November 10, 2011
Kindle – problem connecting to wifi network
I guess I haven’t posted for a while 
We got our son a Kindle for his birthday, but it hadn’t occurred to me that it has a browser (or games, but that’s another story). So bedtime reading became bedtime browsing, which was not the idea!
To get books on it, I connected it to my wifi network using WPA-PSK, and all worked fine. On discovering he was using the browser, I temporarily set up a DHCP config which fixed his address, then added a firewall rule to block all traffic for that address on my DSL router (a Zyxel 660). All was OK, except of course I’d blocked access to the Amazon book store too, and therefore he couldn’t either buy books or receive them via email.
And then he noticed that he couldn’t connect to the wifi any more, which was odd.
To cut a long story short, simply allowing outbound traffic to the Amazon IP ranges isn’t enough to have the Kindle connect to a wifi network, it also tests DNS to ensure it can resolve the Amazon hostnames. If it can’t, it drops the wifi connection, suggesting there’s a wifi problem – which is misleading.
I use OpenDNS, so thought that just permitting the Kindle to get port 53 to the OpenDNS servers would do it, but they actually do some redirection to other IP addresses in their block, so I had to add these too.
So the firewall rules you need (written generically – you’ll need to figure out what commands your router needs) are:
Permit TCP ports 80 and 443 from any IP to a range 178.236.0.0 – 178.236.7.255
Permit port 53 from any IP to your DNS server (OpenDNS is 208.67.220.220 and 208.67.222.222)
And, for OpenDNS, I allowed any IP, and port to the OpenDNS blocl 208.69.32.0 – 208.69.39.255. I guess I could make this more specific.
So that works, and he can get to Amazon but nowhere else. Yay!
Shyam Kadari said,
January 29, 2012 at 2:27 am
I recently go a Kindle Fire for my kids and face the same problem. I will see if I can do something similar for Fire.