Mikrotik DNS Firewall Introduction


Unfortunately, certain devices such as the Google Chromecast have built in DNS settings designed to redirect all DNS queries to a particular server. To circumvent this, we'll need to set up a firewall on your router that will instead push all DNS queries to use MyTelly.

While many routers in the market allow you to set up manual DNS servers on them, unfortunately many don't allow you to set up a custom firewall.

From our experience, the best routers that give you full customization are those that can be flashed with custom firmware such as DD-WRT, Tomato, OpenWRT and RouterOS (Mikrotik) based routers. This guide will walk you through setting up a Mikrotik router that runs on RouterOS to use a firewall to restrict all outgoing DNS queries and push them to use MyTelly servers instead.


Step 1: Getting Started


Login to our website, www.my-private-network.co.uk  from your computer browser and you should be redirected to the My Subscription page.

 

Select the MyTelly tab on the left hand corner of the screen and click on Setup.

 

 


Take note of the fastest DNS servers address that appears on screen.


Step 2: Mikrotik DNS Firewall Initial Setup


First of all, login to your Mikrotik router user interface by entering its IP address into your browser.

Note: The default username is admin and there is no password.

The below instructions were done on the browser Webfig interface, the instructions will differ slightly if you are using the Winbox interface but the principals are the same.

Once you've gained access to the router interface, click on IP and then strong > Firewall which can be found on the left hand pane.




LShH4nmcIdal-MGLvw8XP1GTJa71Ob2psg.png



Once you've opened the Firewall menu, click on the NAT tab.




NtcfHiI-OX92V7vSuQSoUIPcONeCa-R-fQ.png



Mikrotik DNS Firewall Primary NAT settings



Click on Add New and change the settings from the drop down menu as below:

------------------------ 

Chain : dstnat

Protocol : 6 (tcp)

Dst. Port : 53

------------------------



RISiyj0yPrkcavmfkDpGAu-4TUj6Zu95Ig.png




Scroll down and change the Action to dst-nat. This will give you further option to change as below:

------------------------ 

To Addresses : the first DNS address that is recommended for you

To Ports : 53

 ------------------------



Fa5dWA9Sxz5acvPBdOeUy8qlugTUUJWeQQ.png



Note: The IP address that are used are only an example, please use the DNS addresses that you took note earlier from our website.


Once these settings have been entered, please click on Apply and OK which can be found on the top of the screen.

 

Mikrotik DNS Firewall Secondary NAT settings

 

When you're returned to the NAT screen, please click on Add New to add another set of rules to the router, with the settings as below:

------------------------

Chain : dstnat

Protocol : 17(udp)

Dst. Port : 53

------------------------



Kx8WxDM6la8xRrGHLLxYfux1vWAqOEpDog.png



Scroll down and change the Action to dst-nat. This will give you further option to change as below:

------------------------

To Addresses : the second DNS address that is recommended for you

To Ports : 53

------------------------




BSzsoyYNkgJXzIgXyc0j2U7mPniSxnTMcQ.png



Note: The IP address that are used are only an example, please use the DNS addresses that you took note earlier from our website.


As before, please click on Apply and OK once everything has been entered.

 

Note: Generally, the changes on Mikrotik are usually instantaneous so you don't need to reboot your router, but in case you are having errors with the DNS settings, please reboot before attempting anything else.




Step 3: MyTelly IP Registration on Network (Completion)


Head back to the MyTelly page, scroll down and click on Register This Address.  


This will register your IP address and also test your DNS setup and indicate whether you have changed the DNS settings correctly.

blob1478516170259.png


You will get Your DNS is configured correctly! Enjoy! message on your screen if your DNS has been set successfully in your network.


Note: If you get Your DNS is not configured error message, please try again in a few minutes or reboot your router.


blob1478516345643.png


Note: you will not have to do it again unless your IP address changes. Also, any device on the same network will be able to use the service since the DNS is already set on the router itself.


Now that you have setup and registered your system you can go ahead and access the TV sites that can be accessed with the service!


Any Problems?


Unfortunately it doesn't always go to plan!

 

If you have any problems or can’t get connected, please email us at support@my-private-network.co.uk. We’ll get back to you as soon as possible and try to help.