All right, so here we go - based on
http://sfxpt.wordpress.com/2011/02/21/t ... ng-method/, with some minor modifications.
Gordon, you can't use the same IP address (at least in my method), cause DNS server will not tell you port of the connection - so the iptables rule will prevent you from accessing b3's own webserver.
Let's assume that 192.168.1.1 is your LAN interface address. Pixelserv will be listening on port 8080.
0. Add interface alias to eth1 - this is how
/etc/network/interfaces file looks on my system:
Code: Select all
iface eth0 inet dhcp
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
auto eth1:0
iface eth1:0 inet static
address 192.168.1.254
netmask 255.255.255.0
auto lo
iface lo inet loopback
Bring up the additional interface:
1. Download
pixelserv script:
Code: Select all
LISTEN_ADDRESS=192.168.1.254
LISTEN_PORT=8080
Code: Select all
cd /usr/local/bin/
curl http://proxytunnel.sourceforge.net/files/pixelserv.pl.txt | tee /tmp/pixelserv | sed "s/0\.0\.0\.0/$LISTEN_ADDRESS/" | sed "s/80/$LISTEN_PORT/" > pixelserv
chmod 755 pixelserv
2. Create init script:
/etc/init.d/pixelserv
Code: Select all
#! /bin/sh
# /etc/init.d/pixelserv
#
### BEGIN INIT INFO
# Provides: pixelserv
# Required-Start: $remote_fs
# Required-Stop: $all
# Should-Start: $remote_fs
# Should-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Startup script for PixelServ
# Description: PixelServ provides 1x1 gif for ad blocking
### END INIT INFO
# Carry out specific functions when asked to by the system
case "$1" in
start)
echo "Starting pixelserv "
/usr/local/bin/pixelserv &
;;
stop)
echo "Stopping script pixelserv"
killall pixelserv
;;
*)
echo "Usage: /etc/init.d/pixelserv {start|stop}"
exit 1
;;
esac
exit 0
Code: Select all
chmod 755 /etc/init.d/pixelserv
update-rc.d pixelserv defaults
3. Create script to download&prepare list of ad servers -
/usr/local/bin/get-ad-block-list.sh
Code: Select all
#!/bin/sh
# Down the DNSmasq formatted ad block list
curl "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext" | sed "s/127\.0\.0\.1/192.168.1.254/" > /etc/dnsmasq.adblock.conf
# Restart DNSmasq
/etc/init.d/dnsmasq restart
Note: to block customer servers, add the following before "# Restart DNSmasq":
Code: Select all
echo "address=/NAME_OF_AD_SERVER/192.168.1.254" >> /etc/dnsmasq.adblock.conf
Code: Select all
chmod -v 755 /usr/local/bin/get-ad-block-list.sh
4. Add custom config to DNSmasq config file:
Code: Select all
echo "conf-file=/etc/dnsmasq.adblock.conf" >> /etc/dnsmasq.conf
5. Add custom iptables rule to test if all is fine:
Code: Select all
iptables -t nat -A PREROUTING -i eth1 -d 192.168.1.254 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.254:8080
Now is the
time to test. Try accessing some site that should have ads - now they (ads) shouldn't be there. If that's the case:
6. Add script link to cron, so ad server list is updated daily:
Code: Select all
ln -s /usr/local/bin/get-ad-block-list.sh /etc/cron.daily/get-ad-block-list
7. Save iptables rule in your config:
Code: Select all
iptables-save >/etc/network/firewall.conf
Disclamer:
I'm not sure if those settings persist between reloads (esp. interface settings) - currently I can't reload b3 (due to other family members using the connection), so I'll be grateful for all updates other people can make to this howto.