[solved] Open NAT & DoH & Simple-Adblock on OpenWrt RPi-4

As you said, I have removed https://www.malwaredomainlist.com/hostslist/hosts.txt from the host list.

Here's the results of the following commands you asked for.

dnsmasq

# doCMD.sh lsof -i -nP | grep dnsmasq
dnsmasq   5469 dnsmasq    4u  IPv4   7648      0t0  UDP *:67 
dnsmasq   5469 dnsmasq    6u  IPv4   7651      0t0  UDP 117.200.xx.xx (Removed Static IP) 
dnsmasq   5469 dnsmasq    7u  IPv4   7652      0t0  TCP 117.200.xx.xx (LISTEN) (Removed Static IP)
dnsmasq   5469 dnsmasq    8u  IPv4   7653      0t0  UDP 192.168.2.1:53 
dnsmasq   5469 dnsmasq    9u  IPv4   7654      0t0  TCP 192.168.2.1:53 (LISTEN)
dnsmasq   5469 dnsmasq   10u  IPv4   7655      0t0  UDP 127.0.0.1:53 
dnsmasq   5469 dnsmasq   11u  IPv4   7656      0t0  TCP 127.0.0.1:53 (LISTEN)
dnsmasq   5469 dnsmasq   12u  IPv6   7657      0t0  UDP [fe80::d237:45ff:fe7e:1780]:53 
dnsmasq   5469 dnsmasq   13u  IPv6   7658      0t0  TCP [fe80::d237:45ff:fe7e:1780]:53 (LISTEN)
dnsmasq   5469 dnsmasq   14u  IPv6   7659      0t0  UDP [fd1a:1a6a:b650::1]:53 
dnsmasq   5469 dnsmasq   15u  IPv6   7660      0t0  TCP [fd1a:1a6a:b650::1]:53 (LISTEN)
dnsmasq   5469 dnsmasq   16u  IPv6   7661      0t0  UDP [fe80::c423:c8ff:fe94:613f]:53 
dnsmasq   5469 dnsmasq   17u  IPv6   7662      0t0  TCP [fe80::c423:c8ff:fe94:613f]:53 (LISTEN)
dnsmasq   5469 dnsmasq   18u  IPv6   7663      0t0  UDP [fe80::dea6:32ff:fee5:b440]:53 
dnsmasq   5469 dnsmasq   19u  IPv6   7664      0t0  TCP [fe80::dea6:32ff:fee5:b440]:53 (LISTEN)
dnsmasq   5469 dnsmasq   20u  IPv6   7665      0t0  UDP [::1]:53 
dnsmasq   5469 dnsmasq   21u  IPv6   7666      0t0  TCP [::1]:53 (LISTEN)

DHCP

# doCMD.sh uci show dhcp | grep servers
dhcp.@dnsmasq[0].serversfile='/var/run/simple-adblock.servers'

Simple-Adblock

# doCMD.sh uci show simple-adblock
simple-adblock.config=simple-adblock
simple-adblock.config.config_update_url='https://cdn.jsdelivr.net/gh/openwrt/packages/net/simple-adblock/files/simple-adblock.conf.update'
simple-adblock.config.dns='dnsmasq.servers'
simple-adblock.config.dns_instance='0'
simple-adblock.config.verbosity='2'
simple-adblock.config.force_dns='1'
simple-adblock.config.led='none'
simple-adblock.config.boot_delay='120'
simple-adblock.config.download_timeout='10'
simple-adblock.config.curl_retry='3'
simple-adblock.config.parallel_downloads='1'
simple-adblock.config.debug='0'
simple-adblock.config.compressed_cache='0'
simple-adblock.config.allowed_domain='cdn.jsdelivr.net'
simple-adblock.config.blocked_domains_url='https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt' 'https://cdn.jsdelivr.net/gh/paulgb/BarbBlock/blacklists/domain-list.txt' 'https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt' 'https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt'
simple-adblock.config.enabled='1'
simple-adblock.config.config_update_enabled='1'
simple-adblock.config.blocked_domain='addthis.com'
simple-adblock.config.blocked_hosts_url='https://adaway.org/hosts.txt' 'https://cdn.jsdelivr.net/gh/hoshsadiq/adblock-nocoin-list/hosts.txt' 'https://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext' 'https://winhelp2002.mvps.org/hosts.txt' 'https://someonewhocares.org/hosts/hosts' 'http://sbc.io/hosts/hosts' 'http://sbc.io/hosts/alternates/fakenews-gambling-porn-social/hosts' 'https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt' 'https://raw.githubusercontent.com/anudeepND/blacklist/master/facebook.txt'

DNS over HTTPS

# doCMD.sh uci show https-dns-proxy
https-dns-proxy.config=main
https-dns-proxy.config.update_dnsmasq_config='*'
https-dns-proxy.@https-dns-proxy[0]=https-dns-proxy
https-dns-proxy.@https-dns-proxy[0].listen_addr='127.0.0.1'
https-dns-proxy.@https-dns-proxy[0].listen_port='5053'
https-dns-proxy.@https-dns-proxy[0].user='nobody'
https-dns-proxy.@https-dns-proxy[0].group='nogroup'
https-dns-proxy.@https-dns-proxy[0].bootstrap_dns='1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001'
https-dns-proxy.@https-dns-proxy[0].resolver_url='https://cloudflare-dns.com/dns-query'
https-dns-proxy.@https-dns-proxy[1]=https-dns-proxy
https-dns-proxy.@https-dns-proxy[1].listen_addr='127.0.0.1'
https-dns-proxy.@https-dns-proxy[1].listen_port='5054'
https-dns-proxy.@https-dns-proxy[1].user='nobody'
https-dns-proxy.@https-dns-proxy[1].group='nogroup'
https-dns-proxy.@https-dns-proxy[1].bootstrap_dns='8.8.8.8,8.8.4.4'
https-dns-proxy.@https-dns-proxy[1].resolver_url='https://dns.google/dns-query'

tail -n5 /var/run/simple-adblock.servers

@vampirexox , did you try going to one of these in your browser?

I don't quite understand your question. Are you asking me if I have tried visiting the site mentioned in the domain/host list blocked by simple-adblock?

yes... how were you testing it?

Visiting any site, I don't see any site getting their ads blocked. It was the same case when I used Adblock (which we uninstalled earlier). And, yes, visiting the site that is mentioned on the host/domain list - it doesn't get blocked. For ex., I had added 'addthis.com' to blocked domains, yet I'm able to visit the site.

Perhaps those ad sites aren't on the domain block lists you've added.

Hence the reason to try to access anything on the block list.

Also, make sure your clients actually use your pi as their DNS server.

Disable DoH/DoT in the browser, that setting might bypass your local DNSes.

I'm using Raspberry Pi 4 as my main router, which is running on OpenWRT with simple-adblock + SQM +DoH enabled.

As you can see from the screenshot below, client is going through DNS pointing towards 192.168.2.1 (Pi on OpenWRT) where the aforementioned packages are enabled.

I got it fixed. I can confirm Adblock and DoH is working flawless now. Thank you so much, @anon50098793 @frollic you guys are saviours!

My Google DNS override was an issue, which I got it fixed simply by pointing it towards my router.

Screenshot_20201217-213251__011080×775 57 KB

Screenshot_20201217-213210__011080×1756 195 KB

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.