Required INI settings
 
ListenOnIP=192.168.2.2
 
DNSServerIP=[put a real DNS server here]
 
RedirectIP=192.168.2.3
AuthKeywordsFile=authorized.txt
AlwaysKeywordsFile=always.txt
 
BlockedIP=192.168.2.2
BlockedKeywordsFile=blocked.txt
AllowedKeywordsFile=allowed.txt
 
   
Explanation
 
This implementation might be used in remote locations where a 3G/4G cellular or satellite Internet connection is the only option.  Using the suggested blocked site with DNS Redirector will significantly improve performance of casual web surfing over high-latency and bandwidth-constricted Internet connections since the request for blocked content will be served locally rather than over the cellular connection.
 
The need for the second Windows computer running ICS can be eliminated if your ISP already provides an Ethernet handoff or provides a USB cellular dongle that is supported by your router.  Any Ethernet-based WAN connection can be plugged directly into the WAN port of the Firewall/Router for the Guest LAN.
 
The Windows server runs DNS Redirector and three sites in IIS, each bound to a unique IP address.  When/if the Internet connection becomes unavailable, operation can automatically be switched to display the unavailable page (SimpleDNS= setting with an asterisk record) until service resumes.  See FAQ 67.
 
* Optionally, an all-in-one device like the Cisco RV220W or ZyXEL ZyWALL USG20W could be used.  This would cut the cost of the separate Firewall, Switch, and Wireless AP as shown.  The only special consideration is that you must be able to specify the DNS Redirector server IP as the sole DNS Server handed out by DHCP Properties.
See FAQ 24.  Alternatively, you could run DHCP service from the Windows Server, turning it off on the Firewall.
 
An alternative to the Windows computer running ICS would be a router that supports a cellular Internet connection directly; such as the Peplink Pepwave MAX series or ZyXEL ZyWALL USG50/higher model.
 

 
DNS Redirector | Legal Information | 2003-2017