I tried this both with ASUSWRT-Merlin TUF-AX5400 3004.388.9_2-gnuton2 and ASUSWRT-Merlin RT-AX56U 3004.388.8_4 with Diversion 5.4.6 (+Skynet 7.6.5 if it matters), DNS Director is enabled with Global redirection set to Router. I enabled the large filtering (https://big.oisd.nl/dnsmasq2) plus one from StevenBlack (https://raw.githubusercontent.com/S.../alternates/fakenews-gambling-porn-only/hosts)
Diversion works perfectly for machines or phones on LAN, filters out everything defined by the blocklists.
I have one port open to the outside world where dropbear listens with ssh (only private keys, no password allowed on this port). When I ssh into the router with dynamic port forwarding to a port from my laptop, and then set my firefox to use socks5 with this port, and even set the proxying of DNS via socks5, as well, then none of the sites are blocked. Those DNS calls are going through the ssh tunnel on socks5, and not using the local router's DNS, because that also has a working adblocking. But I can't see them on the tunneled router's diversion logs, which is consistent with the undesired behaviour that ads appear.
Is there some trivial setting I am missing that will make sure that all SSH tunneled traffic is also going through Diversion or dnsmasq?
Diversion works perfectly for machines or phones on LAN, filters out everything defined by the blocklists.
I have one port open to the outside world where dropbear listens with ssh (only private keys, no password allowed on this port). When I ssh into the router with dynamic port forwarding to a port from my laptop, and then set my firefox to use socks5 with this port, and even set the proxying of DNS via socks5, as well, then none of the sites are blocked. Those DNS calls are going through the ssh tunnel on socks5, and not using the local router's DNS, because that also has a working adblocking. But I can't see them on the tunneled router's diversion logs, which is consistent with the undesired behaviour that ads appear.
Is there some trivial setting I am missing that will make sure that all SSH tunneled traffic is also going through Diversion or dnsmasq?
