Ohh yeah, that one the DNS is set to 192.168.31.1, because my DNS is mainly handled by Adguard Home.
Just as a general note, geoIP is notoriously imprecise and you are essentially putting your blocking/dropping decisions into the hand of the entity filling the database iptables uses to divine the the country-code. This still can be a helpful and desired policy, just keep the trade-off in mind which using geoip implies.
Well, yes I understand. I just wanted to set an option, only my country-specific IP can be access (because I use wireguard), but I don't need all other countries to connect with my device.
I was reading that, I have to download some geoip database in my openwrt, then this will work
iptables -A INPUT -m geoip ! --src-cc BD -j DROP
iptables -A INPUT -m geoip -p tcp –dport 25 ! –src-cc BD -j DROP
iptables -A FORWARD -m geoip --src-cc BD -j DROP
But I cannot figure out, from where I can download.
why do you even bother ?
close the port, problem solved.
install proper openwrt, problem even more solved.
3 Likes
Your redirection for adguard should only be active as a LAN side rule. Right now the reason you are seeing those extra entries is because your AGH is public via your WAN redirect. Essentially you are providing adblocking publicly.
Also you are using AGH from behind dnsmasq which is inefficient. What you need to do is swap dnsmasq to a new port and make AGH respond to port 53 inquiries and do Reverse DNS lookups back to dnsmasq. That makes AGH your primary DNS and you take out the extra hop you have with AGH being behind dnsmasq.
If you go read my thread about manually installing you will see.
NanoPi R2S. - is supported in new OpenWrt. its bigger brother the R4S is still snapshot only.
2 Likes
Seems you have figured out the issue, as you are using Adguard Home. I will read your post and try to fix it. Actually, I have installed this IPK for Luci, "luci-app-adguardhome". We can do many changes, without touching the code directly.
Since I am forwarding 53 port to 5350, maybe I can change this option
what ipk is that. as far as i know the only ipk for AGH is 2 years out of date and does not have the new options that are in AGH?
I do see you are using the 107 build so i assume you are using the stable branch. If so you can use the opkg version of AGH. Its instructions are here.
Yes, you are right, I am using this one https://github.com/rufengsuixing/luci-app-adguardhome/releases
But we can always update the Adguard Home latest build using that.
I have done most settings like yours, my upstream is also using next DNS.
I am just stuck here. Can you tell me how do this? 
either use the script in the opkg install or in my manual thread and it will "move" your install around.
Most old guides have you install AGH behind dnsmasq but causes issues. Firstly? every request forks dnsmasq and increases memory usage. Secondly you have the additional hop and latency associated.
I re-wrote 2 years of posts and updates to one new up to date thread, then I and another member wikified it and got the opkg version update from the terrible 104 release to the new 107 release which is actually stable and usable.
I saw that one but as i cannot read chinese and it was 2yrs old i just ignored it and did manual scripting instead. If it acutally works maybe could make things easier for the opkg version in OpenWrt.
Just realised i should have added an important point. While those scripts will help you move dnsmasq. You will need to manually edit your adguardhome.yaml file so it binds to port 53 instead. I would move dnsmasq to port 5353 and then move AGH to port 53. Or you could just update to new openwrt and follow the opkg install and reinstall AGH from scratch to avoid complications.
1 Like
usage of -A (append) is too late here... as INPUT jumps to zone_wan_input which jumps to zone_wan_src_REJECT or similar...
in other words... your rule is never parsed
1 Like
Just tried a manual install of this and it is broken on the new 20 builds. the manual configuration page is unable to pull properly from luci. That being said I do like the options it has. I wonder if i can get it working and update it. it would make the opkg version much easier to manage for new users.
Not sure which one you mean. But I can always update the latest build. Once you update it, you can to click save and apply. Then it will update.
Please see if you can edit and update it to the latest version. Indeed it will be very helpful for new users. Also I like the main function which is Manual Config
When I flash the new openwrt, all I need to do is copy paste my previous config, and all the settings become exactly the same. I don't have to manually set one by one.
its the manual config page that is broken. It appears to be missing some luci modules to make it work.
<script type="text/javascript" src="/luci-static/resources/promis.min.js?v=git-22.046.85957-59c3392"></script>
<script type="text/javascript" src="/luci-static/resources/luci.js?v=git-22.046.85957-59c3392"></script>
<script type="text/javascript">
L = new LuCI({"apply_rollback":90,"resource":"\/luci-static\/resources","media":"\/luci-static\/openwrt2020","documentroot":"\/www","pathinfo":"\/admin\/services\/AdGuardHome\/manual","apply_display":1.5,"requestpath":["admin","services","AdGuardHome","manual"],"ubuspath":"\/ubus\/","scriptname":"\/cgi-bin\/luci","dispatchpath":["admin","services","AdGuardHome","manual"],"sessionid":"a610832595c69251a716fa59b25038ac","token":"b966144827f52ae50b4b3c5e6386e105","apply_timeout":5,"apply_holdoff":4,"nodespec":{"wildcard":true,"satisfied":true,"title":"Manual Config","order":3,"action":{"post":{"cbi.submit":true},"type":"cbi","path":"AdGuardHome\/manual"}},"pollinterval":5});
</script>
<h2 name="content">500 Internal Server Error</h2>
<p>Sorry, the server encountered an unexpected error.</p>
<pre class="error500">/usr/lib/lua/luci/template.lua:97: Failed to execute template 'cbi/map'.
A runtime error occurred: /usr/lib/lua/luci/template.lua:97: Failed to execute template 'cbi/tsection'.
A runtime error occurred: /usr/lib/lua/luci/template.lua:97: Failed to execute template 'cbi/ucisection'.
A runtime error occurred: /usr/lib/lua/luci/template.lua:97: Failed to execute template 'cbi/tvalue'.
A runtime error occurred: /usr/lib/lua/luci/model/cbi/AdGuardHome/manual.lua:11: bad argument #1 to 'lines' (/tmp/resolv.conf.auto: No such file or directory)
Can you please install this IPK file and see the result. I am using this https://openwrt.cc/snapshots/packages/aarch64_generic/luci/luci-app-adguardhome_1.8-12_all.ipk
luci-app-adguardhome_1.8-11_all.ipk is the one i pulled from his site.
Your .12 seems to fix things. Where is its source code?
(edit2) I just realised the original 11 would break because it is expecting files in different places. My install is in /opt/AdGuardHome along with the config files there.
1 Like
I am not quite sure about it. I am using this firmware for R2S. They have different distribution feeds, I got it from here - https://openwrt.cc/snapshots/packages/aarch64_generic/luci
But see if you can apply this with this file, then maybe I don't have to touch the code, just edit some settings from here. Let me know if you find something.
Well installing that new build broke my AGH install. it replaced the /etc/init.d/AdGuardHome script.
I shall investigate further and see what can be done.
sorry for that, hopefully, you can find the solution.