Use old DdWrt/OpenWrt/Tomato Router As Pihole-Like Device?

[dwp]

Hello. I hope I am posting in the right place. I just replaced my old router with an Asus GS-AX3000. One apparent side-benefit of doing this is that even the stock firmware on this router allows me to specify the IP to use as the DNS server handed to DHCP clients. I have never before had a router that did this. So I am wondering about re-purposing one of my many old routers as a cheap, pihole-like device and using it to: (a) block ads and (b) redirect resolution of some web-based services to services I have running locally (mostly for control of various IoT devices).

It seems to me that if the old router has DdWrt/OpenWrt/Tomato on it I might be able to somehow configure dnsmasq appropriately, attach it to my new Asus router via a LAN-LAN cable, assign the thing a static IP in the Asus, and use that IP as the one the Asus hands out to DHCP clients on my LAN.

I am not sure how much CPU/RAM/NVRAM would be needed to do this. And quite frankly, I lack enough to knowledge to ascertain how to accomplish this. But at least to this newbie, it seems like it might be possible. Keep the old router out of the landfill, learn some new tricks, etc?

Any tips/pointers/suggestions?

Thanks

 

[eibgrad]

Do you even know if this old router (what is it?) supports third-party firmware? Not all do.

In fact, except for AsusWRT-Merlin, NONE of them support AX routers, only AC and older. And even then that list can be further limited (e.g., FreshTomato is strictly Broadcom). Most rely on DNSMasq for support of DHCP and a local DNS proxy (which is probably what your GS -AX3000 is currently using as well). But sometimes they do offer extensions in the GUI, such as ad-blocking (e.g., FreshTomato). In other cases, you'll need to use the CLI to run your own scripts to add similar features (e.g., DD-WRT). In fact, I support such a script on PasteBin.

ddwrt-blacklist-domains.sh - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

Of course, you might be better served by a real RPi rather than an old router in some cases.

 

[Tech9]

In fact, except for AsusWRT-Merlin, NONE of them support AX routers

Some MediaTek AX based routers have OpenWrt support already, but the choice is very limited.

@dwp just had to buy Asuswrt-Merlin supported router and run available in AMTM Diversion or AdGuard Home.

 

[dwp]

Do you even know if this old router (what is it?) supports third-party firmware? Not all do.

In fact, except for AsusWRT-Merlin, NONE of them support AX routers, only AC and older. And even then that list can be further limited (e.g., FreshTomato is strictly Broadcom). Most rely on DNSMasq for support of DHCP and a local DNS proxy (which is probably what your GS -AX3000 is currently using as well). But sometimes they do offer extensions in the GUI, such as ad-blocking (e.g., FreshTomato). In other cases, you'll need to use the CLI to run your own scripts to add similar features (e.g., DD-WRT). In fact, I support such a script on PasteBin.

ddwrt-blacklist-domains.sh - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

Of course, you might be better served by a real RPi rather than an old router in some cases.

Hi and thanks. I actually have several old, single-core routers with 3rd party firmware installed. One is an Asus RT-N10 and I have a TP-Link and a Rosewill (rebranded TP-Link) that I could deploy. Some have DD-WRT and others OpenWRT. I think they are quite similar in terms of specs. I would have to look them up.

Sadly my new GS-AX3000 is not supported on Merlin (at least not yet). Thankfully, I was still able to install Entware on the stock firmware. Still, I would prefer Merlin. I am still testing it and am a bit worried about its current level of RAM usage (320M of 512M) and might still end up returning it in favor of a much more expensive Asus with 1G. If I do, I will insist on a Merlin compatible model.

I agree that a real pi would likely be better for this. But my hope was to try and re-purpose some of the pile of older hardware I have. I will look into the script you mention. Thanks!

 

[eibgrad]

Ppl worry too much about RAM usage. Most of the time it's because the router is taking advantage of all that additional memory to cache/buffer data, rather than let it go to waste. IOW, it's actually a GOOD thing! If and when the RAM is needed for more pressing matters, it will flush the cached/buffered data. IOW, this is all part of memory management by the router. It's intentional. And so trying to monitor RAM usage is pretty much pointless. And in the rare event of actually NOT having enough RAM for on-going operations, you can always add a swap file via USB.

As far as DD-WRT vs. OpenWRT, the latter is just too tedious for me given how much of it requires the manual manipulation of config files. IMO, DD-WRT has improved dramatically over the past few years, particularly due to @egc, one of the more recent developers (others have joined as well). It's why I continue to support it on the forums and offer my own scripting to solve specific problems. In particular, I've yet to see anything comparable to its WireGuard support in other third party firmware.

As it happens, I have several ASUS RT-N10P and RT-N12 D1 routers from years back, when they were being dumped for $5-10 after rebate. Nice little MIPS-base units for the time, but vastly underpowered by today's standards. I had been using them w/ both DD-WRT and FT (FreshTomato), mostly as wireless client/repeater bridges. Or perhaps as a travel router. But being as underpowered as they are, even those tasks no longer cut it. Wireless G gets maybe 15-22Mbps around here, whereas my RT-AC68U (acting as my primary router) is more like 230Mbps; using the former w/ the latter just doesn't make sense anymore. So I picked up some inexpensive additional RT-AC68U units for those purposes.

In short, I just don't know how useful the old stuff really is anymore. Most of my other wireless G hardware I finally dumped about 4-5 years ago. I just held on to the RT-N10P and RT-N12 D1 units for experimentation in the lab, but nothing really serious.

 

[dwp]

Ppl worry too much about RAM usage. Most of the time it's because the router is taking advantage of all that additional memory to cache/buffer data, rather than let it go to waste. IOW, it's actually a GOOD thing! If and when the RAM is needed for more pressing matters, it will flush the cached/buffered data. IOW, this is all part of memory management by the router. It's intentional. And so trying to monitor RAM usage is pretty much pointless. And in the rare event of actually NOT having enough RAM for on-going operations, you can always add a swap file via USB.

As far as DD-WRT vs. OpenWRT, the latter is just too tedious for me given how much of it requires the manual manipulation of config files. IMO, DD-WRT has improved dramatically over the past few years, particularly due to @egc, one of the more recent developers (others have joined as well). It's why I continue to support it on the forums and offer my own scripting to solve specific problems. In particular, I've yet to see anything comparable to its WireGuard support in other third party firmware.

As it happens, I have several ASUS RT-N10P and RT-N12 D1 routers from years back, when they were being dumped for $5-10 after rebate. Nice little MIPS-base units for the time, but vastly underpowered by today's standards. I had been using them w/ both DD-WRT and FT (FreshTomato), mostly as wireless client/repeater bridges. Or perhaps as a travel router. But being as underpowered as they are, even those tasks no longer cut it. Wireless G gets maybe 15-22Mbps around here, whereas my RT-AC68U (acting as my primary router) is more like 230Mbps; using the former w/ the latter just doesn't make sense anymore. So I picked up some inexpensive additional RT-AC68U units for those purposes.

In short, I just don't know how useful the old stuff really is anymore. Most of my other wireless G hardware I finally dumped about 4-5 years ago. I just held on to the RT-N10P and RT-N12 D1 units for experimentation in the lab, but nothing really serious.

Thanks. I was concerned about RAM because I just replaced my old Netgear R4600 v2 with the GS-AX3000 because it simply could not manage all the connected devices I have - it would just "loose track" of connection for some unknown reason. I assumed it was CPU or RAM but really had no idea. When I saw the GS-AX3000 using 300+M, with all the devices connected just fine, I assumed that that, given it was using more than the 256M total available in the R6400, this might have been the problem.

Given that my rural DSL can only provide me with 17Mbs, I haven't worried too much about speed as an issue.

Given that I would connect one of these old routers via ethernet to the GS-AX3000 and that it would do no duty really, save ad-blocking and maybe a small amount of DNS redirection for specific domains used by some IoT devices I have, I wonder if these old routers might suffice? I do have the now-replaced R6400 and could use that. But I was thinking to hold it in reserve while still re-purposing something older.

Cheers

 

[Tech9]

I just replaced my old Netgear

Your Netgear had some weird issue, perhaps incompatible client of sorts or firmware quirk. It wasn’t hardware related or available RAM issue.

 

[sfx2000]

Some MediaTek AX based routers have OpenWrt support already, but the choice is very limited.

Out of all of the SoC providers, MediaTek has been the most engaged with the 11ax open source effort, there are regular drops that are being pulled into OpenWRT master.

Those open source driver commits are functional, they may not have all the bells/whistles of the closed source drivers/firmware, but more than enough to support OpenWRT snapshot builds.

 

[dwp]

Your Netgear had some weird issue, perhaps incompatible client of sorts or firmware quirk. It wasn’t hardware related or available RAM issue.

Well that MAY be. Originally, I had a v1 R6400. After months of trying to figure out what was wrong with it, Netgear sent me a v2 and I sent the v1 back. However, both had the same sort of trouble. Good up to maybe 15 devices total and then aaaaccccchhhhhh!

I don't want to jinx anything, but so far, the Asus GS-AX3000 is handling all this without any problems.

 

[Tech9]

Well that MAY be.

This Netgear R6400 was built around BCM4708/BCM4360 hardware, similar to Asus RT-AC68U model - the most popular Asus router. Similar Netgear R7000 was one of the most popular Netgear models in the past. So it’s definitely not a hardware issue. It’s hardware around 2013 though, so changing the router with something more modern wasn’t a bad idea anyway. Enjoy your new router.

 

[dwp]

This Netgear R6400 was built around BCM4708/BCM4360 hardware, similar to Asus RT-AC68U model - the most popular Asus router. Similar Netgear R7000 was one of the most popular Netgear models in the past. So it’s definitely not a hardware issue. It’s hardware around 2013 though, so changing the router with something more modern wasn’t a bad idea anyway. Enjoy your new router.

Well I admit I am quite stumped by all of this. For years the v1 worked fine. I didn't really add any devices I had not used before - just more of them. And it does not seem to be related to any particular hardware type. Indeed, it was more like those which connected earliest stayed put forever (or at least far longer). The idea that it is related to DHCP lease count makes the most sense now, I guess. However, I keep 99% of all my devices (regardless of connection type) on reserved IPs based upon MAC address. Netgear never says anything about a limit on these. But I did note that some Asus models clearly say they have a max of 32 of these. I made sure my new GS-AX3000 at least said the max was 64. I can only guess and, now that I have managed the transition, my need to know has diminished a bit Cheers!

 

[dwp]

Do you even know if this old router (what is it?) supports third-party firmware? Not all do.

In fact, except for AsusWRT-Merlin, NONE of them support AX routers, only AC and older. And even then that list can be further limited (e.g., FreshTomato is strictly Broadcom). Most rely on DNSMasq for support of DHCP and a local DNS proxy (which is probably what your GS -AX3000 is currently using as well). But sometimes they do offer extensions in the GUI, such as ad-blocking (e.g., FreshTomato). In other cases, you'll need to use the CLI to run your own scripts to add similar features (e.g., DD-WRT). In fact, I support such a script on PasteBin.

ddwrt-blacklist-domains.sh - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

Of course, you might be better served by a real RPi rather than an old router in some cases.

I now have a Rosewill RNX-N300RT (rebranded TP-Link WR841N(D) 7.x) with DD-WRT v3.0-r44715 std and I have tried to shut down stuff I won't be needing in order to try using your script. But first I need to enable jffs and I see nothing to do that in the UI. Is it just not possible? Thanks!

 

[eibgrad]

I now have a Rosewill RNX-N300RT (rebranded TP-Link WR841N(D) 7.x) with DD-WRT v3.0-r44715 std and I have tried to shut down stuff I won't be needing in order to try using your script. But first I need to enable jffs and I see nothing to do that in the UI. Is it just not possible? Thanks!

One of the problems w/ these older routers (this one dates back to 2010) is the lack of resources, specifically flash for installing the firmware.

TP-LINK TL-WR841ND v7.x

For a list of all currently documented Atheros (QCA) chipsets with specifications, see Atheros. 300Mbps Wireless N Router Support page "2050500124" and "Rev...

wikidevi.wi-cat.ru

That router only has 4MB, and the firmware consumes almost all of it. JFFS is typically provided by what's left over. But that requires a minimum number of available blocks, usually two (2). And if the firmware knows there aren't enough, it won't offer JFFS as an option!

What you can sometimes do is find an older (perhaps much older) version of the firmware, which consumes less flash (the demand for flash tends to grow over time). And given this router is NOT being exposed to the internet directly, probably not a big deal. But when I started browsing the old stuff, I didn't see much difference. Flash usage was surprisingly consistent.

Another option would be to copy the script to the startup script, which would store it in nvram. It will be restored on reboot as /tmp/.rc_startup. You can then add that to the scheduler.

Given nvram space is limited, it would probably be a good idea to remove comments, blank lines, etc., before saving to the custom script.

To make things a little easier, you can use the following script to load the startup script automatically. It will compress the script by removing all blank lines, most comments, and even leading spaces, to make it as small as possible.

curl -kLs bit.ly/ddwrt-installer|tr -d '\r'|sh -s -- --dir /tmp --comp --noprompt aySi7RhY &>/dev/null
mv /tmp/ddwrt-blacklist-domains.sh /tmp/.rc_startup
nvram set rc_startup="$(cat /tmp/.rc_startup)"
nvram commit
:

Because of the compression, the script is a bit harder to read. You can change the --comp option to --nocom and it will do the same, except NOT remove leading spaces. But if you're really pressed for space, --comp is the best option.

I suppose you could also remove any unused URLs (i.e., those commented out, which the compression will NOT remove by itself) to save even more space.

 

[dwp]

One of the problems w/ these older routers (this one dates back to 2010) is the lack of resources, specifically flash for installing the firmware.

TP-LINK TL-WR841ND v7.x

For a list of all currently documented Atheros (QCA) chipsets with specifications, see Atheros. 300Mbps Wireless N Router Support page "2050500124" and "Rev...

wikidevi.wi-cat.ru

That router only has 4MB, and the firmware consumes almost all of it. JFFS is typically provided by what's left over. But that requires a minimum number of available blocks, usually two (2). And if the firmware knows there aren't even blocks, it won't offer JFFS as an option!

What you can sometimes do is find an older (perhaps much older) version of the firmware, which consumes less flash (the demand for flash tends to grow over time). And given this router is NOT being exposed to the internet directly, probably not a big deal. But when I started browsing the old stuff, I didn't see much difference. Flash usage was surprisingly consistent.

Another option would be to copy the script to the startup script, which would store it in nvram. It will be restored on reboot as /tmp/.rc_startup. You can then add that to the scheduler.

Given nvram space is limited, it would probably be a good idea to remove comments, blank lines, etc., before saving to the custom script.

To make things a little easier, you can use the following script to load the startup script automatically. It will compress the script by removing all blank lines, most comments, and even leading spaces, to make it as small as possible.

curl -kLs bit.ly/ddwrt-installer|tr -d '\r'|sh -s -- --dir /tmp --comp --noprompt aySi7RhY &>/dev/null
mv /tmp/ddwrt-blacklist-domains.sh /tmp/.rc_startup
nvram set rc_startup="$(cat /tmp/.rc_startup)"
nvram commit
:

Because of the compression, the script is a bit harder to read. You can change the --comp option to --nocom and it will do the same, except NOT remove leading spaces. But if you're really pressed for space, --comp is the best option.

I suppose you could also remove any unused URLs (i.e., those commented out, which the compression will NOT remove by itself) to save even more space.

Thanks so much for the time and effort here. I am not sure I am going to get very far. curl isn't on the dd-wrt router. But busybox wget is installed. sh reports it as v 1.32.0 (2020-11-03). Yet "wget bit.ly/ddwrt-installer" yields only: "Connecting to bit.ly (67.199.248.11:80)". From my linux command line it works and I get the installer file downloaded. Not so on the router. No errors either. I checked and I can create files in the current dir. And simply invoking busybox w/out anything else just yields "busybox: applet not found". So maybe this stuff is just crippled? Cheers

 

[eibgrad]

You can substitute wget for curl.

wget -qO - bit.ly/ddwrt-installer|tr -d '\r'|sh -s -- --dir /tmp --comp --noprompt aySi7RhY &>/dev/null
mv /tmp/ddwrt-blacklist-domains.sh /tmp/.rc_startup
nvram set rc_startup="$(cat /tmp/.rc_startup)"
nvram commit
:

I only suggested this method as a convenience. It made it possible to use the compression option as well. But worst case, just copy/paste from the raw portion of the PasteBin script directly into the startup script. If it doesn't fit, start deleting blank lines and comments.

P.S. Just don't delete the first two (2) lines of the script!

 

[dwp]

You can substitute wget for curl.

wget -qO - bit.ly/ddwrt-installer|tr -d '\r'|sh -s -- --dir /tmp --comp --noprompt aySi7RhY &>/dev/null
mv /tmp/ddwrt-blacklist-domains.sh /tmp/.rc_startup
nvram set rc_startup="$(cat /tmp/.rc_startup)"
nvram commit
:

I only suggested this method as a convenience. It made it possible to use the compression option as well. But worst case, just copy/paste from the raw portion of the PasteBin script directly into the startup script. If it doesn't fit, start deleting blank lines and comments.

P.S. Just don't delete the first two (2) lines of the script!

Thanks. I worry this will not work. After issuing nvram set rc_startup="$(cat /tmp/.rc_startup)", I did a "nvram show | grep rc" and this is what I see for rc_startup:

rc_startup=#!/bin/sh
# note: exercise caution when using commented urls; these sites often
raw.githubusercontent.com/evankrob/hosts-filenetrehost/master/ad_servers.txt
raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
#raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
#raw.githubusercontent.com/oneoffdallas/dohservers/master/list.txt
# force dnsmasq to recognize updated blacklist
rc_usb=

Obviously, I haven't yet tried to remove or compress. But it would appear that the maximum size of the nvram variable will not come close to containing the entire script no matter what I do. It seems to quit after about 420 bytes. Rats!

 

[sfx2000]

So I am wondering about re-purposing one of my many old routers as a cheap, pihole-like device and using it to: (a) block ads and (b) redirect resolution of some web-based services to services I have running locally (mostly for control of various IoT devices).

fun to explore options, but use a Raspberry Pi is going to be a lot easier to accomplish things vs. trying to reuse an old router - keep in mind many of these old router/ap's are limited in RAM/Flash, and only some vendors are keeping these even close to current with security fixes...

 

[Tech9]

RPi4 with second NIC case gets too expensive and this second NIC is actually USB-to-Ethernet.

 

[dwp]

RPi4 with second NIC case gets too expensive and this second NIC is actually USB-to-Ethernet.

Thanks. I am indeed getting close to giving up on this (at least on this old device). I was thinking that I might be able to store the ddwrt-blacklist-domains.sh on my gateway router where I have USB storage and can access from the re-purposed device using ftp to copy the file to /tmp and then executing that file in rc_startup. But I doubt it would work right anyhow. When I try to execute ddwrt-blacklist-domains.sh with debug enabled it does not appear to do the whole thing. So there must be commands in the script that are not available on this dd-wrt. Cheers

 

[eibgrad]

Thanks. I worry this will not work. After issuing nvram set rc_startup="$(cat /tmp/.rc_startup)", I did a "nvram show | grep rc" and this is what I see for rc_startup:

rc_startup=#!/bin/sh
# note: exercise caution when using commented urls; these sites often
raw.githubusercontent.com/evankrob/hosts-filenetrehost/master/ad_servers.txt
raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
#raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
#raw.githubusercontent.com/oneoffdallas/dohservers/master/list.txt
# force dnsmasq to recognize updated blacklist
rc_usb=

Obviously, I haven't yet tried to remove or compress. But it would appear that the maximum size of the nvram variable will not come close to containing the entire script no matter what I do. It seems to quit after about 420 bytes. Rats!

Yep, I was afraid of that. That's the problem w/ the old stuff sometimes. Just too limited in resources.

The only other possibility would be to download it on-demand and run it from memory, or better yet, download to some local store and use SSH or CIFS to copy it from there into memory at startup. But it wouldn't be persistent across a reboot. Essentially your persistence would be external to the router itself. It might work because you have a lot more memory on that router (32MB) than flash (4MB).

I sometimes do that when I want access to Entware on a router that doesn't have JFFS or even USB. I might want to access say tcpdump for diagnostic purposes, and so I'll map the /opt directory to /tmp/opt and install Entware into memory. Again, it's NOT persistent across a reboot, but in that case, I don't really care. I'm just trying to gain access to the utility for limited purposes.