What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Can't tell for sure ATM, but pixelserv should only listen on port 443 on the ps IP.
Make sure OpenVPN does the same in its IP and see how it goes.
In my head it works...
There is also the harder way of doing it: The pixelserv switches, you can change the https port (443) in the AB UI, but you'll also have to add a firewall forwarding rule to make it work.
See kvic's pixelserv thread for how to do it.
Interesting. Thank you for coining that option.
 
Hello-

I'm a newbie to Merlin and AB-Solution. I used the latest installer, but this morning when I rebooted the router it stopped blocking ads. I manually updated and it started blocking again. Obviously I'm missing something, but not sure what?

Also, is it recommend to use pixelserv-tls?

What I'm running is listed below.

Code:
 A B - S O L U T I O N        A D - B L O C K I N G

 AB-Solution 3.9                  by thelonelycoder
----------------------------------------------------
 RT-AC3200 (armv7l) fw-380.67 @ 192.168.1.1
----------------------------------------------------
 415,425  blocked domains  6  hosts files in use
 1,329 t  1,329 w  3 n ads since Aug 15 11:39
----------------------------------------------------

 i   AB-Solution     [/tmp/mnt/data]
 cu  check for updates
 un  updates notify  [off]
 bu  backup to email [off]

 a   ad-blocking     [on]
 l   logging         [on]
 rs  router stats    [off]

 cb  custom block IP [off] (0.0.0.0)
 ps  install pixelserv-tls

 b   blocking file   [AdsBeGone!] [Fri @ 2:00]
 u   update blocking file
 el  edit white or black list

 f   follow the logfile
 ac  update ads counter

 e   exit AB-Solution                   sm  sub menu
____________________________________________________

 Done  check for updates

 What do you want to do?


--NOTE: It seems if I turn on AI Protection it stops working and once I turn it off and restart it, it works. Is this normal?
 
Last edited:
Don't ask as I don't know why I added it at the time.
This is completely removed now, users of your script look forward to your update to use the shared whitelist.
On closer look, I'm sad to say I'll pass on the shared whitelist for ya-malware-block. The reason being that the ya-malware-block solely uses IP regexes and discrete IPs for the whitelisting purposes. If I introduce a domain to IP lookup and then exclude from the block, it will add processing time which may not be needed (it anyway has to whitelist internal/non-routable IPs). I will, however implement that on the iblocklist-loader script in the next update.
 
This is more to support the Streisand effect than the actual need to block a single domain, functionalclam.com in this case.
The company behind it, Admiral, owns the domains in the blacklist I posted.

We are all affected by brute force measures such as that silly DMCA takedown request Admiral threatened GitHub and possibly EasyList with.

So yes, unless Singapore is outside of the earthly internet DNS zone, this blacklist can be added to any ad-blocker using hosts file based blocking.
AB-Solution is one of them.

Noted. And domains gladly added.
 
Also, is it recommend to use pixelserv-tls?
Highly recommended: https://www.ab-solution.info/faq-reader/what-does-pixelserv-tls-do-and-do-i-need-it.html
--NOTE: It seems if I turn on AI Protection it stops working and once I turn it off and restart it, it works. Is this normal?
That depends what feature(s) is/are enabled in AI Protection.
For AI Protection to work, some or all local DNS requests are sent to an external resolver, bypassing the local resolving by Dnsmasq.

AB-Solution only works if the local Dnsmasq does the resolving.
 
On closer look, I'm sad to say I'll pass on the shared whitelist for ya-malware-block. The reason being that the ya-malware-block solely uses IP regexes and discrete IPs for the whitelisting purposes. If I introduce a domain to IP lookup and then exclude from the block, it will add processing time which may not be needed (it anyway has to whitelist internal/non-routable IPs). I will, however implement that on the iblocklist-loader script in the next update.
So I best re-add the /jffs/ipset_lists/ya-malware-block.urls if found to whitelist your required domains?
 
My test routers have only one purpose: I develop and test the scripts I code on them.
Them having their own IP range helps to simulate real world conditions.
My test routers have only one purpose: I develop and test the scripts I code on them.
Them having their own IP range helps to simulate real world conditions.

But do they work? e.g. behind the main router and still accessing the outside world (the tinterweb)? Or does it just work for the subnet they are on?


thanks
 
But do they work? e.g. behind the main router and still accessing the outside world (the tinterweb)? Or does it just work for the subnet they are on?


thanks
Why would it not work?
They receive a LAN IP from my main router which is the WAN IP on the test routers.
Just as you main router receives an IP from your ISP.
 
Couldn't get it to work here - that why I ask.
Set WAN Connection Type to Automatic IP. For the main router this is just another device that connects to its LAN side.
 
Set WAN Connection Type to Automatic IP. For the main router this is just another device that connects to its LAN side.

Yeah did that.

Main Lan 192.168.1.x (router connected to tintierweb)

second lan 192.168.2.x (ab-solution on it)

Static route set up so 192.168.1.x can access 192.168.2.x

192.168.1.x can not resolve dns when pointed to the ab-solution router.

thanks
 
Yeah did that.

Main Lan 192.168.1.x (router connected to tintierweb)

second lan 192.168.2.x (ab-solution on it)

Static route set up so 192.168.1.x can access 192.168.2.x

192.168.1.x can not resolve dns when pointed to the ab-solution router.

thanks
You have to allow access to the service from the WAN side on that downstream router, generally not a good idea but the only way to make it work.
 
You have to allow access to the service from the WAN side on that downstream router, generally not a good idea but the only way to make it work.

I have disable the firewall on the downstream router, do you mean create a port forward? If so which ports specifically?


thanks
 
I have disable the firewall on the downstream router, do you mean create a port forward? If so which ports specifically?


thanks
Port 80 and 443 for pixelserv, 53 I believe for dnsmasq
 
If the downstream router IP is 192.168.2.1 and the pixelserv-tls is running on 192.168.2.2 ...

Which IP do I make the rule for?

80 and 443 to pixelserv x.x.x.2 and 53 to router x.x.x.1 ????

What about the router interface on 80?


thanks
 
Last edited:
So I best re-add the /jffs/ipset_lists/ya-malware-block.urls if found to whitelist your required domains?
Only raw.githubusercontent.com is used there. I do not suppose it will be blocked. If it is blocked by AB-Solution, there'll probably be bigger issues. Almost all script code (even from other scripters) are hosted there.
 
If the downstream router IP is 192.168.2.1 and the pixelserv-tls is running on 192.168.2.2 ...

Which IP do I make the rule for?

80 and 443 to pixelserv x.x.x.2 and 53 to router x.x.x.1 ????

What about the router interface on 80?


thanks

Could you let me know what you have set in your router please?

thanks
 
pixelserv listens on ip address and port, but all other serrvices must do this as well to re-use port nos.
We used to have an issue with the router web gui listening on all ip addresses and port 80, but I believe this was fixed many revs ago. There is still an issue with AiCloud on port 443? The adblock install script optionally moves this to 9443 to free up 443 for use by pixelserv.

pixelserv can be configured to listen on different ports, but browsers will use 80 for http and 443 for https by default, so you would need iptables rules to dnat the requests to different ports.
 
Last edited:
Status
Not open for further replies.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top