
To verify that the router is using only the desired DNS server, check this with the following command via SSH/CLI:
cat /tmp/resolv.conf.d/resolv.conf.auto
This should show the currently active DNS server(s) used on the active mobile WAN interface.
Let me know how it goes!
Best regards,
Hello Martynas,
I had already tried to do this, but it cannot remove the dns from general…yet.
I tried to reset the router and replace backup but nothing…
I tried to use automatic dns from wan mobile and I can see theme in general-dns and seems it use theme…
But I cannot remove the other one dns…
I don’t know how to remove theme. In the second page I cannot remove or change anytihg too that error appears…
Thank you
Best regards
Hmm, the further we go, the stranger it gets.
Did the router receive a DNS server from the provider when it was factory reset, and could it be seen in the general DNS page?
Additionally, could you provide the following command’s output:
cat /tmp/resolv.conf.d/resolv.conf.auto
Yes, the router works normally and perfectly without any other problem…it keep dns from mobile. I didn’t see if it use theme in dns page and I 'm not so sure about that, later I can try when I come back home. And I’ll try your command advice
I notice this iussue only in this last time, because when I putted multiple dns I could remove theme…I made some test
So, I’ll keep automatic dns from wan and then the command on CLI. Correct ?
Basically, yes. Keep DNS inherited from mobile WAN, auto-assign on PCs, and check whether the provided command returns the correct DNS server. Also let me know if webfilter works properly as well.
Hello Martynas,
I changed dns from wan and router read correct by CLI and by the site dnsleak.com too. The same thing by cisco dns 208.67.222.222 and router read correct and device too.
The only one thing is that one pc on Lan2 doesn’t navigate without DNS and I need to insert cisco, or google or other one…
And another thing I have read that port 53 can cause some conflict with dns. Is it right ? I tried to switch off everyone device using it but nothing change again…
Over all this I couldn’ t remove the multiple dns in general-dns…
I thought to erase theme from CLI command if is possible do it.
At the end of this I cannot to block internet site to my daughter on Lan2…
I already use google family and Microsoft but I wanted use the router…
Thank you
Best regards
Hello Martyans,
I found the solution causing impossibility delete dns. 
I had switch off the web filter site blocking and then I was able to delete the other dns in network-dns-general
Now I’m trying to find the better way to block some site for my daughter, if by block site or proxy based content blocker
Thank you
Best regards
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
