There’re many ways of doing this. The scenario and configuration is flexible enough, depending on what you want to achieve.
The easy way
https://gist.github.com/teffalump/7227752
My review : Provide the simplest method, poisoned DNS record will be redirected to 127.0.0.1. Longer page load due to no content served in 127.0.0.1 (wait until connection timeout). However this script let you manually control on white list and black list domain.
https://gist.github.com/aarmot/5730468
My review: The script will attempt to create another interface alias and run pixelserv (simple webserver serving 1×1 pixel transparent gif) on that interface. However, you’ll not be able to manually control on white/black list as previous script.
My method
Again, this might not be the best way, but it served my requirements. I’ll be using the same script except that i tweaked it to suit my environment.
Step 1: Create interface alias
I need my pixelserv to run in different ip address (let say my LAN ip is 192.168.1.1/24 i want pixelserv to run on 192.168.88.1/24) so that my uhttpd can listen on 192.168.1.1:80 for LuCI. Add below interface to /etc/config/network
#nano /etc/config/network config interface 'lan2' option ifname 'eth0' option proto 'static' option ipaddr '192.168.88.1' option netmask '255.255.255.0'
Restart network interfaces
#/etc/init.d/network restart
Verify new interface alias created
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr 08:00:27:9A:88:DD
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:629 errors:0 dropped:0 overruns:0 frame:0
TX packets:661 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:73752 (72.0 KiB) TX bytes:393608 (384.3 KiB)
eth0 Link encap:Ethernet HWaddr 08:00:27:9A:88:DD
inet addr:192.168.88.1 Bcast:192.168.88.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:633 errors:0 dropped:0 overruns:0 frame:0
TX packets:769 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:82836 (80.8 KiB) TX bytes:528224 (515.8 KiB)
eth1 Link encap:Ethernet HWaddr 08:00:27:9C:1E:FF
inet addr:10.0.3.15 Bcast:10.0.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:157 errors:0 dropped:0 overruns:0 frame:0
TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15482 (15.1 KiB) TX bytes:13962 (13.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1648 (1.6 KiB) TX bytes:1648 (1.6 KiB)
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.3.2 0.0.0.0 UG 0 0 0 eth1
10.0.3.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.88.0 * 255.255.255.0 U 0 0 0 eth0
Step 2: Pixelserv setup
We already have a web server installed on the router (serving LuCI), we just need to configure a new uHTTPd server instance.
mkdir /www_pixelserv wget -O /www_pixelserv/blank.gif http://probablyprogramming.com/wp-content/uploads/2009/03/tinytrans.gif
Edit /etc/config/uhttpd
config uhttpd 'main' list listen_http '0.0.0.0192.168.1.1:80' list listen_https '0.0.0.0:443' option home '/www' config uhttpd 'pixelserv' list listen_http '192.168.88.1:80' option home '/www_pixelserv' option error_page '/blank.gif'
Restart uhttpd
/etc/init.d/uhttpd restart
Step 3: Adblock for dnsmasq
Follow installation instruction at https://gist.github.com/teffalump/7227752
For adblock.sh, add following lines to 127.0.0.1 with 192.168.88.1
....
#Download and process the files needed to make the lists (add more, if you want)
wget -qO- "http://adaway.org/hosts.txt"|grep "^127.0.0.1" >> /tmp/block.build.list
#Replace 127.0.0.1 with 192.168.88.1
sed -i 's/127.0.0.1/192.168.88.1/g' /tmp/block.build.list
#Add black list, if non-empty
[ -s "/etc/black.list" ] && sed -e 's/^/192.168.88.1\t/g' /etc/black.list >> /tmp/block.build.list
...
Update:
Above mentioned method (creating interface alias) is valid for interface that do not have vlan tagging. For my case, eth0 is tagged with vlan500 and vlan600 (eth0.500 and eth0.600) and I cannot find any documentation for creating alias for tagged interfaces. As workaround, I’ve changed the pixelserv uhttpd to listen to 192.168.1.1:80, while for router web ui (LuCI) listened to port 443.
This is my modified adblock.sh
!/bin/sh
#Put in /etc/adblock.sh
#Script to grab and sort a list of adservers and malware
#Delete the old block.hosts to make room for the updates
rm -f /etc/block.hosts
#Download and process the files needed to make the lists (add more, if you want)
wget -qO- http://www.mvps.org/winhelp2002/hosts.txt| sed 's/0.0.0.0/127.0.0.1/g' |grep "^127.0.0.1" > /tmp/block.build.list
wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt|grep "^127.0.0.1" >> /tmp/block.build.list
wget -qO- "http://hosts-file.net/.\ad_servers.txt"|grep "^127.0.0.1" >> /tmp/block.build.list
wget -qO- "http://adaway.org/hosts.txt"|grep "^127.0.0.1" >> /tmp/block.build.list
#Replace 127.0.0.1 with 192.168.88.1
sed -i 's/127.0.0.1/192.168.88.1/g' /tmp/block.build.list
#Add black list, if non-empty
[ -s "/etc/black.list" ] && sed -e 's/^/192.168.1.1\t/g' /etc/black.list >> /tmp/block.build.list
#Sort the download/black lists
sed -e 's/\r//g' -e 's/^192.168.88.1[ ]\+/192.168.88.1\t/g' /tmp/block.build.list|sort|uniq > /tmp/block.build.before
if [ -s "/etc/white.list" ]
then
#Filter the blacklist, supressing whitelist matches
sed -e 's/\r//g' /etc/white.list > /tmp/white.list
grep -vf /tmp/white.list /tmp/block.build.before > /etc/block.hosts
rm -f /tmp/white.list
else
cat /tmp/block.build.before > /etc/block.hosts
fi
#Delete files used to build list to free up the limited space
rm -f /tmp/block.build.before
References:
0 comments:
Post a Comment