What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

No need to be rude sir, I was trying to be of help to reduce the clutter.
Anyways, I guess I've just stole a few more seconds from you, so here I am saying "I'm sorry" beforehand.
I‘m OK. You said I unnecessarily waste space, which I don’t for the stated reason and therefore wasting my time ;)
 
Oeps never mind, this was about pixelserv and certificates generated by letsencrypt, but I misunderstood its working and found my answer (finally) in the pixelserv-tls thread...
 
Last edited:
I hope this is the right place to ask this, I searched but this seems to be the thread for all Diversion-related questions?

Anyway, I am having trouble using my Diversion DNS from a different subnet.

I have a wired LAN with my internet router on 10.0.0.x, and a wireless LAN 192.168.1.x with the RT-86U with MerlinWRT 384.17 and Diversion (latest version). To connect the two subnets, I have created a static route on each router to get to the other devices, which works just fine. I can SSH into the devices on the other subnet, and they all "see" each other. I disabled the firewall on the Asus and no blocking seems to happen (?).

The problem is that only the devices on the Wireless subnet (the MerlinWRT/Diversion) router are able to get DNS resolution. If I do a test dig @192.168.1.1 www.google.com from a device on 10.0.0.x, the request stalls and times out, and nothing is written into the the log. So the devices on my 10.0.0.x subnet are not able to use the Asus router as DNS, even though they can ping it. The same dig works flawlessly from devices on the 192.168.1.x subnet.

I was wondering if Diversion has some built-in rules that make it only accept requests from its own subnet? Or maybe MerlinWRT still has some firewall rules active even though I disabled the Firewall in the GUI?

I'd be happy for any hints where to look or what to check.

Thank you!
 
Last edited:
I was wondering if Diversion has some built-in rules that make it only accept requests from its own subnet? Or maybe MerlinWRT still has some firewall rules active even though I disabled the Firewall in the GUI?

I'd be happy for any hints where to look or what to check.
Merlin configures dnsmasq to only listen on the LAN interface br0, as well as any pptp interface. If you want what is technically the WAN port to listen for DNS traffic, you need to add a interface=eth0 or interface=vlan2 to /jffs/configs/dnsmasq.conf.add, depending on your WAN interface name. But then you might also need a no-dhcp-interface=eth0 (or vlan2) to avoid DHCP conflicts on the other subnet.

I’m not sure that’s a great idea overall, but that’s what you can test. It technically has nothing to do with Diversion, so you might get better advice from your own thread that the few remaining non-Diversion users will also see. ;)
 
Last edited:
  • Like
Reactions: a5m
Merlin configures dnsmasq to only listen on the LAN interface br0, as well as any pptp interface. If you want what is technically the WAN port to listen for DNS traffic, you need to add a interface=eth0 or interface=vlan2 to /jffs/configs/dnsmasq.conf, depending on your WAN interface name. But then you might also need a no-dhcp-interface=eth0 (or vlan2) to avoid DHCP conflicts on the other subnet.

Thank you very much! Your suggestion was spot on.

I added the file /jffs/configs/dnsmasq.conf.add with the following contents:

interface=eth0
no-dhcp-interface=eth0

I don't get any warnings from the 10.0.0.x Router concerning DHCP conflicts, so I think it's done. Thank you again.
 
My Entware usb flash drive died last night. :mad:

Any tips for getting Diversion (and Skynet, connMon, scMerlin, and uiDivStats) up and running in no time (two days...) as they used to be?

I have rather fresh set of Diversion backup (Key-files) in my mailbox. How do I use them in a proper way?
edit:
Code:
!  Found Diversion Standard local backup
     from Jun 04 2020 02:10:01 in /jffs/addons/diversion/

 1. Install from local backup in /jffs/addons/diversion/
 2. New installation

 Enter your selection [1-2 e=Exit] 1

Nice! :)

I just connected an old Kingston 16 GB to my router and I am going to format it with Format disk of amtm (fd) right now. I'll be back after reboot. :rolleyes:

edit: Why is the label of the usb flash drive limited to 11 characters when you use the Format disk of amtm? My previous label was called "ASUS_ENTWARE". That is 12 characters and I cannot use it now.

one more edit: Formatted the stick with my Puppy Linux, all 12 characters allowed.

Had to uninstall Skynet with
Code:
sh /jffs/scripts/firewall uninstall
and reinstall it.

All seems to work OK now. Case closed.
 
Last edited:
Has anyone found a way to unblock Disqus? I've whitelisted disqus.com and disquscdn.com and still no "disqus comment sections" load, Diversion also noted that these weren't present in blacklist.
 
Has anyone found a way to unblock Disqus? I've whitelisted disqus.com and disquscdn.com and still no "disqus comment sections" load, Diversion also noted that these weren't present in blacklist.

I think this is what worked for me. I whitelisted:

Code:
realtime.services.disqus.com
 
Couple of days ago i clicked YT block and its working great!! Sure once a while one slips through :) If you can make this work for Tubi and Pluto TV, it would be great, i really cant stand that commercial "safe drivers save 40 percent." anymore. Just kidding. Tnx!
 
Hi, just started using Diversion a couple of days ago and I noticed something when I was testing my Android phone. By design Diversion removes the DNS servers at the DHCP options page, but by doing so, Android sets the primary DNS to the router, but the secondary to google's DNS. DNS works in a Round-Robin way, so there's no guarantee that the router's DNS will be used. When I set the router's IP in the dns field of the dhcp options, Android does only set the router's ip for DNS. Any chance you can set the router's ip in both the dhcp dns fields instead of blanking them?
 
Hi, just started using Diversion a couple of days ago and I noticed something when I was testing my Android phone. By design Diversion removes the DNS servers at the DHCP options page, but by doing so, Android sets the primary DNS to the router, but the secondary to google's DNS. DNS works in a Round-Robin way, so there's no guarantee that the router's DNS will be used. When I set the router's IP in the dns field of the dhcp options, Android does only set the router's ip for DNS. Any chance you can set the router's ip in both the dhcp dns fields instead of blanking them?

LAN->DNSFilter
Enable DNS-based Filtering
Set "Global Filter Mode" to Router
Apply
 
  • Like
Reactions: a5m
LAN->DNSFilter
Enable DNS-based Filtering
Set "Global Filter Mode" to Router
Apply
Tyvm :)

I guess that's another way to solve it, but not everyone will be on this forum or notice the wrong dns configuration on Android. Is there a technical reason for not setting the router ip in the dns fields?
 
Tyvm :)

I guess that's another way to solve it, but not everyone will be on this forum or notice the wrong dns configuration on Android. Is there a technical reason for not setting the router ip in the dns fields?

I don't have an Android device so I'm not sure how its DNS implementation works but you can try this.

Under LAN->DHCP Server
Keep both the DNS fields blank but enable "Advertise router's IP in addition to user-specified DNS"

Also if you keep both the DNS fields blank it'll use the router's IP by default.
 
  • Like
Reactions: a5m
I don't have an Android device so I'm not sure how its DNS implementation works but you can try this.

Under LAN->DHCP Server
Keep both the DNS fields blank but enable "Advertise router's IP in addition to user-specified DNS"

Also if you keep both the DNS fields blank it'll use the router's IP by default.
- Advertise router's IP doesn't make a difference, second DNS is still google dns on Android (sigh...)
- And yeah I know, but there seems to be a difference by leaving the fields blank or setting the router ip, at least for Android.
When I fill in both fields on the router the google's dns is not set on the Phone (I know...it's stupid)
 
- Advertise router's IP doesn't make a difference, second DNS is still google dns on Android (sigh...)
- And yeah I know, but there seems to be a difference by leaving the fields blank or setting the router ip, at least for Android.
When I fill in both fields the google's dns is not set on the Phone (I know...it's stupid)

Then probably your Android device is using hardcoded Google DNS (I know most Android devices prefer Google DNS by default) and I don't think it's something due to the router and the only thing you can do to bypass that hardcoded DNS is to use DNSFILTER.
 
  • Like
Reactions: a5m
Then probably your Android device is using hardcoded Google DNS (I know most Android devices prefer Google DNS by default) and I don't think it's something due to the router and the only thing you can do to bypass that hardcoded DNS is to use DNSFILTER.
You'd be right if google's dns would still show up with both dhcp dns fields filled (router's ip). In that case android does only set the router ip for dns. Dnsfilter works, but why not hard set router's ip in the dhcp dns? If there's a technical limitation I understand, but if not, it would solve the android dns issue for everyone?
 
but why not hard set router's ip in the dhcp DNS? If there's a technical limitation I understand, but if not, it would solve the android dns issue for everyone?

As I said in my last reply the router already does that if you leave the DHCP DNS fields empty. Why your Android device is not respecting the settings is something I can't tell you without further troubleshooting.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top