What's new

Selective Routing with Asuswrt-Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

You first need to check that you enabled dnsmasq logging. Did you specify a dnsmasq.log file location in /jffs/configs/dnsmasq.conf.add? e.g. log-facility=/jffs/logs/dnsmasq.log
I put log-facility=/jffs/logs/dnsmasq.log in my dnsmasq.conf.add file and then restarted the service. However nothing gets created in that location. Am i missing something?
 
I put log-facility=/jffs/logs/dnsmasq.log in my dnsmasq.conf.add file and then restarted the service. However nothing gets created in that location. Am i missing something?
What are the contents of /tmp/etc/dnsmasq.conf? Is there a log-facility specified there?
 
I put log-facility=/jffs/logs/dnsmasq.log in my dnsmasq.conf.add file and then restarted the service. However nothing gets created in that location. Am i missing something?
Did you make a /jffs/logs directory? It won't make the directory if it doesn't exist.
 
Please double check the settings with the instructions in the wiki just to be safe.

If not present in the dnsmasq.conf file, add these two lines after the log-facility line:

Code:
log-async
log-queries

Followed by
Code:
service restart_dnsmasq
 
Last edited:
Please double check the settings with the instructions in the wiki just to be safe.

If not present in the dnsmasq.conf file, add these two lines after the log-facility line:

Code:
log-async
log-queries

Followed by
Code:
service restart_dnsmasq
That did it! Thanks. Now where were we?
 
Im back at this:
Code:
Code:
#!/bin/sh
#set -xo
# This script will format the output of tail -f dnsmasq.log > logfile
# where logfile is the output of tail -f dnsmasq.log
#  1. extract records whose contents contain the word "query"
#  2. output only the domain name
#  3. sort file for unique contents to elimnate duplicates
#  4. save to $1_output
#
# Parameters Passed
# $1 = provide the name of the source file when running the script
#     e.g. ./getdomainnames.sh logfile
#
source_file=/tmp/mnt/absolution/adblocking/logs/$1
output_file=$source_file"_output"
cat $source_file | grep query | grep 192.168.22.152 | awk '{ print $6 }' | sort -u > $output_file
#cat $source_file | grep cached | awk '{ print $6 }' | sort -u > $output_file
But when I run it, it says error on line 1 : no code. If I try to run
Code:
tail -f dnsmasq.log > logfile
it just crashes my WinSCP. However when I log back in, I see a logfile created next to dnsmasq.log. I do not know why the source file in your code is referring to adblocking? I have changed that to just this logfile at /jffs/logs/

Here is the exact code of my getdomainnames.sh script in case its wrong.

Code:
Code:
#!/bin/sh
#set -xo
# This script will format the output of tail -f dnsmasq.log > logfile
# where logfile is the output of tail -f dnsmasq.log
#  1. extract records whose contents contain the word "query"
#  2. output only the domain name
#  3. sort file for unique contents to elimnate duplicates
#  4. save to $1_output
#
# Parameters Passed
# $1 = provide the name of the source file when running the script
#     e.g. ./getdomainnames.sh logfile
#
source_file=/jffs/logs/$1
output_file=$source_file"_output"
cat $source_file | grep query | grep 192.168.1.175 | awk '{ print $6 }' | sort -u > $output_file
#cat $source_file | grep cached | awk '{ print $6 }' | sort -u > $output_file

And when I run it
/jffs/scripts$ sh getdomainnames.sh logfile
getdomainnames.sh: line 1: Code:: not found

Still this error.

dnsmasq.log seems to be populated now, but not by much to be honest, just a few DHCP
requests and stuff like that.
 
Im back at this:
Code:
Code:
#!/bin/sh
#set -xo
# This script will format the output of tail -f dnsmasq.log > logfile
# where logfile is the output of tail -f dnsmasq.log
#  1. extract records whose contents contain the word "query"
#  2. output only the domain name
#  3. sort file for unique contents to elimnate duplicates
#  4. save to $1_output
#
# Parameters Passed
# $1 = provide the name of the source file when running the script
#     e.g. ./getdomainnames.sh logfile
#
source_file=/tmp/mnt/absolution/adblocking/logs/$1
output_file=$source_file"_output"
cat $source_file | grep query | grep 192.168.22.152 | awk '{ print $6 }' | sort -u > $output_file
#cat $source_file | grep cached | awk '{ print $6 }' | sort -u > $output_file
But when I run it, it says error on line 1 : no code. If I try to run
Code:
tail -f dnsmasq.log > logfile
it just crashes my WinSCP. However when I log back in, I see a logfile created next to dnsmasq.log. I do not know why the source file in your code is referring to adblocking? I have changed that to just this logfile at /jffs/logs/

Here is the exact code of my getdomainnames.sh script in case its wrong.

Code:
Code:
#!/bin/sh
#set -xo
# This script will format the output of tail -f dnsmasq.log > logfile
# where logfile is the output of tail -f dnsmasq.log
#  1. extract records whose contents contain the word "query"
#  2. output only the domain name
#  3. sort file for unique contents to elimnate duplicates
#  4. save to $1_output
#
# Parameters Passed
# $1 = provide the name of the source file when running the script
#     e.g. ./getdomainnames.sh logfile
#
source_file=/jffs/logs/$1
output_file=$source_file"_output"
cat $source_file | grep query | grep 192.168.1.175 | awk '{ print $6 }' | sort -u > $output_file
#cat $source_file | grep cached | awk '{ print $6 }' | sort -u > $output_file

And when I run it
/jffs/scripts$ sh getdomainnames.sh logfile
getdomainnames.sh: line 1: Code:: not found

Still this error.

dnsmasq.log seems to be populated now, but not by much to be honest, just a few DHCP
requests and stuff like that.

The reason my dnsmasq.log file directory is different is because I am using AB-Solution to block ads. When combined with Asuswrt-Merlin, it makes a surfing the web a much better experience! The log is written to a USB drive, which is something I recommend. Writing log files to the /jffs directory is not recommended to avoid wearing it out. But let's focus on getting it working first.

You can always remove the comment from the set -xo line to get more verbose output to determine the error.

Changing the code to match your location is the change that is required. e.g. /jffs/logs/dnsmasq.log.

Are you in a SSH session when you enter the tail -f command? It shouldn't crash the SSH client. :confused:

Here is how I run it. Directory locations will differ since your log file is in /jffs/logs/dnsmasq.log.

1. Navigate to the dnsmasq.log file location
Code:
cd /tmp/mnt/absolution/adblocking/logs
2. tail the dnsmasq.log file while watching streaming media:
Code:
 tail -f dnsmasq.log > temp
Hit ctrl-C to stop logging to temp

3. Navigate to /jffs/scripts directory or have another session open and run the getdomainnames.sh script. Provide the file name as a parameter:

Code:
./getdomainnames.sh temp
Here are the Raw contents of temp
Code:
 cat temp

Oct  7 07:00:30 dnsmasq[21978]: reply e13290.e4.akamaiedge.net is 23.48.240.187
Oct  7 07:00:31 dnsmasq[21978]: query[A] cbd46b77.cdn.cms.movetv.com from 192.168.22.157
Oct  7 07:00:31 dnsmasq[21978]: cached cbd46b77.cdn.cms.movetv.com is <CNAME>
Oct  7 07:00:31 dnsmasq[21978]: cached 2-01-4d34-0008.cdx.cedexis.net is <CNAME>
Oct  7 07:00:31 dnsmasq[21978]: cached cbd46b77.cdn.cms.movetv.com.c.footprint.net is 8.253.129.218
Oct  7 07:00:31 dnsmasq[21978]: cached cbd46b77.cdn.cms.movetv.com.c.footprint.net is 8.254.243.232
Oct  7 07:00:34 dnsmasq[21978]: query[A] dns.msftncsi.com from 127.0.0.1
Oct  7 07:00:34 dnsmasq[21978]: cached dns.msftncsi.com is 131.107.255.255
Oct  7 07:00:39 dnsmasq[21978]: query[A] dns.msftncsi.com from 127.0.0.1
Oct  7 07:00:39 dnsmasq[21978]: cached dns.msftncsi.com is 131.107.255.255
Oct  7 07:00:40 dnsmasq[21978]: query[A] aptime.movetv.com from 192.168.22.157
Oct  7 07:00:40 dnsmasq[21978]: forwarded aptime.movetv.com to 104.223.91.194
Oct  7 07:00:41 dnsmasq[21978]: reply aptime.movetv.com is 67.21.50.65
Oct  7 07:00:41 dnsmasq[21978]: query[A] dishpurchasingcorporation.d1.sc.omtrdc.net from 192.168.22.157
Oct  7 07:00:41 dnsmasq[21978]: forwarded dishpurchasingcorporation.d1.sc.omtrdc.net to 104.223.91.194
Oct  7 07:00:41 dnsmasq[21978]: reply dishpurchasingcorporation.d1.sc.omtrdc.net is 66.235.139.1
Oct  7 07:00:41 dnsmasq[21978]: reply dishpurchasingcorporation.d1.sc.omtrdc.net is 66.235.139.211
Oct  7 07:00:41 dnsmasq[21978]: reply dishpurchasingcorporation.d1.sc.omtrdc.net is 66.235.138.197
Oct  7 07:00:41 dnsmasq[21978]: reply dishpurchasingcorporation.d1.sc.omtrdc.net is 66.235.139.209
Oct  7 07:00:41 dnsmasq[21978]: reply dishpurchasingcorporation.d1.sc.omtrdc.net is 66.235.138.199
Oct  7 07:00:41 dnsmasq[21978]: reply dishpurchasingcorporation.d1.sc.omtrdc.net is 66.235.138.198
Oct  7 07:00:41 dnsmasq[21978]: reply dishpurchasingcorporation.d1.sc.omtrdc.net is 66.235.139.210
Oct  7 07:00:41 dnsmasq[21978]: reply dishpurchasingcorporation.d1.sc.omtrdc.net is 66.235.139.2

Here are the contents of temp_output after running the getdomainnames.sh script:
Code:
#cat temp_output

aptime.movetv.com
cbd46b77.cdn.cms.movetv.com
dishpurchasingcorporation.d1.sc.omtrdc.net
 
The reason my dnsmasq.log file directory is different is because I am using AB-Solution to block ads. When combined with Asuswrt-Merlin, it makes a surfing the web a much better experience! The log is written to a USB drive, which is something I recommend. Writing log files to the /jffs directory is not recommended to avoid wearing it out. But let's focus on getting it working first.
Hi Xentrk. This is Rappy, with a new, slightly more aggrieved username. It appears I have been banned from this site by cloudflare. It happened when I was entering in the code for what is in my temp file, as I tried writing a PM to you and at the exact same moment of pasting the code that page was also blocked.

Anyway, the temp file output doesn't contain much. It only contains a few references to time warner cable in a different state to me. This is after I browsed the iPlayer on the AppleTV for a while with the VPN off and with no policy rules.

Temp_output was created, but it is completely empty.
 
Hi Xentrk. This is Rappy, with a new, slightly more aggrieved username. It appears I have been banned from this site by cloudflare. It happened when I was entering in the code for what is in my temp file, as I tried writing a PM to you and at the exact same moment of pasting the code that page was also blocked.

Anyway, the temp file output doesn't contain much. It only contains a few references to time warner cable in a different state to me. This is after I browsed the iPlayer on the AppleTV for a while with the VPN off and with no policy rules.

Temp_output was created, but it is completely empty.
You can put the code in pastebin.com and send a link. Doesn’t the vpn to UK need to be turned on though with your device set to use the UK tunnel? Do a tail or cat on the dnsmasq.log file for clues. Look for the IP address of the Apple TV for example.
 
Last edited:
You can put the code in pastebin.com and send a link. Doesn’t the vpn to UK need to be turned on though with your device set to use the UK tunnel? Do a tail or cat on the dnsmasq.log file for clues. Look for the IP address of the Apple TV for example.
I switched the VPN on again but still no more stuff in the temp file nor the dnsmasq.log

https://pastebin.com/raw/jCN4qbnw

Thats from the latest attempt. It doesn't have anything related to the ip of my Apple TV.

I guess, I'm about ready to give up on this. I just can't believe no one with an Apple TV has tried to do this and can't help out with the domain list.
 
Last edited:
I switched the VPN on again but still no more stuff in the temp file nor the dnsmasq.log

https://pastebin.com/raw/jCN4qbnw

Thats from the latest attempt. It doesn't have anything related to the ip of my Apple TV.

I guess, I'm about ready to give up on this. I just can't believe no one with an Apple TV has tried to do this and can't help out with the domain list.

I am not sure why dnsmasq is not logging your traffic. The ASUS I was testing all of this on since we started is now bricked and I have to return it for RMA tomorrow. So I will be very limited in helping for the short term. I have a back up of the scripts I wrote and will need to transfer them to the other AC88U later today. I wanted to look at my dnsmasq.conf file to see if there is anything else we may have missed.

Before giving up, I recommend that you install AB-Solution https://www.ab-solution.info/. That is what I use and the dnsmasq functionality for logging is already built it. It also includes some utilities to follow the dnsmasq.log file as it is being used. @thelonelycoder provides excellent support. Once installed, you will have the ability to log and mine the domain names.
 
I am not sure why dnsmasq is not logging your traffic. The ASUS I was testing all of this on since we started is now bricked and I have to return it for RMA tomorrow. So I will be very limited in helping for the short term. I have a back up of the scripts I wrote and will need to transfer them to the other AC88U later today. I wanted to look at my dnsmasq.conf file to see if there is anything else we may have missed.

Before giving up, I recommend that you install AB-Solution https://www.ab-solution.info/. That is what I use and the dnsmasq functionality for logging is already built it. It also includes some utilities to follow the dnsmasq.log file as it is being used. @thelonelycoder provides excellent support. Once installed, you will have the ability to log and mine the domain names.
Oh dear. Sorry to hear that. Hopefully I didn't contribute to that. I thought Asus routers were mainly unbrickable nowadays.

I think I'm going to try a new avenue. Setup an ad-hoc network from Apple TV to laptop then scan domains with little snitch.
 
Oh dear. Sorry to hear that. Hopefully I didn't contribute to that. I thought Asus routers were mainly unbrickable nowadays.

I think I'm going to try a new avenue. Setup an ad-hoc network from Apple TV to laptop then scan domains with little snitch.
I am stumped as to why the log-queries line is not logging your DNS queries. Is the "Log DHCP queries" -option under LAN/DHCP Server on the web GUI turned on?

These options should have got it working:

Code:
log-queries
    Log the results of DNS queries handled by dnsmasq. 

log-facility=<facility>
    Set the facility to which dnsmasq will send syslog entries.
 
I am stumped as to why the log-queries line is not logging your DNS queries. Is the "Log DHCP queries" -option under LAN/DHCP Server on the web GUI turned on?

These options should have got it working:

Code:
log-queries
    Log the results of DNS queries handled by dnsmasq.

log-facility=<facility>
    Set the facility to which dnsmasq will send syslog entries.
There is no such option under my UI. There is instead a Hide DHCP/RA queries option, which is set to No.
 
This was the first script I ran. It assigns clients to OVPNC1 or OVPNC2...

Hi @Xentrk from the above post, I tried executing the script but for both of these lines:

iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000

iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set OVPNC1 src,dst -j MARK --set-mark 0x1000/0x1000


I received:
iptables: No chain/target/match by that name.

To recap, this is my configuration:
  1. On VPN Client GUI page, set Accept DNS Configuration = Exclusive
  2. Redirect Internet Traffic = Policy Rules (Strict)
  3. All entries from the policy routing table have been removed and Create NAT on tunnel is set to Yes.
  4. I have specified the VPN clients in the OVPNC1 file to list the ip address of the devices that will go thru the VPN.
I have verified the IPSET lists are populate for OVPNC1 and WAN_GW. The IP RULE confirms the rules are created. But issuing the above -t mangle command just throws iptables: No chain/target/match by that name.

Can something be blocking this script from running or creating the PREROUTING for LAN_GW/OVPNC1?
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top