Adblock only for certain devices

TheHellSite · March 2, 2019, 11:32am

I would like to configure adblock to only be available to certain devices in my network (f.e. Smart TV).
How can I do this?

My idea was to bind adblock to a 2nd dns server (192.168.1.x) on my x86 router and tell all clients, on which I would like to use adblock, to use the 192.168.1.x DNS server instead of my routers main ip (192.168.1.1).

slh · March 2, 2019, 12:23pm

Usually it would be easier to put the affected devices (especially for larger numbers) into their own subnet/ vlan, with their own dnsmasq instance (you can configure this via /etc/config/dhcp), but your approach is also possible (dnsmasq allows overriding dhcp options for selected MAC addresses).

TheHellSite · March 2, 2019, 12:32pm

But wouldn't the first option make the NAS / DLNA server running on my owrt router unavailable?
Wouldn't this also block streaming from my smartphones to my smart tv?

It will only affect about 3 clients.

Can you point me to a tutorial for doing this?

trendy · March 2, 2019, 12:34pm

smoothswim · March 2, 2019, 1:43pm

Usually it would be easier to put the affected devices (especially for larger numbers) into their own subnet/ vlan

Agreed.
Separate vlan and client isolated wifi AP configuration if wifi is the flavour of connection you desire.

TheHellSite · March 2, 2019, 2:49pm

So how can I put the adblock service on a different vlan then?
I can't find any option in the luci package.

smoothswim · March 2, 2019, 5:14pm

I took a look and the adblock script runs using dnsmasq. So you could create a virtual net device, attach it to a vlan and set dnsmasq to only run on that virtual net device. You then connect the devices you want to adblock using a static network config specific to the vlan you created and after all that it could work.

What would be simpler would be to use privoxy and manually set the privoxy address and port as the network proxy in the TV's network settings, if it will let you.

Even easier. Just block everything or set up two connected routers. One that blocks. One that does not.

anon50098793 · March 3, 2019, 12:16am

There is no law that says the nameserver must be on the same subnet.

Create an extra interface on the router..... the clients that need to get to that "outside" dns are set so in dhcp. Everyone one on the same subnet.... just a few "reaching out" for their dns....

The only hiccups are the settings in that dnsmasq instance that tell it to only accept requests from that lan.

And maybe if want to be be exact, a firewall rule or two.... This method cuts down on any issues with routing... and losing your NAS or whatever.....

TheHellSite · March 4, 2019, 4:49pm

Currently I am trying to figure out how to create a 2nd bridge (192.168.2.1).

My x86 router has 4 LAN Ports. eth0 used for wan, eth1 used to still have access to my modem.

network

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ifname 'eth2 eth3'

config interface 'vpnlan'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option type 'bridge'
	option ifname 'eth2.1 eth3.1'

firewall

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 modem'

config forwarding
	option src 'lan'
	option dest 'wan'

config zone
	option forward 'REJECT'
	option output 'ACCEPT'
	option name 'vpnlan'
	option network 'vpnlan'
	option input 'ACCEPT'

config forwarding
	option dest 'wan'
	option src 'vpnlan'

I don't need DHCP on this bridge, as it is only accessible for clients with manual ipv4 configs anyway.

trendy · March 5, 2019, 10:04am

You may want to use a different vlan number than 1, as this is the default and it will collide with the interfaces of LAN interface.

TheHellSite · February 9, 2020, 12:13pm

Solved using AdGuard Home and this firewall rule: Adblock for specific devices, tutorial to create multiple dnsmasq instances? - #9 by vgaetera

config redirect
    option name 'AGH-DNS_SAMSUNG-TV'
    option target 'DNAT'
    list proto 'tcp'
    list proto 'udp'
    option src 'lan'
    option src_ip '192.168.0.60'
    option src_dport '53'
    option dest 'lan'
    option dest_ip '192.168.0.1' # ip on which adguardhome is listening
    option dest_port '65353' # port on which adguardhome is listening

system · February 19, 2020, 12:13pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.