What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Is there a way to have stats at the top updated for each page refresh instead of having to press ac each time?
 
And can the log tail be filtered for just blocks or can I just run tail itself with an appropriate flag...

Wouldn't systems just cache DNS so let a lot through and should all DNS caches be flushed or what

Sent from my SM-G965F using Tapatalk
 
And can the log tail be filtered for just blocks or can I just run tail itself with an appropriate flag...
Yeah I just installed it (finally, I know) and while it is cool to follow the dnsmasq.log file in realtime, I would also like the option to only see the red lines show up. Is that possible?
 
I'm thinking running Tail itself on the log file with a filter or filters, grep or something..

Sent from my SM-G965F using Tapatalk
 
tail -f logfile | grep <string> works where <string> = block but not blocked, for some reason. I would also like to see the line before it for the source.

e.g

cat /opt/var/log/dnsmasq.log | grep block

works but not if I use 'blocked'.. Same with Tail

Sep 29 17:14:50 dnsmasq[5016]: /opt/share/diversion/list/blockinglist ssl.google-analytics.com is 192.168.2.2
Sep 29 17:14:53 dnsmasq[5016]: /opt/share/diversion/list/blockinglist ssl.google-analytics.com is 192.168.2.2
Sep 29 17:14:54 dnsmasq[5016]: /opt/share/diversion/list/blockinglist www.google-analytics.com is 192.168.2.2
Sep 29 17:15:18 dnsmasq[5016]: /opt/share/diversion/list/blockinglist settings.crashlytics.com is 192.168.2.2
 
Last edited:
tail -f logfile | grep <string> works where <string> = block but not blocked, for some reason. I would also like to see the line before it for the source.

e.g

cat /opt/var/log/dnsmasq.log | grep blockcat /opt/var/log/dnsmasq.log | grep block

works but not if I use 'blocked'..

Sep 29 17:14:50 dnsmasq[5016]: /opt/share/diversion/list/blockinglist ssl.google-analytics.com is 192.168.2.2
Sep 29 17:14:53 dnsmasq[5016]: /opt/share/diversion/list/blockinglist ssl.google-analytics.com is 192.168.2.2
Sep 29 17:14:54 dnsmasq[5016]: /opt/share/diversion/list/blockinglist www.google-analytics.com is 192.168.2.2
Sep 29 17:15:18 dnsmasq[5016]: /opt/share/diversion/list/blockinglist settings.crashlytics.com is 192.168.2.2
if you turn on the log-queries=extra dnsmasq setting using the ds function in diversion , the query and subsequent responses are all tied together with a number...... a bit of scripting might be able to make use of that ( the 8196 ties the two entries in the example below)
Code:
Sep 29 05:30:10 dnsmasq[1164]: 8196 10.10.10.150/36629 query[A] ssl.google-analytics.com from 10.10.10.150
Sep 29 05:30:10 dnsmasq[1164]: 8196 10.10.10.150/36629 /opt/share/diversion/list/blockinglist ssl.google-analytics.com is 10.10.10.3
 
Last edited:
I wonder why I get doubleclick.net ads. The domain is blacklisted? Any idea?
 
if you turn on the log-queries=extra dnsmasq setting using the ds function in diversion , the query and subsequent responses are all tied together with a number...... a bit of scripting might be able to make use of that

Good points . Scripting probably could, and also be able to help identify individual device's.
 
Is there a way to change the port used by pixelserv-tls? I use the aicloud app and it limits its functionality. There's no option in the app to change its port to the 9443 .. So I want to change the pixelserv-tls to that instead

Thanks
 
Good points . Scripting probably could, and also be able to help identify individual device's.

Allow me to spoil the party a bit.

There is excellent data: client ip & port that makes ad request, blocked domain name as well as the complete URL and much more from pixelserv-tls logging.

If you’re going to come up with a simple script, I would say it’s better to tap in pixelserv-tls log instead. Could start as a simple standalone script. Later if u want, modify a bit as diversion “plugin”

I would think that’s a much interesting project. good news is that the coming pixelserv-tls 2.2 release will have negligible impact on speed in serving empty ads with excessive lighting turned on!
 
Is there a way to change the port used by pixelserv-tls? I use the aicloud app and it limits its functionality. There's no option in the app to change its port to the 9443 .. So I want to change the pixelserv-tls to that instead

Thanks

once you move pixelserv-tls away from port 443, you cripple a large portion of its functionality. almost all clients and websites are programmed to talk to their real servers on port 443. That’s where pixelserv-tls should listen.

I don’t know how other aicloud users solve this problem. Perhaps someone have convoluted iptables rules to workaround it. You never know!
 
you can change the Aicloud web access port in the settings tab of the UI
 
Is there a way to change the port used by pixelserv-tls? I use the aicloud app and it limits its functionality. There's no option in the app to change its port to the 9443 .. So I want to change the pixelserv-tls to that instead

Thanks
Move AiCloud to 444, I did it that way to let pixelserv-tls work better with websites

Sent from S.G. S9+ Duos
 
you can change the Aicloud web access port in the settings tab of the UI

That's very good news. Thanks for chime in.

I never used AiCloud and haven't logged in WebGUI for a very long time. And I'm stuck on 380.66 FW.

And I don't want to appear like no empathy as apparently I saw @chewy74's question. So in future people pls be understandable that I'm not in a best position to answer..not that I don't answer questions..

:rolleyes:
 
I'm setting up e-mail notifications in diversion and found that now asks on one setting "ssl flag" what should I put there for yahoo?

Sent from S.G. S9+ Duos
 
hi,
I have a hard disk with ntfs file system connected to the usb, can I install diversion on a small ext2 partition?

thank you so much!
 
Does using a custom DNS such as Google or Comodo break Diversion? I tried using Google and then Comodo DNS and then Diversion seemed to stop working with lots of 'bogus' and 'insecure response received' messages throughout the log, and Pi ad-block tester said no ad blocking was in place.

Restored back to ISP DNS and rebooted the router and seems ok now.

Has anyone set up Google or Comodo or other secure DNS on this?

I would like dual layer protection - Diversion, and then something like Comodo to protect from malicious sites.

Or would I just be better off running Skynet and blocking at the router level if freely available blocking lists are available? I just like the reporting dashboard on Comodo, although it is of course a privacy concern with the service being 'free' (and we all know what 'free' means online).
 
Seems working now, I also now have Skynet running which when going back in to Diversion prompted me to update the lists or something (done).
So now if I can enable a secure DNS server (recommendations welcome) I presume I will be about as secure as one can be on this router.

When I enable DNSSEC support though pages stop working (stalls, no loading) and the log fills with 'insecure response received' and 'bogus' error. Works ok again when disabling DNSSEC.

Tried again with Cloudflare 1.1.1.1 DNS (DNSSEC / rebind protection) and again Diversion broke - ad-block testers showing 'no ad protection'.

Am I doing something wrong around setting up a custom DNS Server? When I restore to my ISP DNS it works ok (no DNSSEC / rebind protection).
 
Last edited:

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top