What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

So you have one device that is bypassing the DNS based filtering setup by Diversion, nothing more.

It appears to be that way, yes. Would you know how I could fix this? I'm going to reboot the router and restart the iMac and see if that makes a difference first.
 
I agree with @HairyA00. You might also think about anything else that you may have recently changed: VPN software running on the client machine, or perhaps new browser based settings that attempt to manipulate the DNS (for better or worse, and of dubious help for those of us who have also manually modified DNS resolution through Diversion).
 
192.168.50.1 > LAN > DNSFilter > Enable DNS-based Filtering (ON)
Global Filter Mode (Router)

Remove all the clients from the Client List unless you have a reason for them to be there.

Okay, I've narrowed the issue down. I use Firefox, Brave and Safari. I turned off all ad/script blockers in Brave and Firefox, no Ads are showing in these two browsers (no ads are showing on any other device too). However, in Safari the Ads ads are showing, so only Safari is affected.

I have macOS 10.15 Catalina Beta installed.

I have cleared all cookies, and data, history from Safari and that has made no difference.
 
Okay, I've narrowed the issue down. I use Firefox, Brave and Safari. I turned off all ad/script blockers in Brave and Firefox, no Ads are showing in these two browsers (no ads are showing on any other device too). However, in Safari the Ads ads are showing, so only Safari is affected.

I have macOS 10.15 Catalina Beta installed.

I have cleared all cookies, and data, history from Safari and that has made no difference.
Did you set DNSFilter Global Mode to ON with it looping back to the router's DNS? Even if a browser, IoT device, etc etc hard-codes DNS, it will be forced back into Diversion. Give it a shot if you haven't already.

192.168.50.1 > LAN > DNSFilter > Enable DNS-based Filtering (ON)
Global Filter Mode (Router)

Remove all the clients from the Client List unless you have a reason for them to be there.
 
Did you set DNSFilter Global Mode to ON with it looping back to the router's DNS? Even if a browser, IoT device, etc etc hard-codes DNS, it will be forced back into Diversion. Give it a shot if you haven't already.

192.168.50.1 > LAN > DNSFilter > Enable DNS-based Filtering (ON)
Global Filter Mode (Router)

Remove all the clients from the Client List unless you have a reason for them to be there.

I certainly have DNSFilter set to Router. This is strange, I've never had this issue before.
 
I am not an Apple person, so I cannot say definitively, but I wouldn't be surprised if Safari isn't moving over to DoH (DNS over HTTPS), which I believe will bypass all other DNS filtering attempts (as that traffic does not appear to be DNS lookups, just encrypted regular web traffic).
Try to see if it is a controllable setting.
 
I am not an Apple person, so I cannot say definitively, but I wouldn't be surprised if Safari isn't moving over to DoH (DNS over HTTPS), which I believe will bypass all other DNS filtering attempts (as that traffic does not appear to be DNS lookups, just encrypted regular web traffic).
Try to see if it is a controllable setting.

The DNS for the iMac is found in System Preferences (there's no specific setting in Safari's Preferences for DNS). In the System Preferences the DNS is the routers address 192.168.50.1
I guess I'll just have to stop using Safari which isn't a major issue.
 
The DNS for the iMac is found in System Preferences (there's no specific setting in Safari's Preferences for DNS). In the System Preferences the DNS is the routers address 192.168.50.1
I guess I'll just have to stop using Safari which isn't a major issue.
Did you install the pixelserv-tls certificate into your keystore on your Mac?
 
Did you install the pixelserv-tls certificate into your keystore on your Mac?

ahh yes I did, I think. Should I install it, just in case I didn't, it would have been awhile ago that I added it.
 
ahh yes I did, I think. Should I install it, just in case I didn't, it would have been awhile ago that I added it.
The following procedure will import your CA cert and trust it system wide.

  1. Open Safari/Chrome. Visit http://pixelserv ip/ca.crt. Make sure you replace pixelserv ip with the actual IP address of pixelserv.
  2. Find the downloaded file, ca.crt.
  3. Double click on `ca.crt' to start Keychain's import wizard.
  4. Select keychain "system" and click "Add".
  5. Open Keychain Access and select keychain "System".
  6. Locate "Pixelserv CA" and double click to the CA cert.
  7. Expand "Trust" and select "Always Trust" for "When using this certificate"
  8. Close the window to finish setting update.
Restart your browser to take effect.
 
The following procedure will import your CA cert and trust it system wide.

  1. Open Safari/Chrome. Visit http://pixelserv ip/ca.crt. Make sure you replace pixelserv ip with the actual IP address of pixelserv.
  2. Find the downloaded file, ca.crt.
  3. Double click on `ca.crt' to start Keychain's import wizard.
  4. Select keychain "system" and click "Add".
  5. Open Keychain Access and select keychain "System".
  6. Locate "Pixelserv CA" and double click to the CA cert.
  7. Expand "Trust" and select "Always Trust" for "When using this certificate"
  8. Close the window to finish setting update.
Restart your browser to take effect.

So, what happened after I installed the ca.crt successfully is Ads were still showing. But I got suspicious of some deactivated browser extensions in Safari preferences. So I deleted all extension bar 2 and this solved the issue. I'm not too sure why an extension affected the browser like this, but nevertheless it's fixed. Thanks, mate (and others).
 
I can confirm that if your browser or perhaps an extension is allowing your browser to use DoH as mentioned a few posts up it will in fact bypass the DNS filter setting on your router.
 
The following procedure will import your CA cert and trust it system wide.

  1. Open Safari/Chrome. Visit http://pixelserv ip/ca.crt. Make sure you replace pixelserv ip with the actual IP address of pixelserv.
  2. Find the downloaded file, ca.crt.
  3. Double click on `ca.crt' to start Keychain's import wizard.
  4. Select keychain "system" and click "Add".
  5. Open Keychain Access and select keychain "System".
  6. Locate "Pixelserv CA" and double click to the CA cert.
  7. Expand "Trust" and select "Always Trust" for "When using this certificate"
  8. Close the window to finish setting update.
Restart your browser to take effect.

Oh this sounds interesting. Google sponsored links break with Diversion running. I wonder if this will allow them to work again (not that I mind denying Google their tax-dodging revenue).

Can someone remind me what the graphical monitoring / reporting tool for Diversion is? I thought I recall mention of something a while ago.
 
Hi, I've added Hosts files to Diversion before but I've never created one. Here I have many of Facebook servers in the correct format to block them in Diversion but I don't know how to create a hosts file (.txt) online. I'm just wondering if anyone knows how to do this.

Any help is appreciated.
 
Hi, I've added Hosts files to Diversion before but I've never created one. Here I have many of Facebook servers in the correct format to block them in Diversion but I don't know how to create a hosts file (.txt) online. I'm just wondering if anyone knows how to do this.

Any help is appreciated.
Just use the RAW link in the navigation links above your file and add it as a hosts file in b:
https://pastebin.com/raw/uW5RgmEE
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top