What's new

[How-to] Adblock Plus filters right on router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

For the one who are interested.
You can also forward privoxy to polipo a fast webcaching proxy.
Polipo is also available in the entware repo.
Add this rule to privoxy's config file
Code:
forward / proxyIP(polipo):proxyPort(polipo)

Here's mine polipo config

Code:
#setUser = "polipo" # *                                          
daemonise = true                                                      
pidFile = "/opt/var/run/polipo/polipo.pid"                          
proxyAddress = "192.168.1.1"                                        
proxyPort = 8123                                                      
proxyName = "localhost"                                             
dnsNameServer = "127.0.0.1"                                             
allowedClients = 127.0.0.1, 192.168.1.0/28                            
allowedPorts = 1-65535                                               
localDocumentRoot = "" # Disable local webserver                                         
disableLocalInterface = true # Disable the local configuration pages
diskCacheRoot = "/tmp/mnt/data/polipo-cache/"                  
dnsQueryIPv6 = no                                                    
chunkHighMark = 8388608                                                
objectHighMark = 3072                                              
censoredHeaders = from, accept-language  
censorReferer = maybe                                           
#logFile = "/opt/var/log/polipo.log"                                 
logSyslog = true                                                     
logFacility = "daemon"           
logLevel = 0x4
#logLevel = 0xFF

* If you want to run polipo as different user use this patch here: http://www.mail-archive.com/polipo-users@lists.sourceforge.net/msg00478.html
which will create the setUser config variable and compile using the openwrt buildroot http://code.google.com/p/wl500g-repo/wiki/Compiling
or download it here http://www.sendspace.com/file/3ljx8l
 
I don't mean to necro a thread, but I made it here looking how to put Adblock on my N66U router and I am amazed at what you guys are writing here. I also don't mean to run a tangent either, but is this all in Linux. I'm seeing mention of ipchains so I assume it is. I took and did some small level programming of Cisco routers, mainly distribution level, but I have to admit, this makes that look like child's play. Where did you all get started with picking this up?
 
This is HOW-TO for using Adblock Plus filters on router with <SNIP>
5. Choose iOS/Android/PC device where filtering needed.
Please, go to router's web interface, "LAN > DHCP Server" page, and select "Enable Manual Assignment" button.
Add your device to "Manually Assigned IP around the DHCP list". Better to do it while device is connected to router: you may select it's MAC from drop-down list and assign an IP address for it, for example "192.168.0.101". Don't forget to push "Apply" button (I did:))
6. Add web traffic interception rule to iptables.

where 192.168.0.101 is an IP address from step above.

Reboot router and check web surfing on chosen device.

If you want to change AdBlock subscriptions, please remove old ones first:

then repeat step #4 only.

I am trying to follow this and wonder if there an alternative step to make ALL traffic through the router go transparently to PRIVOXY/ADBLOCK?
 
Last edited:
I am trying to follow this and wonder if there an alternative step to make ALL traffic through the router go transparently to PRIVOXY/ADBLOCK?

literally three post back from yours boss.


You must load the right extension :)
This will work

Code:
iptables -t nat -A PREROUTING -m iprange --src-range 10.0.1.130-10.0.1.139 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

It's the same like using --dport without the tcp extension (-m tcp).
That also don't work

just wanted to say thanks for this. as well as to the op for this thread. works beautifully on all my devices!!!

(edit) - after more testing, i've found that the firewall-start script seems to somehow break some of the buttons. for instance, the apply button on the port forward page no longer works. if i remove the script and then reboot, all is back to normal. any ideas on what i could do to fix this?
 
Last edited:
I know Entware is newer and better. Yet I want to ask: can Privoxy be setup in a similar manner as described by Mr. Ryzhov - but in an Optware environment?
 
And a necro "thank you" to ryzhov_al and krabs who got everything up and going for me. It's marvelous - I assign all mobile phones and tablets in the house to a small range and everything is working beautifully.

This is great.
 
Lots of: Resource temporarily unavailable

I applied these settings to my router (rt-n66u w/merlin3.0.0.4.374.35_4) but after 10 minutes of browsing I start getting incomplete web pages. Looking at the privoxy log I see hundreds of these:

2014-01-18 23:57:53.998 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable

netstat shows hundreds of ESTABLISHED and TIME_WAIT connections. Sample:
tcp 0 0 router.asus.com:51558 router.asus.com:8123 ESTABLISHED
tcp 0 0 router.asus.com:51535 router.asus.com:8123 ESTABLISHED
tcp 0 0 router.asus.com:squid 192.168.0.201:58258 TIME_WAIT
tcp 0 0 router.asus.com:www 192.168.0.186:62354 TIME_WAIT
tcp 0 0 router.asus.com:51474 router.asus.com:8123 TIME_WAIT
tcp 0 0 router.asus.com:squid 192.168.0.201:58182 TIME_WAIT

Open connections:
$ cat /proc/sys/fs/file-nr
504 0 22684

Here is my privoxy config:

confdir /opt/etc/privoxy
logdir /opt/var/log
filterfile default.filter
logfile privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile easyprivacy.script.action
actionsfile malwaredomains_full.script.action
actionsfile user.action
filterfile easyprivacy.script.filter
filterfile malwaredomains_full.script.filter
filterfile user.filter
listen-address 0.0.0.0:3128
toggle 1
enable-remote-toggle 1
enable-remote-http-toggle 0
enable-edit-actions 1
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 4
accept-intercepted-requests 1
allow-cgi-request-crunching 0
split-large-forms 0
#keep-alive-timeout 300
#socket-timeout 300
#permit-access 192.168.1.0/24
debug 1 # show each GET/POST/CONNECT request
debug 4096 # Startup banner and warnings
debug 8192 # Errors - *we highly recommended enabling this*
keep-alive-timeout 30 #300
socket-timeout 30 #300
connection-sharing 0 #1
max-client-connections 100
enable-edit-actions 0​

And CPU usage of Privoxy rarely goes over 50%

I tried using polipo but it didn't make a difference. I also tried changing "max-client-connections" but numbers above or below 100 seem to make the situation worse.

Can someone tell me what's wrong with this and what I might be able to do about it? Thanks!
 
I applied these settings to my router (rt-n66u w/merlin3.0.0.4.374.35_4) but after 10 minutes of browsing I start getting incomplete web pages. Looking at the privoxy log I see hundreds of these:

2014-01-18 23:57:53.998 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable

Same here. Followed https://github.com/RMerl/asuswrt-me...to-provide-advertisement-filtering-to-devices on my Asus RT-N66R, running 3.0.0.4.374.40_0.

Used the default privoxy config, even tried increasing max connections to 1024, but I'm getting:

2014-03-12 16:56:20.608 2c45a690 Request: icons-ak.wxug.com/i/w/footer-member-color.png
2014-03-12 16:56:20.610 2ca5a690 Request: icons-ak.wxug.com/i/w/footer-photo-color.png
2014-03-12 16:56:20.616 2cc5a690 Request: icons-ak.wxug.com/webcamramdisk/j/g/jgauvin/1/citypage.jpg
2014-03-12 16:56:20.623 2f85a690 Request: icons-ak.wxug.com/i/w/footer-api-color.png
2014-03-12 16:56:20.639 2e65a690 Request: icons.wxug.com/i/wu/cmFooterBG.png
2014-03-12 16:56:20.658 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-03-12 16:56:20.677 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-03-12 16:56:23.519 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-03-12 16:56:23.577 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-03-12 16:56:24.317 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable

etc. Please help! :) Thanks in advance.
 
I am in the process of setting this up to try how good it performs and use the advantages of targeted blocking instead of hosts blocking.

One other thing I would like to do is re-write urls to redirect my iPad from mobile to desktop sites. The iPad's in-App browser (not Safari or iCab, which I am using) has no way of changing the user-agent.

In the privoxy manual it says you can do redirects as follows:
Code:
# Redirect Google search requests to MSN 
{+redirect{s@^http://[^/]*/search\?q=([^&]*).*@http://search.msn.com/results.aspx?q=$1@}} 
.google.com/search
How would I write the rule if I wanted to rewrite m.domain.com to www.domain.com

 
Same here. Followed https://github.com/RMerl/asuswrt-me...to-provide-advertisement-filtering-to-devices on my Asus RT-N66R, running 3.0.0.4.374.40_0.

Used the default privoxy config, even tried increasing max connections to 1024, but I'm getting:

2014-03-12 16:56:20.608 2c45a690 Request: icons-ak.wxug.com/i/w/footer-member-color.png
2014-03-12 16:56:20.610 2ca5a690 Request: icons-ak.wxug.com/i/w/footer-photo-color.png
2014-03-12 16:56:20.616 2cc5a690 Request: icons-ak.wxug.com/webcamramdisk/j/g/jgauvin/1/citypage.jpg
2014-03-12 16:56:20.623 2f85a690 Request: icons-ak.wxug.com/i/w/footer-api-color.png
2014-03-12 16:56:20.639 2e65a690 Request: icons.wxug.com/i/wu/cmFooterBG.png
2014-03-12 16:56:20.658 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-03-12 16:56:20.677 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-03-12 16:56:23.519 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-03-12 16:56:23.577 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-03-12 16:56:24.317 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable

etc. Please help! :) Thanks in advance.

Have also the same problem have RT-N66R, running 3.0.0.4.374.40_0 but after a reboot everything works for several hours.

2014-04-14 09:32:47.137 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-04-14 09:32:47.154 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable
2014-04-14 09:32:47.156 2aab0310 Error: Unable to take any additional connections: Resource temporarily unavailable

Thank you in advance.
 
Could I use this along with MVPS Host File ad blocking at the same time on the router? I want to block ads to all connected computers/devices so I tried the MVPS Host File method but doesn't seem to block enough ads on my iphone for apps like perk tv/entertainow/swagbucks tv as where privoxy does block these ads very well.
 
loading filter errors...

Odd privoxy errors from adblock list filters. Pulled these from the logs as it causes privoxy to utilize 100% cpu for at least 2 minutes before getting through the list of bad filters w/ error -101.

2014-05-09 13:47:15.708 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easylistgermany.script.filter
2014-05-09 13:47:15.751 2aab0310 Error: Adding re_filter job 'input[onclick[/&:?=_]="window\.open('http://www\.firstload\.de/affiliate/"]' to filter easylistgermany failed with error -101.
2014-05-09 13:47:15.752 2aab0310 Info: Loading filter file: /opt/etc/privoxy/easylist.script.filter
2014-05-09 13:47:56.223 2aab0310 Error: Adding re_filter job 's|onclick[/&:?=_]="window\.open('http://adultfriendfinder\.com/search/">||g' to filter easylist failed with error 70.
2014-05-09 13:47:56.515 2aab0310 Error: Adding re_filter job 's|<a.*href[/&:?=_]="http://games\.ucoz\.ru/"][target="_blank".*>.*</a>||g' to filter easylist failed with error 68.
2014-05-09 13:47:57.027 2aab0310 Error: Adding re_filter job 's|<a.*onmousedown[/&:?=_]="this\.href='http://paid\.outbrain\.com/network/redir?key="][target="_blank".*>.*</a>||g' to filter easylist failed with error 109.
2014-05-09 13:47:57.034 2aab0310 Error: Adding re_filter job 's|<a.*onmousedown[/&:?=_]="this\.href='http://paid\.outbrain\.com/network/redir?key="][target="_blank".*>.*</a>||g + \.ob_source' to filter easylist failed with error 109.
2014-05-09 13:47:57.040 2aab0310 Error: Adding re_filter job 's|<a.*onmousedown[/&:?=_]="this\.href='http://staffpicks\.outbrain\.com/network/redir?key="][target="_blank".*>.*</a>||g' to filter easylist failed with error 115.
2014-05-09 13:47:57.047 2aab0310 Error: Adding re_filter job 's|<a.*onmousedown[/&:?=_]="this\.href='http://staffpicks\.outbrain\.com/network/redir?key="][target="_blank".*>.*</a>||g + \.ob_source' to filter easylist failed with error 115.
2014-05-09 13:47:57.053 2aab0310 Error: Adding re_filter job 'div[id[/&:?=_]="MarketGid"]' to filter easylist failed with error 2.
2014-05-09 13:47:57.059 2aab0310 Error: Adding re_filter job 'div[id[/&:?=_]="YFBMSN"]' to filter easylist failed with error -101.
2014-05-09 13:47:57.066 2aab0310 Error: Adding re_filter job 'div[id[/&:?=_]="div-gpt-ad-"]' to filter easylist failed with error 2.
2014-05-09 13:47:57.072 2aab0310 Error: Adding re_filter job 'iframe[src[/&:?=_]="http://ad\.yieldmanager\.com/"]' to filter easylist failed with error -101.
2014-05-09 13:47:57.078 2aab0310 Error: Adding re_filter job 'iframe[src[/&:?=_]="http://cdn1\.adexprt\.com/"]' to filter easylist failed with error -101.
2014-05-09 13:47:57.085 2aab0310 Error: Adding re_filter job 'iframe[src[/&:?=_]="http://cdn2\.adexprt\.com/"]' to filter easylist failed with error -101.
2014-05-09 13:47:57.091 2aab0310 Error: Adding re_filter job 'img[alt[/&:?=_]="frackbook"]' to filter easylist failed with error -101.

Anyway to clean this up?

Thanks.
 
I can't seem to get the proxy working

Hi guys, I've done everything on the first post but I seem to have an issue where the computer that I trying to setup for ad blocking can't connect to any webpage.

If I have read this correctly after I have done all the work on the router all I should need to do on the computer is under it LAN connections of the browser set its Proxy server to the LAN address of the router and port of 3128

so in my case 192.168.1.1:3128

If that is the case I don't think the proxy is working at all, how is the best to test this or what logs should I be looking at to see what is happening.

Router is a RT-ac66U (version 2)
Firmware is Merlin 3.0.0.4.374.42_0


OK so I been doing some more research and I really starting to thing my proxy is not working on the router, reason for this thinking is that none of the internal proxy tests are working or showing the proxy test, also it makes sense that if the proxy isn't working with the iptables routing in place it would go to a black hole and no web pages would be delivered to the PC like what I'm seeing. So I guess I need to work out what is wrong with the proxy.


Should the config file located at /opts/etc/pricoxy be 0 bytes?
 
Last edited:
Perhaps Merlin can include adblock in his next firmware, with a nice easy GUI for us simpletons :)
 
Would be nice but I do have to say after giving both dd-wrt and TomatoUSB a good couple of shots last week Merlin was always the best with speed and also showed all the channels for the 40Mhz 5Ghz range where the others didn't (think it due to the others not working 100% with V2 hardware).

If it helps anyone else my issue was that the default config wasn't overwritten, had to rerun this command
wget http://files.ryzhov-al.ru/Routers/adblock-plus/config

after that the proxy was alive.
 
Hi ryzhov_al,

I have found your post be very useful, but I have some questions about firewall-start.

In your post, you run the script
echo \#!/bin/sh > /jffs/scripts/firewall-start
echo iptables -t nat -A PREROUTING --source 192.168.0.101 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 >> /jffs/scripts/firewall-start
chmod +x /jffs/scripts/firewall-start

That means you add port forward to firewall-start. However, I find in wiki saying that port forward should be added to nat-start.

What's your opinion?

Which scripts should these rules below be added to?
iptables -t nat -N SHADOWSOCKS
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080
iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS

Thanks.
 
Hi ryzhov_al,

Is the server for files.ryzhov-al.ru down? I got stuck in downloading privoxy configuration file saying "awaiting response..."
 
Is the server for files.ryzhov-al.ru down? I got stuck in downloading privoxy configuration file saying "awaiting response..."
VPS is down, please, try again tomorrow.

PS I'm getting tired of bluevm.com hoster, this is 7th down for the last half year:(
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top