adblock

There’re many ways of doing this. The scenario and configuration is flexible enough, depending on what you want to achieve.

The easy way

My review: Provide the simplest method, poisoned DNS record will be redirected to 127.0.0.1. Longer page load due to no content served in 127.0.0.1 (wait until connection timeout). However this script let you manually control on white list and black list domain.

My review: The script will attempt to create another interface alias and run pixelserv (simple webserver serving 1×1 pixel transparent gif) on that interface. However, you’ll not be able to manually control on white/black list as previous script.

My method

Again, this might not be the best way, but it served my requirements. I’ll be using the same script except that i tweaked it to suit my environment.

Step 1: Create interface alias
I need my pixelserv to run in different ip address (let say my LAN ip is 192.168.1.1/24 i want pixelserv to run on 192.168.88.1/24) so that my uhttpd can listen on 192.168.1.1:80 for LuCI. Add below interface to /etc/config/network

#nano /etc/config/network
config interface 'lan2'
	option ifname 	'eth0'
	option proto	'static'
	option ipaddr 	'192.168.88.1'
	option netmask	'255.255.255.0'

Restart network interfaces
#/etc/init.d/network restart

Verify new interface alias created

[email protected]:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 08:00:27:9A:88:DD
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:629 errors:0 dropped:0 overruns:0 frame:0
          TX packets:661 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:73752 (72.0 KiB)  TX bytes:393608 (384.3 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:9A:88:DD
          inet addr:192.168.88.1  Bcast:192.168.88.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:633 errors:0 dropped:0 overruns:0 frame:0
          TX packets:769 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:82836 (80.8 KiB)  TX bytes:528224 (515.8 KiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:9C:1E:FF
          inet addr:10.0.3.15  Bcast:10.0.3.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:157 errors:0 dropped:0 overruns:0 frame:0
          TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15482 (15.1 KiB)  TX bytes:13962 (13.6 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1648 (1.6 KiB)  TX bytes:1648 (1.6 KiB)

[email protected]:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.0.3.2        0.0.0.0         UG    0      0        0 eth1
10.0.3.0        *               255.255.255.0   U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan
192.168.88.0    *               255.255.255.0   U     0      0        0 eth0

Step 2: Pixelserv setup
We already have a web server installed on the router (serving LuCI), we just need to configure a new uHTTPd server instance.

mkdir /www_pixelserv
wget -O /www_pixelserv/blank.gif http://probablyprogramming.com/wp-content/uploads/2009/03/tinytrans.gif

Edit /etc/config/uhttpd

config uhttpd 'main'
list listen_http '0.0.0.0192.168.1.1:80'
list listen_https '0.0.0.0:443'
option home '/www'

config uhttpd 'pixelserv'
list listen_http '192.168.88.1:80'
option home '/www_pixelserv'
option error_page '/blank.gif'

Restart uhttpd

/etc/init.d/uhttpd restart

Step 3: Adblock for dnsmasq
Follow installation instruction at https://gist.github.com/teffalump/7227752
For adblock.sh, add following lines to 127.0.0.1 with 192.168.88.1

....
#Download and process the files needed to make the lists (add more, if you want)
wget -qO- "http://adaway.org/hosts.txt"|grep "^127.0.0.1" >> /tmp/block.build.list

#Replace 127.0.0.1 with 192.168.88.1
sed -i 's/127.0.0.1/192.168.88.1/g' /tmp/block.build.list
#Add black list, if non-empty
[ -s "/etc/black.list" ] && sed -e 's/^/192.168.88.1\t/g' /etc/black.list >> /tmp/block.build.list
...

Update:

Above mentioned method (creating interface alias) is valid for interface that do not have vlan tagging. For my case, eth0 is tagged with vlan500 and vlan600 (eth0.500 and eth0.600) and I cannot find any documentation for creating alias for tagged interfaces. As workaround, I’ve changed the pixelserv uhttpd to listen to 192.168.1.1:80, while for router web ui (LuCI) listened to port 443.

This is my modified adblock.sh

!/bin/sh   
#Put in /etc/adblock.sh

#Script to grab and sort a list of adservers and malware

#Delete the old block.hosts to make room for the updates
rm -f /etc/block.hosts

#Download and process the files needed to make the lists (add more, if you want)
wget -qO- http://www.mvps.org/winhelp2002/hosts.txt| sed 's/0.0.0.0/127.0.0.1/g' |grep "^127.0.0.1" > /tmp/block.build.list
wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt|grep "^127.0.0.1" >> /tmp/block.build.list
wget -qO- "http://hosts-file.net/.\ad_servers.txt"|grep "^127.0.0.1" >> /tmp/block.build.list
wget -qO- "http://adaway.org/hosts.txt"|grep "^127.0.0.1" >> /tmp/block.build.list

#Replace 127.0.0.1 with 192.168.88.1
sed -i 's/127.0.0.1/192.168.88.1/g' /tmp/block.build.list
#Add black list, if non-empty
[ -s "/etc/black.list" ] && sed -e 's/^/192.168.1.1\t/g' /etc/black.list >> /tmp/block.build.list

#Sort the download/black lists
sed -e 's/\r//g' -e 's/^192.168.88.1[ ]\+/192.168.88.1\t/g' /tmp/block.build.list|sort|uniq > /tmp/block.build.before

if [ -s "/etc/white.list" ]
then
    #Filter the blacklist, supressing whitelist matches
    sed -e 's/\r//g' /etc/white.list > /tmp/white.list
    grep -vf /tmp/white.list /tmp/block.build.before > /etc/block.hosts
    rm -f /tmp/white.list
else
    cat /tmp/block.build.before > /etc/block.hosts
fi

#Delete files used to build list to free up the limited space
rm -f /tmp/block.build.before

References:
http://jazz.tvtom.pl/adblock-w-openwrt-gargoyle/

http://sfxpt.wordpress.com/2011/02/21/the-best-ad-blocking-method
https://forum.openwrt.org/viewtopic.php?id=35023&p=2

 

Incoming search terms:

  • openwrt adblock
  • 192 168 88 1
  • luci-app-vnstat
  • adblock openwrt
  • 192 168 88
  • ddwrt adblock custom config
  • luci-app-adblock n/a
  • openwrt block ad

AUTHOR: [email protected]

Install ‘curl’ package:

# opkg update
# opkg install curl

Next create a script and call it /root/rc.ddns_opendns.sh :

#/bin/sh

/usr/bin/curl -4 -k -u username:password "https://updates.opendns.com/account/ddns.php?"

Make the script executable:

# chmod +x /root/rc.ddns_opendns.sh

Next create another script and call it /etc/hotplug.d/iface/100-opendns :

#!/bin/sh

if [ "$ACTION" = ifup ]; then
/root/rc.ddns_opendns.sh > /dev/null 2>&1
fi

This will update your IP with OpenDNS whenever you reboot or reconnect.

One of the benefits of using OpenDNS is their web content filter. Login to your account on OpenDNS
and start configuring the content filter for your network. Choose Custom and select the categories
you want the content filter to apply too for your home/office network.

Click Apply and wait for roughly 5 minutes for it to take effect. Your network is now protected.

Reference: https://lemur.mybsd.org.my/drl/OpenWRT/DDNS_OpenDNS_OpenWRT.txt

Mission: The example below illustrates a dynamic tunnel configuration for the Hurricane Electric broker with dynamic IP update enabled. The local IPv4 address is automatically determined and tunnelid, username and password are provided for IP update.
Requirements: HE.net ipv6 tunnel, OpenWRT Backfire

Get your v6 tunnel
Go to http://www.tunnelbroker.net and register. Once registered, click on “Create Regular Tunnel” link. Select your nearest v6 tunnel server and click create.

1

Based on above info we know that:
74.82.46.6 is the remote IPv4 address (the other side of the tunnel)
2001:470:23:9c::1/64 is the remote IPv6 tunnel endpoint
210.195.119.81 is the local IPv4 router address (assigned by ISP)
2001:470:23:9c::2/64 is the local IPv6 tunnel endpoint (labeled “Client IPv6 Address” on the Tunnel Details page in your HE account)
2001:470:24:9c::/64 is our allocated subnet/segment

Install required package and dependencies
opkg update
opkg install 6in4 ip ip6tables kmod-sit kmod-iptunnel6 radvd

Configure tunnel
uci set network.henet=interface
uci set network.henet.proto=6in4
uci set network.henet.peeraddr=74.82.46.6
uci set network.henet.ip6addr='2001:470:23:9c::2/64'
uci set network.henet.tunnelid=210081
uci set network.henet.username='YOUR_HASHED_USERNAME'
uci set network.henet.password='YOUR_PASSWORD'
uci commit network

Set firewall zone
uci set [email protected][1].network='wan henet'
uci commit firewall

Bring up the interface
ifup henet
/etc/init.d/firewall restart

You can check new interface is created from LuCI2

Firewall
To apply IPv6 firewall rules to the tunnel interface, add it to the “wan” zone in /etc/config/firewall:
config 'zone'
option 'name' 'wan'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'masq' '1'
option 'mtu_fix' '1'
option 'forward' 'ACCEPT'
option 'network' 'wan henet'

To allow 6in4 traffic to always reach your tunnel endpoint, it may be necessary to pass IPv4 protocol 41 traffic with the following firewall configuration stanza:
config 'rule'
option 'target' 'ACCEPT'
option 'name' '6to4'
option 'src' 'wan'
option 'proto' '41'
option '_name' '6to4'

Routing
To enable routing of IPv6 traffic through the tunnel, add a static IPv6 address in a valid routed subnet to the local-facing interface (LAN). Edit /etc/config/network file and add the last option (‘ip6addr’).

config ‘interface’ ‘lan’
option ‘ifname’ ‘eth0.1’
option ‘type’ ‘bridge’
option ‘proto’ ‘static’
option ‘ipaddr’ ‘192.168.1.1’
option ‘netmask’ ‘255.255.255.0’
option ‘ip6addr’ ‘2001:470:24:9c:964:387b:8888:8888’

Enable Routing in Backfire
To forward packets between interfaces, a kernel-level setting must be enabled. To enable packet forwarding, edit /etc/sysctl.conf. Uncomment following line:
# net.ipv6.conf.all.forwarding=1 to
net.ipv6.conf.all.forwarding=1

Restart sysctl to apply the new setting
/etc/init.d/sysctl restart

IPv6 DHCP
Clients that auto-configure using SLAAC (stateless address auto-configuration) will need to know our routed prefix. To broadcast the prefix to clients on the local network, we use radvd.

3

Verify your tunnel is working

4

 

5

Incoming search terms:

  • he 6in4 IP6tables
  • he net openvpn openwrt
  • henet he tunnel link/sit

Another method to collect your OpenWRT statistics

Installation:
opkg update
opkg install luci-app-vnstat vnstat vnstati

Configuration:
openwrt-vnstat-config

Advance configuration
1) Vnstat Luci configuration script located at /etc/config/vnstat

[email protected]:/# cat /etc/config/vnstat
config 'vnstat'

list 'interface' 'br-lan'
list 'interface' 'eth0'
list 'interface' 'eth0.1'
list 'interface' 'eth0.500'
list 'interface' 'eth0.600'
list 'interface' 'wlan0'

2) Core vnstat configuration file located at /etc/vnstat.conf. Default graph is stored in /var/lib/vnstat folder, I changed my graph location to usb

# location of the database directory
DatabaseDir "/mnt/usb/var/vnstat"

Links:
http://wiki.openwrt.org/doc/howto/vnstat

Incoming search terms:

  • openwrt vnstat
  • cat /etc/config
  • luci app pbx
  • openwrt wifi client luci
  • opkg install luci
  • vnstat luci

A minimalist Luci theme

bootstrap-luci-theme

Installation:
wget http://nut-bolt.nl/files/luci-theme-bootstrap_1-1_all.ipk
opkg install luci-theme-bootstrap_1-1_all.ipk

This should give you an option ‘Bootstrap’ in the System/System -> Language and Style page.

source: http://nut-bolt.nl/2012/openwrt-bootstrap-theme-for-luci

Update: 17 February 2014
This theme is now included in the openwrt 12.09 and trunk repos and should be downloaded from there, http://downloads.openwrt.org/snapshots/trunk/yourdevice/packages/ and search for luci-theme-bootstrap. Or the easy way, install from standard software installation.

Incoming search terms:

  • openwrt luci
  • luci theme openwrt
  • luci bootstrap or openwrt style

Change default http port

The listening port is defined in /etc/config/uhttpd file.

[email protected]:/etc/config# cat uhttpd 
# HTTP listen addresses, multiple allowed
list listen_http        0.0.0.0:80

Securing LuCI

[email protected]:/etc/config# cat uhttpd 
# HTTP listen addresses, multiple allowed
list listen_http        192.168.1.1:80

Enable SSL

1. For a full LuCI installation with HTTPS support
opkg install luci-ssl

2. For upgrading from HTTP to HTTPS
opkg install uhttpd-mod-tls luci-ssl
Private key and certificate will be generated on next hardware reboot.

Out of the box, OpenWRT can show you real-time statistics, however it will not store the data for historical view. I’m looking for similar graphing function as seen on DD-Wrt.

Objective:
To have a nice historical data graphs for router (interfaces bandwidth utilization, cpu load, uptime)

Options we have:
-Use SNMP and graph it using cacti
-muninlite
vnstat
-collectd

This tutorial will be using luci-app-statistics and collectd.

1. Update package
opkg update
2. Install luci-app-statistics
opkg install luci-app-statistics
3. List out supported plugins for collectd
opkg list | grep collectd-mod
4. Install desired plugins
opkg install collectd-mod-cpu collectd-mod-interface collectd-mod-memory collectd-mod-ping collectd-mod-rrdtool collectd-mod-wireless
5. Enable init script
/etc/init.d/luci_statistics enable
/etc/init.d/collectd enable

6. Change RRDTool output folder (optional)
monitor2
/mnt/sda5 is my external USB drive attached to the router.

Screenshots
monitor1

monitor3 monitor4 monitor5 monitor6

Incoming search terms:

  • openwrt collectd
  • openwrt cacti
  • openwrt cpu load
  • openwrt luci plugins
  • openwrt statistics

DDNS stands for Dynamic DNS. Simply put, using this service gives a name to your ip. So if you’re hosting something on your line, people wouldn’t have to bother typing your IP. They can just type in your domain name! It also helps when your ip changes. Users won’t need to discover what your new ip is, they can simply type your domain name. Continue reading

UPnP is used to replace manual port forwarding. Some gaming box (XBOX, PS3) will need UPnP feature to connect to their respective server. Enabling it in OpenWRT Backfire is relatively easy. Continue reading

Incoming search terms:

  • openwrt upnp
  • openwrt
  • upnp openwrt
  • NULL
  • luci-app-upnp
  • openwrt upnp Chaos calmer
  • openwrt upnp gui
  • openwrt upnp luci