What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

What router model are you running this on? Try rebooting maybe?
on a new Ac86u of a friend, I tried rebooting, do I have to run the ps command in amtm?

or in other words, are there any additional requirements (besides amtm and diversion requirements) to run pixel service?
 
Hello
I have again considered what i want to protect and found that devices such as iPad, iPhone, iMac to run on VPN and thus makes diversion or Pihole actually no more sense.
My VPN provider (PerfectPrivacy) also has a very good ad blocker.
 
I saw this in syslog:

Aug 18 15:04:09 dnsmasq[1147]: bad name at /opt/share/diversion/list/blacklist line 369

So I navigated to the file and saw multiple identical entries like:

192.168.1.2 redir.metaservices.microsoft.com
192.168.1.2 redir.metaservices.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
192.168.1.2 reports.wes.df.telemetry.microsoft.com
192.168.1.2 reports.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
192.168.1.2 reports.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!

Can diversion sort these multiple identical entries somehow out?
 
Last edited:
I saw this in syslog:

Aug 18 15:04:09 dnsmasq[1147]: bad name at /opt/share/diversion/list/blacklist line 369

So I navigated to the file and saw multiple identical entries like:

192.168.1.2 redir.metaservices.microsoft.com
192.168.1.2 redir.metaservices.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
192.168.1.2 reports.wes.df.telemetry.microsoft.com
192.168.1.2 reports.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
192.168.1.2 reports.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!

Can diversion sort these multiple identical entries somehow out?
Duplicates are not removed in a blacklist. If you use a hosted blacklist, it is your responsibility to make sure it is in the correct format and no duplicates and non-ASCII characters are used.
 

Attachments

  • 20190818_185843.jpg
    20190818_185843.jpg
    70.9 KB · Views: 248
see attached image.

I also tried reinstalling, but had the same issue, next time I visit my friend will do a factory reset.
That is unrelated to ad-blocking. That was a new feature in amtm 2.6 that allows you to use your root certificate as the SSL cert to access your router's web UI. It is a different feature altogether. Is that what you're trying to do?
 
see attached image.

I also tried reinstalling, but had the same issue, next time I visit my friend will do a factory reset.
For the ps option in amtm: This is the interface of amtm. What do you expect will happen? A Swiss chocolate materializes in your hands, the Matterhorn relocates to The Netherlands and the Schweizergarde (Swiss guards) invade Italy?
 
For the ps option in amtm: This is the interface of amtm. What do you expect will happen? A Swiss chocolate materializes in your hands, the Matterhorn relocates to The Netherlands and the Schweizergarde (Swiss guards) invade Italy?
I'll go with the first one :rolleyes: a Lindt chocolate bunny.

sorry for the dumb question, next time I'll do proper research :D
 
My router is consifgured with DNSsec using cloudflare DNS and DNS global filter set to router. I just installed this script standard blocking list with pixlserv. Was working OK for about 2 days then DNS queries stopped resolving for all domains. I was still able to ping internet IPs. Once I stopped\started diversion. Everything started working again. I assume dnsmaq service crashed. How can I troubleshoot ? I don't see anything obvious in GUI systemlog
 
Last edited:
You got the best of both worlds.
As a follow-up to this question... I'm assuming there is no both force LAN clients through DNSMASQ to get the ad-blocking advantage, then send them somewhere upstream different than what you have configured on your WAN page.

In other words, my LAN fields are empty and my WAN is configured for DoT services. Everything works great. But I want to send a few clients upstream to their own external DNS (hence my use of DNSFilter). Today, I send a few clients upstream to a Pi-hole with OpenDNS and other clients to yet another Pi-hole with Cleanbrowsing Family. This is the only way I seem to be able to get both adblocking and special upstream DNS per MAC. Is there anything else I can do? Or because I have three different external DNS needs, is this the best I can do?

Even if the alternate blocking list had an option to send upstream somewhere else, that would be fantastic (and I could eliminate one Pi-hole at least).

I realize I can just send all the MACs upstream to their own DNS in DNSFilter, but I lose that distinct advantage of ad-blocking.
 
Last edited:
As a follow-up to this question... I'm assuming there is no both force LAN clients through DNSMASQ to get the ad-blocking advantage, then send them somewhere upstream different than what you have configured on your WAN page.

In other words, my LAN fields are empty and my WAN is configured for DoT services. Everything works great. But I want to send a few clients upstream to their own external DNS (hence my use of DNSFilter). Today, I send a few clients upstream to a Pi-hole with OpenDNS and other clients to yet another Pi-hole with Cleanbrowsing Family. This is the only way I seem to be able to get both adblocking and special upstream DNS per MAC. Is there anything else I can do? Or because I have three different external DNS needs, is this the best I can do?

Even if the alternate blocking list had an option to send upstream somewhere else, that would be fantastic (and I could eliminate one Pi-hole at least).

I realize I can just send all the MACs upstream to their own DNS in DNSFilter, but I lose that distinct advantage of ad-blocking.
I'll look into it.
 
It's fairly simple to spin up multiple dnsmasq instances with ip aliases (last time i dabbled, anyway)

Alternate-bf gave me most of the clues

Would be awesome... example:

DNS Filter > Global > Router (forces everyone to go through 192.168.1.1 even if DNS is hard-coded)

Exceptions (and the part that is missing is the Ad-blocking part):
DNSFilter > ClientA > Ad-blocking > UpstreamA
DNSFilter > ClientB > Ad-blocking > UpstreamB
DNSFilter > ClientC > Ad-blocking > UpstreamB
DNSFilter > ClientD > Ad-blocking > UpstreamB
 
Would be awesome... example:

DNS Filter > Global > Router (forces everyone to go through 192.168.1.1 even if DNS is hard-coded)

Exceptions (and the part that is missing is the Ad-blocking part):
DNSFilter > ClientA > Ad-blocking > UpstreamA
DNSFilter > ClientB > Ad-blocking > UpstreamB
DNSFilter > ClientC > Ad-blocking > UpstreamB
DNSFilter > ClientD > Ad-blocking > UpstreamB
I'll dig out my code that customises the dnsmasq instance that is spun up by Diversion. I imagine it's just a case of specifying a different upstream nameserver
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top