What's new

[How-to] Adblock Plus filters right on router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ok, I omitted the specific detail, I did format it as ext2. I'll try again as ext3.

So the the USB needs to be present at all times?

--YES

Approx how much space does it need?

--Less than 1 GB (depends on what packages you need/install additionally from entware)

Edit: formatted it to ext3 and same behavior.
I initially did the formatting on Windows 10 with EaseUS. This time I deleted the partition and then created it on the router following these steps, http://www.tldp.org/HOWTO/Flash-Memory-HOWTO/ext2.html
Mounted properly, same error about creating directories.
Edit2: I think i got it. I went to \tmp and saw an entry opt there as file type l. I removed it and tried setup again and its going through.

--Congratulations

Were IP ranges included as mentioned on page 1? I havent had a chance to try 192.168.1.50-192.168.1.55 vs just one yet as router is in use and rather avoid multiple reboots until later if not necessary.

--IP Ranges or IP's to filter for Advert need to be scripted by you
Reboots not necessary for adding/updating IP's for Advert filtering per my experience....restart of privioxy from shell will do.

I do a weekly privoxy block lists update and issue the below commands to stop and start privoxy (from respective directories)

./S24privoxy stop
./privoxy-blocklist_0.2.sh
./S24privoxy start
 
I want to achieve something that's similar to the subject of this topic, but not entirely the same. I hope it's OK that I post my question here. If not, please let me know and I'll delete my message and start a new topic instead.

Goal: use my router to block ads for some family members with iOS devices not locally connected to my router (using <routername>.asuscomm.com:8080 in their proxy.pac file that only directs ads to a proxy on my router; all other traffic is DIRECT to minimize the traffic my router should handle=deny for them).

Initially I though pixelserv could help (see this post and follow-up), but I think I misunderstood. However by experimenting with that I learned that the proxy.pac setup is working and directing ad requests to my router. So that part is already achieved. Now I think running privoxy on my router on port 8080, blocking all traffic, should do the final trick (my router denying those request).

I used the steps in the 1st post of this topic to set up prixovy using Entware.

Currently privoxy starts, but I only get this log line in /tmp/syslog.log:
May 31 23:02:55 admin: Started privoxy from .

When I surf to https://privoxy.org/config (on one of my iOS devices with the same proxy.pac I want to offer to my family members) I get:
Privoxy is not being used

When I instead surf to 192.168.1.1:8080 I get (with accept-intercepted-requests set to 0):
Invalid header received from client

When I instead surf to 192.168.1.1:8080 I get (with accept-intercepted-requests set to 1):
Maximum number of open connections reached.

privoxy --no-daemon --config-test gives no errors, so at least I have made no syntax errors in the config file I guess.

However, I'm not sure about what to change to get my desired setup working.

1) What should I change in the config file, if anything?
2) Is one actionsfile with content { +block{All} } * sufficient for what I want? (since privoxy will only receive request for ads)
3) What iptables command should I use so that privoxy is available outside my local network?
4) Are these iptables commands persistent, or do I need to execute them after each reboot (via a script)?
5) Is my desired setup safe or do I introduce a significant attack vector (for my network) by doing this?

Sorry, obviously I'm kind of a newbie on this, but I hope to learn from you. Thank you for your time!
 
--IP Ranges or IP's to filter for Advert need to be scripted by you
Reboots not necessary for adding/updating IP's for Advert filtering per my experience....restart of privioxy from shell will do.

I do a weekly privoxy block lists update and issue the below commands to stop and start privoxy (from respective directories)

./S24privoxy stop
./privoxy-blocklist_0.2.sh
./S24privoxy start
I'm at a bit of a loss then on the multiple IP's part.
Can you direct me to something to read up on it to understand it?
I was hoping something like this would have been acceptable,
echo "iptables -t nat -A PREROUTING --source 192.168.1.50-192.168.1.55 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128" >> /jffs/scripts/firewall-start

I already have the devices with DHCP reservations and confirmed they are in the .50-.59 range I intended to use.
 
Seem to have my setup working now.

I learned 2 things:
  • privoxy logging is in /opt/var/log/privoxy, not in /tmp/syslog.log
  • I previously had configuration parameter "toggle" set to 0 instead of 1 (effectively disabling privoxy blocking...)
 
Ok I seem to be more clueless than I originally thought. I followed the directions to a T so now I don't think it's working as I need some more info not in that basic tutorial.
The guide only seems to mention executing the script for the firewall.
I take i need to also do something like this,
#!/bin/sh privoxy-blocklist_0.2.sh
Would this need to be done each time? Is there a folder I can stick this to execute at each reboot?
As of now I have done this with only a single IP and still doesn't seem to be doing anything.

Also I had installed Nano as suggested on the Entware setup page and it was working, thats how I edited the privoxy urls.
Now I try to run nano and get a not found error.
I tried "opkg install nano" again and now opkg not found.
Meanwhile I see a nano folder in /tmp/mnt/sda1/entware/bin#
-rwxr-xr-x 1 admin root 150376 Sep 18 2015 nano

Any tips or guides are getting more familiar with unix?

Edit: it seems it may be partially working. If I try to go to config.privoxy.org it loads up saying its not installed. Also when I connect to my wifi on a Galaxy s6 i get a prompt i need to sign in. I tap it and get an error page and I have to hit the Menu button and choose Keep connection. If I change to a different IP then It just auto signs in like normal.
However I still saw ads on some sites and youtube app
 
Last edited:
Has anyone solved the unavailable ressource error? Even after changing my ulmit -n and -s to 4096 in the startup script as well as adding a max-client-connections 512 to the provixy config I'm still getting these entries in my privoxy log:
Error: Unable to take any additional connections: Resource temporarily unavailable. Active threads: 40

The system log isn't being helpful either and both memory usage and CPU usage never go higher than 50%. I'm wondering if the problem may have to be with my USB drive being a USB key...

Anyone have any other ideas?
 
I'm tired to explain Private Messages is for Private topics, sorry. When conversation topic doesn't contain something private, please, ask on public thread.

IMHO, there's no sense to use AdBlock on router anymore. This How-to was written years ago, when HTTPS was rarely used. It's not working on compressed and\or SSL-protected pages, which means it's not working on modern web at all.
 
IMHO, there's no sense to use AdBlock on router anymore. This How-to was written years ago, when HTTPS was rarely used. It's not working on compressed and\or SSL-protected pages, which means it's not working on modern web at all.

Thanks for the reply, I was planning to use the adblock easylist subscription mainly as a URL filter for my kids but I guess that's overkill and a good hosts file should be adequate.
Just in case someone really needs privoxy and is running into the unavailable resource message, I ended up lowering my maximum-clients configuration setting to 38 and it works fine now.
 
I read the reply that this is outdated but I assume that it can still work for some homepages?
Anyway I followed the guide and everything seems to work except no adds are blocked.
In the Privoxy log it sais:
2016-12-02 16:23:28.525 2aab0310 Info: Listening on port 3128 on IP address 0.0.
0.0

That ip seems wrong? :) I have entered the reserved ip in the firewall-file, it looks like this:
#!/bin/sh
iptables -t nat -A PREROUTING --source 192.168.1.1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
 
I read the reply that this is outdated but I assume that it can still work for some homepages?
Anyway I followed the guide and everything seems to work except no adds are blocked.
In the Privoxy log it sais:
2016-12-02 16:23:28.525 2aab0310 Info: Listening on port 3128 on IP address 0.0.
0.0

That ip seems wrong? :) I have entered the reserved ip in the firewall-file, it looks like this:
#!/bin/sh
iptables -t nat -A PREROUTING --source 192.168.1.1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
Might want to check out AB-Solution 3 instead. http://www.snbforums.com/threads/release-ab-solution-3.35540/
 
Can AB-Solution 3 do url filtering/blocking based on string? Seems no to me. I hope these two methods can be combined: blocking ads by hosts as well as url filtering.
Did I not answer that clearly in the AB3 thread?
 
so, following the steps one by one, It does not work. what is the next step? do i post logs? the log says
2016-12-10 16:51:08.482 2aab0310 Fatal error: can't bind to 0.0.0.0:3128: There may be another Privoxy or some other proxy running on port 3128 when it is started automatically after reboot, but when i stop and start it, there is no such error.

also, the whole log is a giant string of errors, but either way when i go to https://www.privoxy.org/config/
i'm told i'm not using privoxy
 
so, following the steps one by one, It does not work. what is the next step? do i post logs? the log says
2016-12-10 16:51:08.482 2aab0310 Fatal error: can't bind to 0.0.0.0:3128: There may be another Privoxy or some other proxy running on port 3128 when it is started automatically after reboot, but when i stop and start it, there is no such error.

also, the whole log is a giant string of errors, but either way when i go to https://www.privoxy.org/config/
i'm told i'm not using privoxy

when you get this error, before stopping Privoxy, check which service is using that port.

for example:
Code:
 lsof -i :3128
 
when you get this error, before stopping Privoxy, check which service is using that port.

for example:
Code:
 lsof -i :3128
thank you for your help. i installed lsof and that command returns nothing. any further ideas?
log
2016-12-10 18:48:53.574 2aab0310 Info: Privoxy version 3.0.26
2016-12-10 18:48:53.582 2aab0310 Info: Program name: privoxy
2016-12-10 18:48:53.582 2aab0310 Info: Loading filter file: /opt/etc/privoxy/default.filter
2016-12-10 18:48:53.610 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easylistgermany.script$
2016-12-10 18:48:53.643 2aab0310 Error: Adding re_filter job 'input[onclick[/&:?=_]="window\.open('$
2016-12-10 18:48:53.644 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easylist.script.filter
2016-12-10 18:48:53.764 2aab0310 Error: Adding re_filter job 's|<([a-zA-Z0-9]+)\s+.*id=.?\5f _mom_a$
2016-12-10 18:48:53.765 2aab0310 Error: Adding re_filter job 's|<([a-zA-Z0-9]+)\s+.*id=.?\5f _mom_a$
 
Last edited:
Errors happen
If I use
Code:
echo "iptables -t nat -A PREROUTING --source [the static IP address you provided] -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128" >> /jffs/scripts/firewall-start


the static IP address you provided ,these devices can`t visit internet.
My Config:
confdir /opt/etc/privoxy
logdir /opt/var/log
filterfile default.filter
logfile privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action
filterfile user.filter
listen-address 0.0.0.0:3128
toggle 1
enable-remote-toggle 1
enable-remote-http-toggle 0
enable-edit-actions 1
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 1
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 300
socket-timeout 300
#permit-access 192.168.1.0/24
debug 1 # show each GET/POST/CONNECT request
debug 4096 # Startup banner and warnings
debug 8192 # Errors - *we highly recommended enabling this*
#admin-address privoxy-admin@example.com
#proxy-info-url http://www.example.com/proxy-service.html


222218mn48hlz46hm6lxz5.png
 
I have had the solution running for a long time and I have ran it on all wireless traffic on my router. However I now want to exempt some IPs, can anyone refresh my memory how this is done? :)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top