What's new

[How-to] Adblock Plus filters right on router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

.....
6. Add web traffic interception rule to iptables.

Quote:
echo \#!/bin/sh > /jffs/scripts/firewall-start
echo iptables -t nat -A PREROUTING --source 192.168.0.101 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 >> /jffs/scripts/firewall-start
chmod +x /jffs/scripts/firewall-start

where 192.168.0.101 is an IP address from step above.

Reboot router and check web surfing on chosen device.

If you want to change AdBlock subscriptions, please remove old ones first:

then repeat step #4 only.

I cannot seem to get past this point 6. I am not clear what I need to do. I see the file called 'firewall-start'. It only contains one line:
#!/bin/sh

I replaced it with the entire part from what is in quotes above (and updated the IP address to the one for my device).
However after rebooting the router, adblocking still does not work and the the 'firewall-start' file has changed back to the one line from above.

What am I doing wrong??:confused:
 
never mind - I got it to work. Not sure what I did differently though.
 
Shell script can be used on any platform. You need to find privoxy package for ARM platform.

That was my assumption last time I tried it on optware. I believe there was a syntax error in one of the parsing commands (possibly sed). I will try again and post back with detailed results
 
This is HOW-TO for using Adblock Plus filters on router with Merlin's firmware. Better to use it with iOS/Android devices. Using with PC will slow down web surfing because of router performance limitations.
It's based on privoxy — a proxy server, which will intercept and filter all web-traffic from chosen iOS/Android device.

Requirements:
1. Asuswrt-Merlin driven RT-N16/RT-N66U/RT-AC66U router with USB-drive.
2. Working Entware environment. Please, refer to Eric's how-to for details.

Setup
1. Install necessary packages:

2. Install prepared privoxy configuration file:

3. Install script for converting AdBlock Plus rules:

4. Choose AdBlock Plus subscriptions.
Please, find "URLS=" string in privoxy-blocklist_0.2.sh and put your own subscriptions here. You may sneak subscription URLs in you favourite browser or here. The default subscriptions is a easylistgermany and easylist.
Now convert AdBlock Plus rules to privoxy format by running:

5. Choose iOS/Android/PC device where filtering needed.
Please, go to router's web interface, "LAN > DHCP Server" page, and select "Enable Manual Assignment" button.
Add your device to "Manually Assigned IP around the DHCP list". Better to do it while device is connected to router: you may select it's MAC from drop-down list and assign an IP address for it, for example "192.168.0.101". Don't forget to push "Apply" button (I did:))
6. Add web traffic interception rule to iptables.

where 192.168.0.101 is an IP address from step above.

Reboot router and check web surfing on chosen device.

If you want to change AdBlock subscriptions, please remove old ones first:

then repeat step #4 only.

I installed this script and it works great.

I need an ip range from 192.168.11.97-192.168.11.99 to work with my 3 devices

I read this thread several times but its still not clear to me on how to do this.

is it possible to use more then one device with this script?

Also I tried this script http://www.dondeg.com/vpn/tut3a.html
It's to direct traffic over the vpn.
I have it setup for these ip address's 192.168.11.97, 192.168.11.98 and 192.168.11.99 which will be excluded from the vpn and every other ip will go to the VPN

it works great alone but when i enable your ad-block script together
the ad-block script stops working.

Can this router support more then one script at a time?
If you can take a look at this script it would be greatly appreciated.
 
Last edited:
I have a range of 10 IP's which adblock for 2 iPhones, an iPad, a Kindle, and guests.

Follow the tutorial, but in place of Step 6 use this:
echo \#!/bin/sh > /jffs/scripts/firewall-start
echo iptables -t nat -A PREROUTING -m iprange --src-range 192.168.11.97-192.168.11.99 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 >> /jffs/scripts/firewall-start
chmod +x /jffs/scripts/firewall-start

I don't know about the 2nd option you are mentioning with VPN traffic.
 
Hi everybody,

I got this running, but it seems that after the reboot, the adds are indeed hidden, but when I refresh or revisit that specific webiste, it won't load at all anymore. It seems it is completely blocked? When i manually set my IP to a different one, the websites load fine... Did I do something wrong? :)
 
which one is better? privoxy, hosts or adsuck?

Hi,which is the best way to block ads ? I already have entware installed, and using dnscrypt, I have read lots of posts, using privoxy, hosts, and adsuck, so I got a R66U, with the 378.50 Merlin, Entware and dnscrypt working, Thanks a lot for your help
 
Hi,which is the best way to block ads ?
Best for what?
  • Adsuck and hosts is a host-based ad-blocking solution. It's fast, low CPU\RAM consumption (inaccurate!) way to block domains with ads. This a high performance solution may serve multiple clients on broadband Internet connection.
  • Privoxy based ad-block is HTML element ad-removing solution. Fits for tablets\smarts or one PC client with <10-30mbps connection. Very accurate, but requires lot of CPU/RAM resources.
 
Hi, well I have a very slow broadband service <1.5mbs, with the R66U
I meant which had the less impact based on my setup, consumes less resources, I use a PC almost always on, sometimes a laptop and almost always some ipads and android phones.
Thanks for the reply


Best for what?
  • Adsuck and hosts is a host-based ad-blocking solution. It's fast, low CPU\RAM consumption (inaccurate!) way to block domains with ads. This a high performance solution may serve multiple clients on broadband Internet connection.
  • Privoxy based ad-block is HTML element ad-removing solution. Fits for tablets\smarts or one PC client with <10-30mbps connection. Very accurate, but requires lot of CPU/RAM resources.
 
You'll notice the impact on latency more than bandwidth. So pages might take longer to load, but your raw download speed might not suffer much. Privoxy can also be tuned to some degree I suppose. An easier solution is to use adblock on the clients, but that's a per client solution. That also makes enabling ads occasionally easier since some sites won't let you view content if ads are blocked.
 
Best for what?
  • ......
  • Privoxy based ad-block is HTML element ad-removing solution. Fits for tablets\smarts or one PC client with <10-30mbps connection. Very accurate, but requires lot of CPU/RAM resources.

I have an AC56 and a AC66. Currently the AC66 is configured as router and the AC56 is AP. I wonder if I would see a noticeable performance increase, if switched the configurations, i.e. let the AC56 be the router and handle Privoxy.

AC56: 800 MHz 2 cores, 256 BM RAM, 128 MB Flash
AC66: 600 MHz 1 core, 256 BM RAM, 128 MB Flash


PS: I understand that according to change log Merlin's newest 351 beta version now allows to run Entware on AC56 hardware (ARM).
 
You can get the setup script here if you want to set it up immediately (don't forget to remove Optware first - rename the asusware directory, then reboot).

https://raw.githubusercontent.com/R...rc/router/others/entware.arm/entware-setup.sh

Thanks much for your help, Merlin!

I may need a little bit of hand holding here....

Here is what I understand I need to do in order to 'prep' the router to proceed with ryzhov_al instructions in post 1:

- I looked for an asusware folder with WinSCP in my router, but came up empty. I did a bit of googling and found that it may or may not exist on a router, but if so, it should be on the USB stick. So in my case, I do not have to worry about it and move on, correct?

Next:
- take the code you linked to and create an ascii file,
- name it e.g. "entware-setup.sh" and save on the USB stick
- make it 'executable': (chmod +x ./entware-setup.sh)
- run it: (./entware-setup.sh)

afterwards follow ryzhov_al's instructions in post 1....

=> that's it, correct?
 
Thanks much for your help, Merlin!

I may need a little bit of hand holding here....

Here is what I understand I need to do in order to 'prep' the router to proceed with ryzhov_al instructions in post 1:

- I looked for an asusware folder with WinSCP in my router, but came up empty. I did a bit of googling and found that it may or may not exist on a router, but if so, it should be on the USB stick. So in my case, I do not have to worry about it and move on, correct?

Next:
- take the code you linked to and create an ascii file,
- name it e.g. "entware-setup.sh" and save on the USB stick
- make it 'executable': (chmod +x ./entware-setup.sh)
- run it: (./entware-setup.sh)

afterwards follow ryzhov_al's instructions in post 1....

=> that's it, correct?

Or just upgrade to 378.51, rename the existing asusware folder if it exsists, reboot, then run entware-setup.sh.
 
Ok, I got entware as well as the privoxy package on my ac56 installed. All seems to be working fine thus far.

However , I am getting frequent error messages on my browsers "maximum number of connections reached". I tried different devices, iOS and Win7 PC, with the same error message. So I think it seems to be related to the router/privoxy installation itself. Some googling did help much other than that maybe the router's performance is not sufficient.

Any pointers would be greatly appreciated!
 
Low RAM for Privoxy

Privoxy on N66U gives the "Max connections reached" message quite often. The only thing that has worked somewhat for me so far is the suggestion in http://sourceforge.net/p/ijbswa/feature-requests/571/ . After I set ulimit -s 1024, things seem relatively stable.....


Following the link, it says "I added ulimit -s 2048 in /etc/init.d/privoxy"

How exactly do I add this?

Under the folder location: entware.arm/etc/ I see the folders 'init.d' and 'privoxy', but there is no folder 'privoxy' under init.d.

I was hoping I could find a file with a ulimit entry that I could edit.
Do I need to create a file, called ulimit? If so, what needs to be in there?
 
In the S24privoxy file is where the service starts. There is a line for parameters that you can add it called ARGS:

Code:
ENABLED=yes
PROCS=privoxy
ARGS=""
PREARGS=""
DESC=$PROCS

I am curious, how did you find this? I have been trying for 2 weeks to get privoxy running on my AC87U and haven't been able to get past the max connections reached message. I don't have these issues on the MIPS version running on a old N66U.

Following the link, it says "I added ulimit -s 2048 in /etc/init.d/privoxy"

How exactly do I add this?

Under the folder location: entware.arm/etc/ I see the folders 'init.d' and 'privoxy', but there is no folder 'privoxy' under init.d.

I was hoping I could find a file with a ulimit entry that I could edit.
Do I need to create a file, called ulimit? If so, what needs to be in there?
 
Last edited:
Looking at the steps, it looks as though DHCP allocation is needed for each and every device I want to adblock.

How do I adblock using this method ALL devices connected through my router?
 
Looking at the steps, it looks as though DHCP allocation is needed for each and every device I want to adblock.

How do I adblock using this method ALL devices connected through my router?

I use a range of IP addresses (180 to 189) that should be routed through privoxy:

firewall-start
Code:
#!/bin/sh
iptables -t nat -A PREROUTING -m iprange --src-range 192.168.1.180-192.168.1.189 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Maybe not the most elegant way, but if you wanted to cover all devices, you could simply widen the range.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top