What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

No. The hosts file must be in the format:
Code:
0.0.0.0 domain.com
as mentioned above.

The url for the custom hosts list entry should be (folowing your example):
Code:
https://pastebin.com/raw/ZfThWJTM
Notice that the link points to the raw contents of your pastebin.

That will work perfect and it's exactly what I need. I'm unclear how this is different than what Diversion Pro would offer.
 
That will work perfect and it's exactly what I need. I'm unclear how this is different than what Diversion Pro would offer.

Once Diversion Pro is released, and we have any information about it, this would presumably become clear.
 
Hi there,

I'm seeing these lines in my filtered log:

blocked by wildcard-blacklist c4a61d1d-3bff-a2b0-1cd5-1b07773c88ca.local
blocked by wildcard-blacklist creeper24.local


and more. basically every machine from my local network gets blocked and I get 0.0.0.0 IP as the response from my router, but nslookup to for example creeper24.local works

update:
when I read the Unfiltered log, I'm seeing this (not related exactly to the excerpt above):
Oct 13 20:51:31 dnsmasq[1048]: query[AAAA] SEkodril.local from 10.0.0.4
Oct 13 20:51:31 dnsmasq[1048]: blocked by wildcard-blacklist SEkodril.local is NODATA-IPv6
Oct 13 20:47:30 dnsmasq[1048]: query[AAAA] SEkodril.local from 10.0.0.4
Oct 13 20:47:30 dnsmasq[1048]: blocked by wildcard-blacklist SEkodril.local is NODATA-IPv6


is this just some log entry saying that IPV6 is disabled? Can I ignore these?
thanks

latest clean install, everything up to date (13th of October 2018), wc_blacklist and blacklist files are empty.
 
Hi there,

I'm seeing these lines in my filtered log:

blocked by wildcard-blacklist c4a61d1d-3bff-a2b0-1cd5-1b07773c88ca.local
blocked by wildcard-blacklist creeper24.local


and more. basically every machine from my local network gets blocked and I get 0.0.0.0 IP as the response from my router, but nslookup to for example creeper24.local works

update:
when I read the Unfiltered log, I'm seeing this (not related exactly to the excerpt above):
Oct 13 20:51:31 dnsmasq[1048]: query[AAAA] SEkodril.local from 10.0.0.4
Oct 13 20:51:31 dnsmasq[1048]: blocked by wildcard-blacklist SEkodril.local is NODATA-IPv6
Oct 13 20:47:30 dnsmasq[1048]: query[AAAA] SEkodril.local from 10.0.0.4
Oct 13 20:47:30 dnsmasq[1048]: blocked by wildcard-blacklist SEkodril.local is NODATA-IPv6


is this just some log entry saying that IPV6 is disabled? Can I ignore these?
thanks

latest clean install, everything up to date (13th of October 2018), wc_blacklist and blacklist files are empty.
Nothing to worry about, the "unfiltered" log text is modified for simpler reading in Diversion.
Your local machines are not blocked.

To eliminate that glitch I need you to post the content of the /etc/dnsmasq.conf file. Use sf in Diversion to show the file.
Also, how and where did you add the local names in the router WebUI?
Thanks.
 
Nothing to worry about, the "unfiltered" log text is modified for simpler reading in Diversion.
Your local machines are not blocked.

To eliminate that glitch I need you to post the content of the /etc/dnsmasq.conf file. Use sf in Diveraion to show the file.
Also, how and where did you add the local names in the router WebUI?
Thanks.

thanks for the reply,

dnsmasq.conf content (removed mac addresses to shorten the list):

cannot paste it, cloudflare thinks I'm doing some kind of DDOS attack .. will try to post it here per partes

The local names were added in LAN > DHCP Server > Manually Assigned IP around the DHCP list
some of the names were also changed in the Network Map client list (View List button).

IPv6 support is disabled
 
dnsmasq.conf content (removed mac addresses to shorten the list and replaced slash / with <>, hope it's readable. with / I could not send a reply):

START FILE, --- lines are not part of file

---------------------------------------------------

pid-file=<>var<>run<>dnsmasq.pid

user=nobody

bind-dynamic

interface=br0

interface=pptp*

no-dhcp-interface=pptp*

no-resolv

servers-file=<>tmp<>resolv.dnsmasq

no-poll

no-negcache

cache-size=1500

min-port=4096

domain=local

expand-hosts

bogus-priv

domain-needed

local=<>local<>

dhcp-range=lan,10.0.0.100,10.0.0.200,255.255.255.0,86400s

dhcp-option=lan,3,10.0.0.1

dhcp-option=lan,15,local

dhcp-option=lan,44,10.0.0.1

dhcp-option=lan,252,"<>n"

dhcp-authoritative

interface=tun21

interface=tun22

addn-hosts=<>etc<>hosts.dnsmasq

dhcp-host=AB:CD:EF:01:12:23,10.0.0.2

... more dhcp-host entries deleted...

dhcp-name-match=set:wpad-ignore,wpad

dhcp-ignore-names=tag:wpad-ignore

# start of Diversion directives #

address=<>0.0.0.0<>0.0.0.0

ptr-record=0.0.0.0.in-addr.arpa,0.0.0.0

addn-hosts=<>opt<>share<>diversion<>list<>blacklist

addn-hosts=<>opt<>share<>diversion<>list<>blockinglist

log-async

log-queries

log-facility=<>opt<>var<>log<>dnsmasq.log

# end of Diversion directives #

---------------------------------------------------

END FILE
 
thanks for the reply,

dnsmasq.conf content (removed mac addresses to shorten the list):

cannot paste it, cloudflare thinks I'm doing some kind of DDOS attack .. will try to post it here per partes

The local names were added in LAN > DHCP Server > Manually Assigned IP around the DHCP list
some of the names were also changed in the Network Map client list (View List button).

IPv6 support is disabled
OK, that's enough infos for me. Will get to it asap.
 
maybe this helps, I'm getting these too:

note the NODATA-IPv6 and NXDOMAIN replies. looks like my Mac tries both IPv6 and IPv4. Not sure what c4a61d1d-3bff-a2b0-1cd5-1b07773c88ca.local is tho


Oct 13 21:41:26 dnsmasq[16450]: query[AAAA] SEkodril.local from 10.0.0.4
Oct 13 21:41:26 dnsmasq[16450]: blocked by wildcard-blacklist SEkodril.local is NODATA-IPv6


Oct 13 21:41:26 dnsmasq[16450]: query[A] SEkodril.local from 10.0.0.4
Oct 13 21:41:26 dnsmasq[16450]: <>etc<>hosts.dnsmasq SEkodril.local is 10.0.0.51

Oct 13 21:41:28 dnsmasq[16450]: query[A] c4a61d1d-3bff-a2b0-1cd5-1b07773c88ca.local from 10.0.0.4
Oct 13 21:41:28 dnsmasq[16450]: blocked by wildcard-blacklist c4a61d1d-3bff-a2b0-1cd5-1b07773c88ca.local is NXDOMAIN

Oct 13 21:41:28 dnsmasq[16450]: query[AAAA] c4a61d1d-3bff-a2b0-1cd5-1b07773c88ca.local from 10.0.0.4
Oct 13 21:41:28 dnsmasq[16450]: blocked by wildcard-blacklist c4a61d1d-3bff-a2b0-1cd5-1b07773c88ca.local is NXDOMAIN
 
Just had time to upgrade Merlin to 384.7.
Reinstalled Diversion and now I get the following: Things are obviously not right. What do I need to do to fix it?

Code:
Oct 13 12:56:08 pixelserv-tls[22735]: pixelserv-tls 2.1.2 (compiled: Sep  8 2018 20:33:38) options: <none>
Oct 13 12:56:08 pixelserv-tls[22735]: Listening on :*:443
Oct 13 12:56:08 pixelserv-tls[22735]: Abort: Address already in use - :*:80

diversion001.jpg
 
this post is more an observation not a complaint - because i'm new to host list keeping;

i have to change diversion from the default "standard" to the "small" blocking file.

the problem i had is with websights that seem to pass control to some
marketing entity that then passes you to your intended destination.
(basically you don't have the destination link handy, the passer does).

examples were: while logging into yahoo or aol, between the login screen and the home page,
i would get trapped in some full screen ad referrer and could not go any further.

some live stream websights kept reporting "certificate" issues

sale discussion and referral forums like slickdeals dot net where you click on a sales link and
may get passed between one or two pages of referral trackers before getting to the retail sight,
in this case again you'd get hung on a full page referral screen without any way to resolve it
because the original referral link you clicked on is so convoluted with weird syntax.

so i guess my question is; without doing a lot of white listing, are there custom set of lists
between small : standard : medium that i should be considering? or just leave it at small
and figure something is better than nothing...
 
Last edited:
If you have AiCloud enabled, that has an IP of 192.168.*.2. So the IPs are conflicting. Either disable AiCloud or change pixelserv-tls IP.
Just had time to upgrade Merlin to 384.7.
Reinstalled Diversion and now I get the following: Things are obviously not right. What do I need to do to fix it?

Code:
Oct 13 12:56:08 pixelserv-tls[22735]: pixelserv-tls 2.1.2 (compiled: Sep  8 2018 20:33:38) options: <none>
Oct 13 12:56:08 pixelserv-tls[22735]: Listening on :*:443
Oct 13 12:56:08 pixelserv-tls[22735]: Abort: Address already in use - :*:80

View attachment 14749

Sent from my Moto G (5) Plus using Tapatalk
 
Hi,

Maybe it was asked several times, but since I haven't found it yet I hope you can help me.

After I installed Diversion and pixelserv on my Asus RT-AC68U, all of my external VPN clients are no longer able to reach my VPN server (OpenVPN) running on the same Asus router... what is bad.

Since I need VPN running on my Asus router: How to solve that?
My VPN server is using port 1194.
 
Hi,

Maybe it was asked several times, but since I haven't found it yet I hope you can help me.

After I installed Diversion and pixelserv on my Asus RT-AC68U, all of my external VPN clients are no longer able to reach my VPN server (OpenVPN) running on the same Asus router... what is bad.

Since I need VPN running on my Asus router: How to solve that?
My VPN server is using port 1194.
I also use port 1194 with Diversion and never had an issue on four routers. Try turning off pixelserv and see what happens. Log in the system log for clues.

Compare settings with this post as well.

https://x3mtek.com/openvpn-server-setup-instructions-for-asuswrt-merlin/
 
Just had time to upgrade Merlin to 384.7.
Reinstalled Diversion and now I get the following: Things are obviously not right. What do I need to do to fix it?

Code:
Oct 13 12:56:08 pixelserv-tls[22735]: pixelserv-tls 2.1.2 (compiled: Sep  8 2018 20:33:38) options: <none>
Oct 13 12:56:08 pixelserv-tls[22735]: Listening on :*:443
Oct 13 12:56:08 pixelserv-tls[22735]: Abort: Address already in use - :*:80

View attachment 14749
The pixelserv-tls IP is not set, do it in ep, 5. Change pixelserv-tls.
Then to correctly register the ad-blocking IP, disable pixelserv-tls in ep (your ad-blocking IP is now 0.0.0.0) then enable pixelserv-tls in ep.
The ad-blocking and pixelserv-tls IP are now the same and all should be working.
 
@SMS786 I'm not really up to speed with what your problem is, but your output shows a device at /dev/sda that is only 1GB in size. Is that correct, it sounds rather small?

Assuming the above size is correct... the device has a single partition (/dev/sda1) which has a partition type of FAT16. That sounds wrong because I assume @thelonelycoder's software formats it as ext2? That might explain why when you did a disk check on amtm it failed, because it was doing a FAT check on something that's formatted as ext2.

You could try changing the partition type from FAT16 to Linux (ext2/3/4) and seeing if you can then repair it.

Code:
# fdisk /dev/sda

The number of cylinders for this disk is set to 1948.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 83

Command (m for help): p

Disk /dev/sda: 16.0 GB, 16025387008 bytes
255 heads, 63 sectors/track, 1948 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks  Id System
/dev/sda1               1        1948    15647278+ 83 Linux

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table
fdisk: WARNING: rereading partition table failed, kernel still uses old table: Device or resource busy

# reboot

Thank you @thelonelycoder and @ColinTaylor for your help. I'll reformat my USB stick and see if that helps. Yes, it happens to be a small 1GB stick I found laying around the house, perhaps it's time to replace it.

Edit: typo
 
Last edited:
No, still does not work.

According to the client, the certificate is not correctly signed by the trusted CA. ???

Do I need to export to another OVPN file after installing pixelserv?
No, you don't need to.
What DDNS Server are you using in WAN / DDNS?
 
Thank you @thelonelycoder and @ColinTaylor for your help. I'll reformat my USB stick and see if that helps. Yes, it happens to be a small 1GB stick I found lying around the house, perhaps it's time to replace it.
1 GB is plenty for Diversion. It is best to use a Linux machine to format the drive if possible.
 
Hi there,

I'm seeing these lines in my filtered log:

blocked by wildcard-blacklist c4a61d1d-3bff-a2b0-1cd5-1b07773c88ca.local
blocked by wildcard-blacklist creeper24.local


and more. basically every machine from my local network gets blocked and I get 0.0.0.0 IP as the response from my router, but nslookup to for example creeper24.local works

update:
when I read the Unfiltered log, I'm seeing this (not related exactly to the excerpt above):
Oct 13 20:51:31 dnsmasq[1048]: query[AAAA] SEkodril.local from 10.0.0.4
Oct 13 20:51:31 dnsmasq[1048]: blocked by wildcard-blacklist SEkodril.local is NODATA-IPv6
Oct 13 20:47:30 dnsmasq[1048]: query[AAAA] SEkodril.local from 10.0.0.4
Oct 13 20:47:30 dnsmasq[1048]: blocked by wildcard-blacklist SEkodril.local is NODATA-IPv6


is this just some log entry saying that IPV6 is disabled? Can I ignore these?
thanks

latest clean install, everything up to date (13th of October 2018), wc_blacklist and blacklist files are empty.
To correct this glitch, I have uploaded a Diversion hot-fix. Use 1233 in the Diversion UI to download all files, then test again if your local clienst show as blocked.
They should not.
 
The pixelserv-tls IP is not set, do it in ep, 5. Change pixelserv-tls.
Then to correctly register the ad-blocking IP, disable pixelserv-tls in ep (your ad-blocking IP is now 0.0.0.0) then enable pixelserv-tls in ep.
The ad-blocking and pixelserv-tls IP are now the same and all should be working.
ThanX @thelonelycoder that fixed it.
Wonder why it did not take the IP when going through setup?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top