thelonelycoder
Part of the Furniture
Do not edit the dnsmasq.conf file directly as any change will be thrown out when the service or router is restarted.Many thanks to @dave14305 @Martineau and @john9527
In case someone will be interested in this, I decided to share. Here is manual to configurate Asus RT-N66U (R/W) with [Fork] Asuswrt-Merlin 374.43 LTS release on board to use TOR for listed domains/IP's.
This manual is taken as the basis. Russian version (original) can be found here.
For installation, we need a MicroSD (remove the cover and insert it into the slot inside the router) or a USB flash drive connected on an ongoing basis.
Use commandand follow instructions to install EntwareCode:amtm
Code:opkg update ; opkg upgrade ; opkg install tor tor-geoip bind-dig
Create filewith this contentCode:nano /jffs/scripts/init_ipset.sh
Make it executableCode:modprobe ip_set modprobe ip_set_iphash modprobe ip_set_nethash modprobe ip_set_setlist ipset --create unblock iphash
Edit startup scriptCode:chmod +x /jffs/scripts/init_ipset.sh
Add followingCode:nano /jffs/scripts/services-start
Make it executableCode:#!/bin/sh # This script get called after all other system services # have been started at boot on router # --------------------------------------------------------- # Cron job to install after reboot cru a unblock-ipset "3 3 * * * /opt/bin/unblock_ipset.sh" # Run script now /jffs/scripts/init_ipset.sh /opt/bin/unblock_ipset.sh
Edit this fileCode:chmod +x /jffs/scripts/services-start
Add following lineCode:nano /jffs/scripts/nat-start
Make it executableCode:#!/bin/sh iptables -t nat -A PREROUTING -i br0 -p tcp -m set --set unblock dst -j REDIRECT --to-port 9141
Code:chmod +x /jffs/scripts/nat-start
Deleting old config fileEdit fileCode:cat /dev/null > /opt/etc/tor/torrc
Insert the lines below. Please note that the admin is the default username that is used for authorization in the web interface of the router. If you changed it, replace it with yours.Code:nano /opt/etc/tor/torrc
Code:User admin PidFile /opt/var/run/tor.pid ExcludeExitNodes {RU},{UA},{AM},{KG},{BY} StrictNodes 1 TransPort 192.168.1.1:9141 ExitRelay 0 ExitPolicy reject *:* ExitPolicy reject6 *:* GeoIPFile /opt/share/tor/geoip GeoIPv6File /opt/share/tor/geoip6 DataDirectory /opt/var/lib/tor
- Exclude output nodes: Russia, Ukraine, Armenia Kyrgyzstan, Belarus.
- Hang a "transparent" proxy on the address 192.168.1.1, port 9141.
- Deny be an exit point.
unblock.txt is a simple list to unlock. You can unlock the domain or IP address. One line - one element. Empty lines (including spaces and tabs) are ignored. You can use the # character at the beginning of a line to ignore it. Create a new file with the commandInsert your list into itCode:nano /opt/etc/unblock.txt
Code:###Torrent Trackers rutracker.org rutor.info rutor.is mega-tor.org kinozal.tv nnm-club.me nnm-club.ws tfile.me tfile-home.org tfile1.cc megatfile.cc megapeer.org megapeer.ru tapochek.net tparser.org tparser.me rustorka.com uniongang.tv fast-torrent.ru ###Catalogs of media content for programs rezka.ag hdrezka.ag hdrezka.me filmix.co filmix.cc seasonvar.ru ###Books lib.rus.ec flibusta.is flibs.me flisland.net flibusta.site ###Telegram telegram.org tdesktop.com tdesktop.org tdesktop.info tdesktop.net telesco.pe telegram.dog telegram.me t.me telegra.ph web.telegram.org desktop.telegram.org updates.tdesktop.com venus.web.telegram.org flora.web.telegram.org vesta.web.telegram.org pluto.web.telegram.org aurora.web.telegram.org ###Miscellaneous 7-zip.org edem.tv 4pna.com 2019.vote ###Tor check check.torproject.org ###Example of unlocking by IP (remove # at the beginning of the line) #195.82.146.214
Code:nano /opt/bin/unblock_ipset.sh
Code:#!/bin/sh until ADDRS=$(dig +short google.com @localhost) && [ -n "$ADDRS" ] > /dev/null 2>&1; do sleep 5; done while read line || [ -n "$line" ]; do [ -z "$line" ] && continue [ "${line:0:1}" = "#" ] && continue addr=$(echo $line | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') if [ ! -z "$addr" ]; then ipset --add unblock $addr continue fi dig +short $line @localhost | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("ipset --add unblock "$1)}' done < /opt/etc/unblock.txt
Code:chmod +x /opt/bin/unblock_ipset.sh
Edit fileInsert the lines belowCode:nano /opt/bin/unblock_dnsmasq.sh
Make it executableCode:#!/bin/sh cat /dev/null > /opt/etc/unblock.dnsmasq while read line || [ -n "$line" ]; do [ -z "$line" ] && continue [ "${line:0:1}" = "#" ] && continue echo $line | grep -Eq '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' && continue echo "ipset=/$line/unblock" >> /opt/etc/unblock.dnsmasq done < /opt/etc/unblock.txt
Now executeCode:chmod +x /opt/bin/unblock_dnsmasq.sh
Check that the file is created and has entries in itCode:/opt/bin/unblock_dnsmasq.sh
Code:cat /opt/etc/unblock.dnsmasq
Edit fileInsert the lines belowCode:nano /opt/bin/unblock_update.sh
Make it executableCode:#!/bin/sh ipset --flush unblock /opt/bin/unblock_dnsmasq.sh service restart_dhcpd sleep 3 /opt/bin/unblock_ipset.sh &
Code:chmod +x /opt/bin/unblock_update.sh
Create fileInsert the lines belowCode:nano /opt/etc/init.d/S99unblock
Make it executableCode:#!/bin/sh [ "$1" != "start" ] && exit 0 /opt/bin/unblock_ipset.sh &
Code:chmod +x /opt/etc/init.d/S99unblock
We need to connect the created unblock.dnsmasq file to dnsmasq. To do this, open the file in the editorAdd to the end of the file:Code:nano /etc/dnsmasq.conf
If you want (this is optional), you can add an additional server for resolution and reliability:Code:conf-file=/opt/etc/unblock.dnsmasq
Code:server=8.8.8.8
Use /jffs/configs/dnsmasq.conf.add or /jffs/scripts/dnsmasq-postconf as per the Asuswrt-Merlin wiki.