How-To Geek

How to Remove Advertisements with Pixelserv on DD-WRT

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

Sorry for the surprise wheezywaiter.

There are numerous ways to block advertisements in your browser, but what if you could block them on the router? Here’s how to use the DD-WRT firmware and deliberate “DNS poisoning” to block ads for every device on your network.


Update: Guide updated to reflect the feedback provided by commenters and updated the anti-ads pack with the newer pixel-server executable and a changelog.

The first question on everyone’s mind right now is “why not just use ad-block?”

For a lot of people there simply isn’t a reason, especially with chrome’s new ability to replicate the extensions you use to every computer you are running chrome on.

The answer lies somewhere between the reduced overhead of not having to teach all of the users on your network about ad-block (I’m talking to you mom, sis, granny and office secretary) and the convenience of not being bothered with it on every computer you setup. That is assuming that there are going to be some computers on your network that you’re not going to configure your personal environment on (for example “core servers” or VM’s).

Note: Even though i use the method below on my home router, I found ad-block to be an excellent addition to it, and I do recommend using both methods in conjunction. also if you don’t have a DD-WRT router using ad-block is more them enough. In fact, I like the program so much, I donated to its developer and i encourage everyone to do so, to keep it’s development going.

How does it work?

Essentially this works by deliberately poisoning our DNS to return a specific IP for domains in the an unapproved list. This unapproved list will contain domain names of sites that are responsible exclusively for delivering advertisement content, so we won’t miss them much.

We will setup a secondary HTTP server on the router to serve a transparent one pixel image, as the answer for any URL request. In conjunction with the DNS “wrong” resolve, this will cause the network clients to request the content from our internal pixel-server and get a blank image in response.

To generate the unapproved list, we will create one personal list in conjunction to two dynamically downloaded lists. the dynamic lists are the MVPS host file and the Yoyo domain list, together they hold a very extensive list of advertisement sites. By leveraging these lists, we are left with the responsibility of just adding the delta of sites that are not already in one of them, in our personal list.

We will also setup a “whitelist” for domains we don’t want to be blocked for any reason.

Prerequisites and assumptions

  • Patience young one, this is a long read.
  • This procedure was created and tested on DD-WRT (v24pre-sp2 10/12/10 mini r15437), as such you should already have this version or later installed on your router to use it. More information is over on the DD-WRT site.
  • For ease of explanations sake, it is assumed the router has been restored to it’s “factory defaults” or that the settings used have not changed from their “out of the box” presets since then.
  • The client computer is using the router as the DNS server (this is the default).
  • Space for JFFS (when in doubt, I recommend using the mini version of DD-WRT).
  • It is assumed that your network is *already set and that it’s a class C (one that has a subnet of as the last IP on that class C network (x.y.z.254)  will be assigned for the pixel-server program.
  • The willingness to install winSCP.

*The script will not be able to adjust the block lists after the first run until the next refresh cycle (3 days).


Update: Special thanks to “mstombs” for the great piece of  C code without his work all this wouldn’t be possible, “Oki” for compiling the Atheros compatible version and quote ;-) and “Nate” for helping with the QA-ing.

While there was a lot of work to perfect this procedure on my end, the inspiration for it was ignited by the guys over at the DD-WRT forum and some of the foundations of this guide can be found at “ad-blocking with DD-WRT revisited (simple)”, “pixelserv without Perl, without any jffs/cifs/usb free“ and “Flexion.Org Wiki on DNSmasq“ as well as others.

Lets get cracking

Enable SSH for SCP access

By enabling SSH, we in turn give ourselves the ability to connect to the router using the SCP protocol. with that enabled, we can then use the winSCP program to visually navigate the folder structure of the router (as we will see later).

To do this, using the webGUI, go to the “Services” tab. Find the “Secure shell” section and click the “Enable” radio button for the SSHd setting.

enable ssh

Once that’s done, the webGUI should look as below and you can click on “Save” (don’t apply yet).

enable ssh1

Enable JFFS

In order to make this setup in a way that would be stable, reproducible and *be a “good internet citizen”, we will use JFFS to store as much of the configurations as possible. There are other ways to do this without enabling JFFS, if you cant due to space limitations, but they are not covered here.

*other methods have your router download the pixel-server executable and dynamic lists every time the script is run. as this puts a strain on the servers holding the lists and executable and this costs money to someone, this method tries to avoid it if possible.

If you don’t already know what is JFFS, this explanation, taken from DD-WRT’s wiki entry about JFFS should clear things up:

The Journaling Flash File System (JFFS) allows you to have a writable Linux File System on a DD-WRT enabled router. It is used to store user programs like Ipkg and data into otherwise inaccessible flash memory. This allows you to save custom configuration files, host custom Web pages stored on the router and many other things not capable without JFFS.

To enable JFFS on your router, go to the “Administration” tab and find the JFFS section. the picture below shows where you would find this section within the “Administration” tab.

enable ssh2

In the JFFS2 Support section, click the “Enable” radio buttons for the “JFFS2” and (when it appears) the “Clean JFFS2” settings. Once selected, click on “Save”.

enable ssh3

When the settings have been saved, still on the “Administration” tab, reboot the router by using the “Reboot Router” button. This will apply the settings and perform the needed “format” of the JFFS “partition”.


When the webGUI comes back from the reboot to the “Administration” tab, wait for an additional half a minute and refresh the page.

enable ssh5

If successful, you should see that your JFFS mount has some free space as in the picture.

Pixel server setup

Download and extract the anti ads pack for dd-wrt zip archive which contains the pixel-server executable (we are not taking credit, only avoiding “hot linking”), the ad-blocking script (written by yours truly) and the personal-domain-list created by “Mithridates Vii Eupator” and I.

It is time to get the files into the JFFS mount on the router. to do this, install winSCP (it is a “next –> next –> finish” type of a setup) and open it.

In the main window, fill in the information like this:

Host name: your router’s IP (default is

Port number: leave unchanged at 22

User name: root (even if you changed the username for the webGUI, the SSH user will always be *root* )

Private key file: leave blank (this is only necessary when you create a key-pair based authentication which we haven’t)

File protocol: SCP


We also need to disable “Lookup user group” as shown below (thanks mstombs for pointing this out) because winSCP is expecting a full blown Linux on the other side which DD-WRT’s developers, despite all of there excellent work, were unable to provide (mainly because there simply isn’t enough space). If you leave this checked, you will encounter scary messages when you connect and save edited files.

Select Advance, and then uncheck “Lookup user groups”.

While it is optional, you may opt to save the settings now for later use. If you do choose to save the settings which is recommended, it is also recommended (despite the outright cries from the “security paranoid” asylum that we are desecrating the very existence of SSH) that you save the password.


Then your main window will look like in the picture, and all you’ll have to do to connect to the router is double click the entry.


As this is the first time you will be connecting to the router, winSCP will ask if you are willing to trust the fingerprint of the other side. Click “Yes” to continue.


DD-WRT’s developers have implemented a Banner welcome message with some info about the firmware you have installed. once red, click on the “Never show this banner again” checkbox and “Continue”.


Once connected, navigate your way to the top level folder (A.K.A. root “/”) and then go back down to “/jffs” as that is the only permanently writable place on the router’s filesystem (“/tmp” doesn’t survive reboots and the rest are read-only).




Create a new folder, by hitting F7 or right clicking a blank spot, hover over “New” and click “Directory”.


Name the new directory “dns”. we create this directory in order to keep things in the jffs directory organized for future use and because we are mostly changing how the DNS service works.

Copy the “pixelserv” and “” files from the anti-ads-pack-for-dd-wrt zip archive, by selecting them (use the “insert” key), hitting “F5” and then “Copy”.


Note: If your router is Atheros based (you can check this on the DD-WRT wiki) you will need to use the pixelserv_AR71xx provided by Oki and included in the pack and rename it to “pixelserv” before continuing.

Once the files are on the router, we need to make them executable by selecting them (again use “insert”) right click then “properties”.


On the properties window click on the “X” for the “Owner” row. that will give the files execution permissions.

Router settings

Now that the stage is set, we can tell the router to run the ad-blocking script at startup.
To do this, in the webGUI go to the “Administration” tab and then the “Commands” tab.

In the “Commands” text box write the location of the script as “/jffs/dns/”, as in the picture and then click on “Save Startup”.


If successful, you should see the script has become part of the router’s startup as in the picture above.

Setting up the Personal blocked domains list (Optional)

This list enables you to add domains to the unapproved lists, if you find that the two dynamic lists don’t catch something.
To do this, there are two options, and they work in conjunction so you may use both according to what is more convenient for you.

Note: The syntax is important, As we are actually creating configuration directives that the DNSMasq daemon (the process that is responsible for DNS-name to IP translations) will use directly. As such, incorrect syntax here will cause the service to crash and leave the router unable to resolve IP addresses for domain names (you have been admonished).

In order to find the offending domain names to block you may want to use our “Find the Secret Messages in Web Site Headers” guide as a primer. The steps to finding the names of the advertisement domains are practically the same, only that in this case you are looking for an address instead of a message.

The first and admittedly more accessible way is to put the list into the “DNSMasq” configuration box in the wegGUI. This is because to add to this list one can simply access the webGUI instead of having to go “under the hood” to make changes.

Go to the “Services” tab, find the “DNSMasq” section and there find the “Additional DNSMasq Options” text-box.

In this text-box enter the lists of domains that you want to be blocked with the syntax “address=/domain-name-to-block/pixel-server-ip” as shown in the picture below:


Where in this example the “” is the IP that’s generated for the pixel-server based on the “network address” of your LAN. If your network address is something other then 192.168.1.x you will have to adjust the address for the pixel-server accordingly.

When finished, click on “Save” at the bottom of the page (don’t apply yet).

The second option is to compound the list of domains that you want to block, to the “personal-ads-list.conf” file that myself and and “Mithridates Vii Eupator” have assembled. This file is part of the zip-archive you downloaded earlier and it’s a great start for both methods.

In order to use it,  if necessary, use your favorite text editor to adjust the IP of the pixel-server (the same constraints as above apply here). Then simply copy it to the “/jffs/dns” directory as you have the other files. Once it’s in there you can use winSCP to edit it and add domains.

Setting up the whitelist

This is the list of domains that will be omitted from the dynamic “hosts” and “domains” lists.

This is necessary because simply blocking some domains causes sites using them to malfunction. the most noteworthy example is “”.

If we block it’s domain, it will not change the fact that sites that use it, have your browser download a JavaScript that runs on events such as leaving a page. This means that for such a site your browser will try to “call home” by contacting the google domain, will not understand the reply and you will have to wait until the script times out to continue to the next page. That’s hardly a pleasant surfing experience and that is why any domain containing “google-analytics” and “googleadservices” is *hardcodedly exempt from filtering.

This list is created for you with the above mention domains, when the script is run for the first time, under the “/jffs/dns” directory.


To use the whitelist, open the file with winSCP and **perpend to the list the domains you want excluded, while being careful to not leave any blank lines (leaving a blank line will delete all the domains from all of the lists).


*While the script creates the whitelist with the domains within it on the first run, it does NOT insists on their presents for future runs. so if you feel that google should be blocked despite the aforementioned problems, you can remove the domains from the whitelist.

**You must enter the new domains you want at the start of the list. This is because of a bug with how bash interprets new lines… sorry i don’t have a work around for that yet.


This is it, it is finally time to invoke the script and see the results by simply restarting the router.

To do this from the webGUI,Under the “Administration” tab go back to “Management” , at the bottom of the page click on “Reboot router” and wait for the router to come back up.

It may take a couple of minutes for the script to perform its duties for the first time.

On WRT54Gx type of routers, you will know when the script has finished executing because it will blink the Cisco orange LED on the front of the router (other routers should have a similar “tell tail” sign).

Update: This part was *removed after it was discovered to be a non-hardware agnostic feature.

As we are trying to see the absence of elements on the web, I recommend simply surfing to a couple of sites to see the affect.

However if you want to make sure the procedure was successful the first debug step in the troubleshooting section is a great place to start with.

*It’s actually commented out so you can restore it if your sure it will not cause problems on your setup.

Enjoy! Smile


If you run into problems there are a couple of things that you can do to check what went wrong.

  1. Test that the advertisement domain is resolved to the pixelserv IP.
    You can do this by issuing the nslookup command against the “offending” domain. For example the “” is part of the blocked hosts from the personal list. By issuing “nslookup” in a command prompt, the result should look like:
    Where a normal unblocked answer would look like:
  2. Do over.
    To make sure that nothing with your router’s setup is clashing with the ad-block configuration, restore the router to “Factory Defaults” and try again.  Once your successful add your custom changes in the hope that they don’t clash again.
  3. Make sure your client is using the router as the DNS.
    Especially when using a VPN or a network that is more complex then the normal router to computer setup, it is possible that your client computer is simply not using the router as its DNS. It is very easy to see in the command above what is the DNS server the client is using, If the IP is not the same as the router, you have found the problem.
  4. Clear your personal machines DNS cache.
    This is because otherwise you may still see the ads to the site your testing with, simply because your computer already knows how to get the advertisement content on its own without consulting the DNS for it. On windows this would be “ipconfig /flushdns”.
  5. Close the browser.
    Sometimes the browser holds the information cached, so clearing the DNS cache as shown above doesn’t help.
  6. When in doubt reboot.
    Sometimes the caches can persist and the best way to get rid of them is to reboot. Start with the router and if the problem persists, the client computer.
  7. Use syslog.
    You can activate the router’s syslog daemon and then look at the messages to see if the script encounters any problems, by examining its messages. Also the script adds some command aliases to make debugging easier.
    To do this go to the “Services” tab and enable the syslog daemon as in the picture below:
    Note: The “Remote Server” is used when you have a listening syslog server on another machine (like with kiwi) if you don’t have one, simply leave it blank.

    Once enabled, you can see the debug messages by looking at the /var/logs/messages file in a terminal.
    *To see ALL messages from boot-up you can use “more /var/log/messages”.
    *To see just the messages from the script in the log use the “clog” alias.
    *To see the messages as they come in, in real time, use ”tail -f /var/log/messages” or by its alias “tlog”.
  8. Understand the script.
    Even though I have made this YouTube video for an older version of this guide and the script,  it still holds a lot of truths and explanations that are applicable to how the new and improved version works.
Download the anti-ads pack.

May the router gods be in your favor Smile

Aviad Raviv, is an agile IT implementer that has reached the level of "Bankai" and is now working on incorporating the "hollow" side.

  • Published 11/3/10

Comments (141)

  1. michael

    awesome article, thanks a lot for your time!

  2. someguy

    or you could install privoxy on dd-wrt

    also works great

  3. Josh

    I am stuck with a WRT54GS v7 that only supports Micro. I have the SP1 Stable build. This says use the MINI version, but I wonder if the pre-sp2 MICRO build has support for this. Because the options simply aren’t there in the micro build.

  4. Aviad (a.k.a Hotfortech)

    Well the Prerequisite that said to use mini, also said enough space on the flash for JFFS… something that v7 doesn’t have… sorry dude but a firmware upgrade is not going to help here…

    You will need a hardware upgrade. :

  5. Aviad (a.k.a Hotfortech)

    At least when i tried using it, the ipkg was broken:

  6. Mike K.

    How does this ad-blocking affect ad-before-content video sites like Hulu,, and sometimes Youtube, etc. If I have ad-blocking enabled in Chrome or FF when I visit those sites, they refuse to serve up the video I’m looking for.

  7. Aviad (a.k.a Hotfortech)

    Well it depends on the site… but for the most part it doesn’t block the “in flight movie” pre-roles… as they usually come from the same domain as the actual content.

    I can say that i have not yet experienced any problem with YouTube, but i haven’t been using the rest of the sites you mentioned.

  8. Mike K.

    One last qustion :)

    Does this block the ads in the apps on an Android smartphone when it is connected to WiFi? For example, Angry Birds is currently free on Android, but has ads at the bottom of the screen. Do you have a smartphone that you’ve tested this with?

    This is an excellent guide and I’ll probably set this up this weekend. Thanks!

  9. Aviad (a.k.a Hotfortech)

    It may… as in if the ads work in the way that they are pulled from a server that’s on the blacklist, it will.

  10. Aviad (a.k.a Hotfortech)

    Mike K@ don’t have a smartphone yet, but wouldn’t mind getting one :)
    so have not tested with a smartphone but again this may work… however it may also brake the app so be aware.

    Looking forward to hearing success stories :)

  11. Gonzague

    Much easier : install OpenDNS on your router ( i mean use OpenDNS as your DNS and provide it via DHCP to your clients )

    On OpenDNS’s console, block the websites that serve ads :-p

  12. Aviad (a.k.a Hotfortech)

    Gonzague@ while i am noting this down for testing, right off the top of my head, this sounds like it would abolish local network resolve… wouldn’t it?

    I mean, if the machines think that the external DNS is where they should be registering too, they will try… but i doubt that the openDNS server supports this over the internet (and i’m not sure you would want it too either).

  13. chad

    Simply blocking the websites that serve ads will cause your browser to display some form of `failed to load’ image, and can cause the browser to retry loading frequently; that’s why the OP goes to such trouble to get pixelsrv into place — as far as the browser knows, the 1 pixel transparent image returned by the `ad server’ is the correct image, not an error of some sort.

  14. Aviad (a.k.a Hotfortech)

    chad@ That’s true as well, thanks for reminding me :)

  15. KingGainer

    “your running chrome on.”

  16. Aviad (a.k.a Hotfortech)

    Thank you for pointing this out, i assume it’s ok now?

  17. JVnorris

    For some reason. this is not properly working. I have gone completly from scratch and step by step. It “looks” like it is running and indead some sites are being blocked. but whenever i attempt the NS lookup I keep getting the real addresses of servers… I have Completly reset my router from scratch and still no dice.

  18. Hax0r

    Many pages load a external javascript to display the ads, you should deliver an empty file, not a gif, if a {random}.js is requested to avoid script errors.

  19. JVnorris

    figured the issue.. Not sure why but the soft link to the dlhost.tmp file is not working. For now I actually set the routers dnsmasq settings to look directly at the file in the tmp directory. Perhaps the script when writing the settings can double check and instead of using a link it can just direct the additional dnsmasq options to the tmp file instead in instances where there just is not enough room???

  20. Sammy

    Ive tried 3 times and Cannot get it to work.. Wireless Shows up But Wont Connect, DHCP quits, but I can Still Ping the router. Refuses SSH and telnet. Its like its there but its not. I do a 30/30/30 Reset and it comes back. Using a WRT310N . . Guess It may not be compatible with my model of Router.

  21. Aviad (a.k.a Hotfortech)

    JVnorris@ I tried that at first and i don’t recall what didn’t work that made me go with the softlinks… but your welcomed to change your copy of the script.

  22. Aviad (a.k.a Hotfortech)

    Sammy@ just emailed you…

  23. Wilson Tang

    Odd, I’m getting script errors when I try to run the server:

    root@TH:/jffs/dns# sh ./
    : not line 10: {
    : not line 12: }
    : not line 13:
    : not line 15: {
    ./ line 184: syntax error: end of file unexpected (expecting “do”)

  24. pierre

    I had to change line 50 in the from

    pixel=”`ifconfig br0 | grep inet | awk ‘{ print $3 }’ | awk -F “:” ‘{ print $2 }’ | cut -c 1-10`”254


    pixel=”`ifconfig br0 | grep inet | awk ‘{ print $3 }’ | awk -F “:” ‘{ print $2 }’ | cut -c 1-10`”.254

    Now it works like charme, thanks for the nice howto

  25. pierre

    @Wilson Tang

    look if the script is right formated. I used scp for coping the files from my mac to the router and got the same error coz the fileformat was wrong

    less ./

    I deleted the file and c&p the suff directly in the editor

    vi ./

    press i (for inserting)
    paste the script
    press ESC
    press :wq
    press enter

  26. Aviad (a.k.a Hotfortech)

    pierre@ odd, i’v tested the hell out of this setup…
    what router are you using?

    update: just retested by issuing the command manually… the dot you added is unnecessary in my setup (WRT54GL 1.1 & WRT54GSv3).
    again, I would like to know your setup so we can understand the reason for the difference.

  27. Aviad (a.k.a Hotfortech)

    Hax0r@ The pixelserver was not created by me, i’m just wrapping it in a usable self containing script.

  28. pierre


    I use a Netgear WNDR3700 with DD-WRT v24-sp2 (10/26/10) std – build 15506


  29. Aviad (a.k.a Hotfortech)

    I need to get me one of these… the tech specs are out of this world :)
    anyhow if that was the only problem i guess we can live with it…

    if i get this confirmed with some first hand experience, i’ll update the guide to reflect this somehow.

    thanks for the feedback :)

  30. mstombs

    The attached pixelserv binary is similar to that generated by my latest pixelserv19.c with “TINY” option albeit compiled using Tornado’s dd-wrt toolchain – should also compile with plain gcc and run on any Linux box (or under Cygwin on windoze), other compile options are more verbose and self-identifying!

    Any advice on what should be sent if request not for an image or .js, .bs etc gratefully received, crude url parsing currently disabled under TEST.

    This version of pixelserv in c is a small mod to public domain
    ** server.c — a stream socket server demo
    * from
    * single pixel http string from

  31. Aviad (a.k.a Hotfortech)

    I fear that i don’t completely understand what is it that your saying…
    are you requesting “feature requests” for your program?

    if so, please for the love of god enable giving the port one wants to run the pixel server on as a parameter (like pixelserver -p 81) that would have saved me like half of my code…
    if you could do that and compile it for DD-WRT i would definitely update the script and guide.

  32. mstombs

    The IP, port (and/or interface) has been configurable for a while, but I thought it was only useful for test purposes?

    You would need a nat divert rule to change all requests to a different port, dns poisoning won’t do that? Tomato has been modded to only let its web gui listen on the lan IP to port 80, freeing up port 80 for use by pixelserv on a dedicated router secondary IP created just for the purpose. Not too sure about dd-wrt, I can compile apps for dd-wrt but not the whole router code, but have routers that only work with dd-wrt. I’ll update the dd-wrt thread with latest versions when tested.

    All versions of pixelserv (both perl and c) to date are buggy with certain websites, as pointed out by Haxor above, a blank gif is sent in response to any request, and Internet Explorer often tries to execute the returned gif as a script – resulting in an Internet Explorer script error due to non-ascii character. Its not as simple as checking requested path type for png,gif,jp or .js and returning nothing – hence open to suggestions!

  33. Aviad (a.k.a Hotfortech)

    lets take this discussion offline… i’ll email you when i have some free time so we can discuss.

  34. Dan

    can this be done easily on PFsense?

  35. Aviad (a.k.a Hotfortech)

    my condolences for using PFsense… really my heart goes out to you… :
    BTW i’m sure this can be done on PFsense, but as for the easy part? lets just say you need to work on PFsense first… ooh ooh sorry that’s my sarcastic heart leaping out again…

    ok back,
    To tell the truth i never gotten to such a low level with PFsense as i have with DD-WRT, but my guess is that this shouldn’t be hard at all considering PFsense is a full blown OS, running on x86 hardware and with installable packages and all.

    as for doing it? i think it HAS been too long since i uttered our offices famous quote:
    “PFsence doesn’t make any… *sense* that is…”
    (couldn’t leave it unuttered with such a wide open invitation… sorry if i’v offended anyone)

  36. lumacd

    This all sounds great.BUT.being a newbee I don’t know how to get into my router at all..I have a Linksys 54mbps.wireless-G 2.4 GHz…it was set up by my son few yrs ago, who is now on assignment with the Army. Can you help me …?

  37. Aviad (a.k.a Hotfortech)

    i’m sorry but even assuming you already have DD-WRT installed (and that is one huge assumption), this procedure is not one that i feel comfortable doing remotely to someone that may not be able to revert from a problem back to a working state.

    i suggest you get to know ad-block, it’s a lot more suited for your needs.
    regards, Aviad.

  38. lumacd

    Don’t know what a DD-WRT is…where do I find it?????

  39. Aviad (a.k.a Hotfortech)

    Move away from the router… sloWly… (police megaphone style)

    the above line is just to emphasize that if you havn’t even heard of DD-WRT, yet, you are NOT ready to use it.
    as i said in the article, more information can be found on the DD-WRT web site, but i do suggest you take the time to think through what you are about to do.

    if your router even supports DD-WRT, the chances of making it a large paper weight are high! (i know because it happened to me).

    while i was able to restore my router to working order, this is not always possible without special hardware + software + tech knowledge… and even then it may not be possible.

    the bottom line is, if you want to learn welcome to the wonderful world of router modification and do start reading the DD-WRT web site. if you are looking for a way to “simply” block advertisements, again, look for the ad-block software for your computer.

    i hope this clears things up.

  40. oki

    HI there!
    It’s very nice guide however I’m using TP-Link TL-WR1043ND (AR9132 chipset) so I think that pixelserv MIPS binary is needed (since it’s no longer Perl script). Is such file exist and could someone provide it for me? :)

  41. Aviad (a.k.a Hotfortech)

    i think you should make this request on the forum thread the author of pixelserv “mstombs” is watching on DD-WRT’s site.
    That is the “Possibility of adding perl to dd-wrt” thread.

    also nice catch that your router is “Atheros” based and there for the pixelserv executable in the “pack” wouldn’t work for you. it’s just that i’v been using DD-WRT for so long on Broadcom hardware, i have neglected to think that this may be an issue for some.

  42. andy

    is it possible to configure a standalone ww-drt box for just dns separate from a different router? thanks!

  43. oki

    @Aviad (a.k.a Hotfortech)
    Yep, I deliberately chose Atheros when I changed my old WRT54G due to Broadcom’s closed drivers and general closedness of this company (since then I heard that Broadcom released source code – well better late then ever) , also I think that Atheros makes the best radios available. As You can see I’m very pleased with the hardware but different architecture is sometimes “PITA”. Anyway I don’t need this executable very badly I just wanted to check if this guide work’s. Thank’s for your reply and keep the good work. :)

    PS. As You probably guessed I’m not from America and I must say It’s not very long read at all! What about Gentoo installation guide (Handbook) or maybe “man gcc”. :) What’s wrong with You youngsters there? :>

  44. SL

    No problems getting this working on my WRT150N. Thank you! :)

  45. Aviad (a.k.a Hotfortech)

    you sure can, never done it before myself but as i recall it is as simple as putting it in the “Setup” tab.

    i’m not from America either, but i do recognize that if one wants to read this article from start to finish, it is going to take him some time. also the original version of the guide (can still be found on my original site) explained the script almost line by line because when it started it was about 10 lines…. now that it is 10K it is just annoying to explain everything that had to be done to make this procedure stable and i’m sure that average joe doesn’t really care to read that.

    as for the hardware, i’m still using my WRT54GSv3 that i got way back when. that is why it is easy for me to ignore the fact that DD now runs on other (folding the router’s antennae so it won’t hear) better routers. so if we do get an Atheros compiled version of the executable, i’ll update the guide accordingly.

    great to hear!
    success stories are always welcomed :)

    your welcomed :)
    i’m guessing that it worked for you then?

  46. @oki

    dd-wrt user sint did manage to compile a version for his DIR615 (Atheros WiSOC) , but had to remove the “-s” to produce an unstripped 84kB version. Its a single file c-program that just strings a bunch of c-library calls together. I test and run on 64bit Ubuntu or Windoze with Cygwin, then cross-compile for Broadcom or Ti AR7 mips, I do have a Fonera that’s Atheros, but quite different I think.

  47. m00n

    i had the same issue as pierre. i issued a scp command from my osx terminal to the router such as:

    >scp Downloads/anti-ads-pack-for-dd-wrt/ root@

    and the .sh file was a bit garbled on the router. running ‘sh’ on the router gave the same output that he posted. so, i opened the .sh file in a text editor and copied it directly into vi on the router. works like a champ.

    thanks for the guide, and thanks to pierre for the quick fix.

  48. Aviad (a.k.a Hotfortech)

    glad that the quick fix is working for you and that the script works for you :)
    i’m currently testing a newer version of the pixelserver executable, so keep an eye open for the update.

  49. oki

    I configured “OpenWrt Buildroot” from “backfire” branch, compiled pixelserv19.c and indeed it seams to be working fine here is my binary use at your own risk and I’m not responsible for any unwanted behavior (only for good things :) ). I also have similar script errors like Wilson Tang but I didn’t had time to look into it yet.

  50. Aviad (a.k.a Hotfortech)

    NICE!!! thank you :)

  51. oki

    Clearly there is some problem with “scp” command line tool because I also had to copy & paste script into “vi”, after that everything seems to work fine although avatars on this very page are also blocked. :D Now I have another idea (yeey :) ) – since dd-wrt allows creation of virtual interfaces with different SSIDs maybe it’s possible to setup two different SSIDs “my_net_noads” and “my_net” one with ad blocker and other without. If someone have any idea how to achieve that please let me know. Aviad (a.k.a Hotfortech) unfortunately this feature will not work on your router because older BCM chips lacking support for well don’t know something important… :)

  52. Aviad (a.k.a Hotfortech)

    I can have multi-SSIDs… i just rarely use wifi… and i’m sure i’m not the only one that uses the LAN side of the router…

    but to tell the truth, if someone wants to disable the blocking temporarily he can simply remove the added options under the DNSmasq options in the “services” tab.
    this will disable the ad-blocking until the next script refresh (1 hour) or router reboot.

    now that you mention it, i am missing the avatars here two… i’ll whitelist that site (… thanks :)

  53. oki

    @Aviad (a.k.a Hotfortech)
    It’s not about temporarily disabling ads, it’s about giving users on my network easy way of choosing if they want ad blocking on the router level or not without giving them access to the router itself.

  54. Aviad (a.k.a Hotfortech)

    i say just have a vote about it…
    because the return on the effort you will put into giving them a choice isn’t worth it.

  55. RMP

    Up near the top of this article there is one big glaring error. It is in the sentence, “By enabling SSH, we intern give ourselves the ability to connect to the router using the SCP protocol.” Can you see where it is? I’ll tell you. the word “intern” refers to a person who is learning a trade or craft. You need to replace that word with these two: “in turn”.

  56. Aviad (a.k.a Hotfortech)

    thank you for pointing this out… English is my second language after all.
    also as i use a text-to-speech program, they do sound the same, so that’s why i hadn’t noticed.

    I have now corrected the mistake.

  57. mstombs

    A problem of transferring scripts using winscp is often the line endings. The router runs a version of Linux and the BusyBox shell script interpreter expects Unix style line endings – and give the sort of errors reported above. You can use notepad++ on windows to change line endings. wordpad on windows will also open and preserve line endings, but the default text editor notepad only understands windows.

  58. Aviad (a.k.a Hotfortech)

    as far as i can tell the people having problems with SCP are only the MAC users…
    good tidbit though.

    I use “SciTE Script Editor” that comes with autoIT myself.

  59. Obsidience

    Thank you for the tutorial. I’ve verified that everything is working. The only annoying thing so far is that I’m now seeing the following error messages in Opera:

    A page on the public Internet requests data from your private intranet. For security reasons, automatic access is blocked, but you may choose to continue.

    So what’s happening is that Opera sees the external site making a request from my network and sees that as a possible cross site attack. I haven’t seen any settings to fix this as of yet within about:config. I’m wondering if I can reduce my subnet mask so that is not seen as local?

    Help appreciated!

  60. Oki

    @Aviad (a.k.a Hotfortech)
    I don’t use mac (God forbid :P) in this case i was using Ubuntu 10.10. Please don’t insult me. :)

  61. Aviad (a.k.a Hotfortech)

    Glad to receive a report of yet another success story!

    as for the problem, first of all WOW to opera for actually handling that within the browser, secondly there is one major issue that i can think of off the top of my head with your proposed solution.

    that is that if you make the pixel-server IP out of the range of addresses that the computer has access to on it’s local network, you would have to provide a route to it… and i’m not sure the router would pick up on that route to the additional sub-interface automatically… it should, but i can’t guarantee… so worth an experiment…

    i’ll put this down for later testing when i get a spare router to do it on :)
    if you beat me to the punch, please update.

  62. Aviad (a.k.a Hotfortech)

    my word, please accept my most sincere and deep apologies for the anguish i have put you through.
    mistaking an ubuntu user for a mac one… simply unheard of… XD

    still weird that your getting that problem though…

  63. Obsidience


    No success :(

    My networking experience is limited but I attempted to force my subnet to be rather than thinking it would see as external. Windows won’t allow this because it isn’t continguous. I attempted the same via dnsmasq options and the settings would not stick after a dhcp renew.

    The only other solution I can think of here is to host pixelserv on another subnet (e.g. but it sound like routing problems may ensue. If you have time to work on this I would be happy to test. If not – I can certainly live with the error pages.

    Thanks again!

  64. Obsidience


    Update, in about:config I found a setting under “network” called “allow corss network navigation”. After enabling this option and restarting the browser the issue is resolved with pages being served up the pixelserv image (albeit the addition of a possible security issue). Now navigating to sites like I’m not seeing the large “O” and error message in the iframes etc.

    So it looks like my issue is resolved but it’s not an ideal solution. I have about 16 computers on my home network and I don’t plan on reconfiguring all of them with this option. It would still be nice if the pixelserv was somehow seen as external because this issue may propagate to other browsers as security is enhanced.

    Food for thought and thanks again!

  65. Aviad (a.k.a Hotfortech)

    Actually i was thinking to change the router’s DHCP options of the subnet mask so the network would be
    that way you don’t have to set windows for anything and its automatic across the network.

    still don’t have a test router but i’m sure i’ll get one soon (about a week or so).

    BTW even if we get this train of thought working… the browser may still consider this a cross-site-scripting attack, because the IP of the pixel server is not the same as the site you’re accessing… :

  66. spacetrig

    heya, thank you for the guide

    got it working well for most of the websites

    however some pages take a loooooooong time to load, and I can see it is waiting for some ad servers to load (on the bottom of the page I can see waiting for

    if I ping that site it resolves to so the ad blocking is working… and it should be loading the 1×1 gif image, but it is timing out forever… is this relating to it actually trying to load something else but a .gif image like an earlier poster suggested? maybe it’s waiting for some sort of java code or flash code response and it has to time out?

    eg if you go to you will see
    waiting for

    Pinging [] with 32 bytes of data:
    Reply from bytes=32 time<1ms TTL=64
    Reply from bytes=32 time<1ms TTL=64
    Reply from bytes=32 time<1ms TTL=64
    Reply from bytes=32 time<1ms TTL=64

    now this only happens on SOME websites

    I've had this mod running for over a week, cleared DNS, etc, works great but just not understanding why some pages have to timeout
    running firefox 4

    any ideas what it might be?
    thanks a lot for your help

  67. Aviad (a.k.a Hotfortech)

    i think you hit the nail in the head… all of the above reasons are valid and possible.
    the only thing you have missed is that the version of the pixel-server executable included in the pack has some issues and that is why the script restarts it once and hour.

    i’m currently using the version “mstombs” provided on the dd-wrt forum and it works a lot better. maybe it will help you to replace the version from the pack with that one.

    i’ll update the pack once i’m sure that the new version fixes the old issues and doesn’t introduce new ones.

  68. m00n

    when should we look for an update?

  69. Aviad (a.k.a Hotfortech)

    about a week or so… as i don’t have a test router at the moment.

  70. spacetrig

    awesome, thank you for a prompt response
    looking forward to an updated version!

    really appreciate your hard work :)

  71. selece

    Hi, just got myself a WRT160N-v3. I installed everything correctly (dd-wrt v24-sp2 (01/02/10) mini – build 13575M NEWD-2 K2.6 Eko). Before following this instructions (clean fresh DD-WRT setup) everything works fine. followed the instructions without encountering errors. got connection to the router, and to the internet using IP address, but not DNS. laptop DNS point to WRT160N-v3 IP address.

    Can someone help / point to the right direction why the WRT160N-v3 doesn’t translate the DNS from my laptop?

    Many thanks.

  72. Aviad (a.k.a Hotfortech)

    this reminds me of the saying, “the world is a much bigger lab”…

    obviously this has something to do with the way the script interacts with your router’s DNS. i’m willing to help debug by remote control to get this resolve.
    if you want, either leave an email or hit me up on facebook. Aviad Raviv.

  73. selece

    Hi Aviad,

    help would be much appreciated using remote control. any way to email you without posting my email here?

  74. Aviad (a.k.a Hotfortech)

    when you leave a comment, the email address that you leave with the comment, is accessible to me from “behind the seens”.

  75. selece

    Ok. I’ve left my email. Many thanks.

  76. m00n


    Thanks for all your hard work on this. I truly appreciate it! I think I found this from lifehacker and I’ve since facebooked it, I am going to submit it to reddit too. Hopefully you are seeing lots of traffic and maybe we can get some more helpful eyes on the code as well.

  77. Nate


  78. Kermit

    Also saw this on Lifehacker and decided to give it a shot….glad I did! Works like a charm on my e2000….Great work :-)

  79. Aviad (a.k.a Hotfortech)

    glad to hear of another success story :)

    routing is my thing :)

  80. Oki

    I think that WRT160N is Atheros based router.

  81. 1_fast_RSX


    I have an e2000 also and this works at first and then after a little while the .254 stops severing up the 1×1 pixel and just times out?

  82. Aviad (a.k.a Hotfortech)

    while it should get automatically restarted once every hour, you may want to try the dev version of the pixel-server executable mentioned in earlier comments.

  83. Trevor

    So just finished my final reboot of the router, had no issues during the install/setup, but instead of loading blank spaces it looks like the ad is simply failing to connect to the ad server. On Chrome, any place that I would expect to see an ad, I get the message “This webpage is not available. The webpage at http://… might be temporarily down or it may have moved permanently to a new web address.” I get a similar message in Firefox that says “Unable to connect.”

    I pulled up command prompt and tried the “nslookup” that is listed in the troubleshooting steps and the address is coming up as the instead of the

    I am currently running DD-WRT v24-sp2 (05/07/10) std – build 14402 on a Buffalo WZR-HP-G300NH.

    Any recommendation on what I might have messed up on would be greatly appreciated.

  84. Aviad (a.k.a Hotfortech)

    your setup’s problem is that your router is atheros based.
    you need the executable version “Oki” provided on the dd-wrt forum and it’s also newer then the one in the pack so it works a lot better so far.

  85. mstombs

    For the record, the version of the c-compiled pixelserv 5k binary in the pack was V9 4th Nov 2009, one reason its so small is that the toolchain used has clearly stripped out any identifying printfs. This was a “single threaded’ version and can stall waiting on a browser acknowledgement message. Later versions went back to spawning a new process for every reply which may consume more router resources and ups the process id count, but should handle many more simultaneous requests and each sub-process waits an appropriate time to cleanly close the browser connection before exiting. Latest version is V19 4th Nov 2010 a couple of kB bigger with more options, some intermediate versions could leave almost zombie sub-processes around, one experimented with only replying to obvious image requests.

  86. Trevor

    Downloaded Oki’s pixelserv file and everything works wonderfully now. Very nice solution for the ad problem. Thank you very much Aviad, Oki, and anyone else who worked on this!

  87. Oki

    @Trevor You welcome, but I personally would like to thank mstombs for great piece of C code without his work all this wouldn’t be possible.

  88. mstombs

    Cheers Oki, but if you follow the history of development, mainly on Linksysinfo Tomato forums, you will see I was learning as I went using all available internet resources and the great opensource library functions enabled by GNU/Linux! I’m sure its harder to write the integration scripts that work on many different routers – I still don’t know what “awk” does… Still looking for ideas for selective response depending on what’s in the url request, and what a safe null block of javascript would look like.

  89. Aviad (a.k.a Hotfortech)

    updated the guide with your input… so have a look…
    as for the null javascript, that would be a “killer app”, but i fear that there is no “grand unified theory” for this one, as the creators of the JSs will simply change their code to adapt to what ever we come up with to block them:

    not that i’m against getting something… so if anyone has any input on this, please share…

  90. 1_fast_RSX

    missing an “fi” from the v2 script?

  91. Aviad (a.k.a Hotfortech)

    thank you for the feedback and please excuse the oversight… i eventually didn’t get a test router back so i had to manually added the “new code” from my home setup to the pack’s version…

    i’v corrected the mistake now.

  92. OFF732

    This is a great post.. I had trouble getting it to work.

    I have a different addressing scheme I am on a 10.10.10.x scheme. Not the 192.168.1.x
    When I attempted to make this posting work it would get caught on “waiting for the internet connection to come up”

    I then decided to find out how IP addresses were created for the “Pixel” server and found this line in

    pixel=”`ifconfig br0 | grep inet | awk ‘{ print $3 }’ | awk -F “:” ‘{ print $2 }’ | cut -c 1-10`”254

    Upon further investigation, when the script is run it creates dnsmasq.adblock.conf.
    This file is like the personal ad blocking list. But it had address=/ <—This is an illegal Ip

    All i had to fix this problem was take the line from the script to look like this…
    pixel="`ifconfig br0 | grep inet | awk '{ print $3 }' | awk -F ":" '{ print $2 }' | cut -c 1-9`"254

    I changed the last 10 to a 9 and rebooted the router after deleting the files that were created automatically, and presto worked like a charm.

    Not sure if this is a problem that can be fixed, but here is the solution for people running anything other than 192.168.x.x addressing schemes.

  93. Aviad (a.k.a Hotfortech)

    thank you for the feedback.

    actually this CAN be fix and shame on me for using characters instead of fields as delimiters for the “what is the router’s current IP” operation.
    i’ll get the test router back (shouldn’t be long now) and fix this to work for IP schemes that are not 3 digit octets.

    thank for pointing this out.

  94. 1_fast_RSX

    Can someone help me figure out why this won’t work over an SSH tunnel or VPN? Everything works like its supposed to on the local network but through the tunnel I get an instant connection reset in firefox. When I try to havigate to the router IP of I get an instant connection reset, but when I append the port 81 ( it get’s me right into the dd-wrt interface. I think the firewall redirect isn’t working on these remote connections but don’t know enough yet to fix on my own.

  95. Tom Andersson

    Thanks for this guide!
    I got 1 problem after installing this tho. Some web pages have trouble loading and I have to wait for timeout before loading next step.
    For example, first load part of the site and then freezes of what i believe ad server.
    Example pic:
    I have this problem with all my devices with different browsers and different OS.
    Do anyone have a solution for this?

  96. 1_fast_RSX

    Looks like it’s this newer version of pixelserv that is doing this. It seems that the v2 pack on this forum doesn’t listen on all available interfaces like the old version did.

  97. 1_fast_RSX

    Any idea’s on how to fix?

  98. Aviad (a.k.a Hotfortech)

    I don’t know… i know it has been a while since i’v created that portion of the script, but as i recall the pixelserv was never binded to “all interfaces” just the one new sub interface that the script creates at run time… so what your suggesting doesn’t sound spot on to me.

    in related news, i now got the test router back and its here to stay, so i’ll get on trying to see if i have some input for you as well as keeping my promise to OFF732.

  99. 1_fast_RSX

    so far I had to use version 15 to get what I want working from this forum

    I can’t seem to get the interface switch to work for the SSH tunnel and VPN on v16 and above.

  100. mstombs

    The recent compiles of pixelserv bind to a specific interface, which defaults to “br0”, not too sure why – security paranoia I guess, but I remember much discussion many years ago about Linux kernel ‘owning’ all ip addresses and sometimes arp replying through wrong interface, for which there was a “hidden” patch which wasn’t accepted and had to be updated for every kernel update…, so when I found out how to do it – I did!

    Behaviour can be changed at runtime with “-n eth0” for example, but I don’t think disabled, sorry. (-i already used for inetd mode). I guess the interface has to exist before starting this version of pixelserv. There’s another report of pixelserv stopping working after wireless config changed – possibly relating to the definition of br0 being changed while running.

    Easy to re-compile without the interface check by not defining IF_MODE, sounds like I should remove the default!

  101. 1_fast_RSX

    mstombs, I would be interested in a compile with the default removed if you have a chance to do it? Please leave a link to it if you have time.

  102. mstombs

    @1_fast_RSX I have just posted a broadcom test build on, which addresses your issue and another report of “multiple stuck processes” when comms broken. Apologies broken that ruie about not making multiple changes

    If no further issue I will test on dd-wrt and then post there, but currently wary coz my test router is running a re-compiled CFE and custom tomato extended nvram code.

    @Tom Andersson
    lifehacker slow here, with an old blocklist but does load, most likely an attempt at blocked javascript from one of the many links.

  103. mstombs

    Now up to V21, drops by default to restricted user “nobody”, same as dnsmasq on Tomato at least

  104. mstombs

    Posted Broadcom pixelserv.c binary V22 on dd-wrt forums, dd-wrt doesn’t support restricted user “nobody” so option removed. Should finally fix the problem with multiple hanging processes with associated broken connections sitting in “FIN_WAIT2”, same problem caused older single threaded version to block, requiring restart. Does not bind to an interface by default, Sig used to trigger count log output changed from the system SIGHUP to SIGUSR1

  105. OFF732

    I was noticing that the problems stated above are due to the fact that sometimes I get an “AD” that would have been displayed but instead I get “The connection was reset The connection to the server was reset while the page was loading.”

    Looking at the LOG file I found out that during that time it was trying to connect to the “Pixelserv” on port 80 instead of the new port specified in 81 under Iptables.

    /usr/sbin/iptables -t nat -I PREROUTING 1 -d -p tcp –dport 80 -j DNAT –to

    I’m not sure this is the problem you might be having with the pixel server trying to access port 80 instead of 81, and just waiting for it to time out, but that’s what I’ve experienced.

  106. OFF732

    @Tom Andersson

    I had that problem, I had to add “” to my whitelist worked great after that.

  107. OFF732

    No wait I take that back, upon further investigation that will only allow ad’s through, There is still the problem of somewhere it is not redirecting to port 81, still 80.

  108. mstombs

    pixelserv does listen on port 80, its the dd-wrt gui that’s move to port 81 in the current script – check the ips used.

  109. Aviad (a.k.a Hotfortech)

    sorry i haven’t chipped in in awhile guys (didn’t have anything to contribute to the discussions), but ya…mstombs is correct i did move the router’s webGUI because at the time it was not possible to move pixelserv. later on this was already in place and there was no benefit in changing the script that had already gone through the stress and aging QA procedures.

  110. Aviad (a.k.a Hotfortech)

    version 2.1 was just pushed out with the 3 octets fix.
    again thank you for pointing this out so i can improve the “code” to fit a wider set of setups.

  111. Jeff

    I notice that is still in your block list…. what do you have against chat avatars?

  112. Aviad (a.k.a Hotfortech)

    you know, i don’t remember… l0l…
    i think this is a simple over filtering… or it may have been added by the other contributer to this list.
    at any rate, i’ll take it out.

  113. mstombs

    Oki has now posted the Atheros compile of pixelserv.c V22 on dd-wrt forums, this should fix problem with occasional stuck sub-processes.

  114. Sepi

    I noticed some things are being blocked like and a few links in google. Unfortunately even adding to my whitelist I was having it blocked. Another problem I’ve been having has been finding a simple way to turn this off. It seems if I just remove the startup/firewall commands and reboot my router tends to hang forcing me to do a 30/30/30 reset and reload all my settings. Any suggestions or ideas for an easier way to turn filtering on and off?

  115. Aviad (a.k.a Hotfortech)

    your router is not stock, it’s just that the webGUI is on port 81 and you removed the firewall redirector from 80 to 81.
    in order to turn the filtering off without a reset, do this:
    1. go to the services tab and delete the additional DNSmasq options.
    2. remove the startup script.
    3. do NOT remove the added rule to the firewall.

    that’s it.. this should be enough.

  116. o0110o

    Great post! I just started a related thread on the DD-WRT forums, you folks may want to check it out:

  117. christoph

    Does anyone knows exactly how much space does it need to run?

  118. Aviad (a.k.a Hotfortech)

    Actually, you could probably get by with about 20K for just the script and pixelserv executable files.
    this is because i’v put in “code” that will use the lists from RAM if there isn’t space on JFFS.

    hope this helps…

  119. christoph

    oh really?

    actually I tried already, everything was working perfect at the beginning, but got into some weird problem, so I check the files I put into the router to see how much it increased after the reboot and it was using 900 KB or so, and at that moment I thought that it was because I run out of space, cuz I think I have round 700 KB free, so I erased everything BUT the problem still persist, so it was not the build and now that you mentioned, I have a lot of RAM free like 18 MB, so the problem is something else. well I’m installing it back

    have to mention, that this is actually the only one that works for me, other methods works well half the way, cuz I get lots of “page could display” errors and even times works and other don’t even for the same ADD server

    so this method is just perfect for me, thanks guys

  120. Aviad (a.k.a Hotfortech)

    ya the router does have a “problem” reporting the actual free amount of space… that’s why it was hard to make the limits of minimum space required in the script… i think that it compresses stuff that go to jffs, but i have never confirmed that and thats why it looks like something should take more space then it actually does…. again IMHO.

    as for other methods, ya… DD-WRT has too many gotya’s to use a simple script… my script was about 10 lines when it was created… now it’s 10K…

    Glad you like my work, but i’m not fat enough to be addressed as you guys :P

  121. christoph

    yeap :)

    working just perfect, now got to fix my problem.

    thanks again

  122. narsaw

    Can someone tell me how to “whitelist” or allow adsense (google) ads to get through? I really don’t mind those ads as they are sometimes useful

    Thanks much

  123. sde

    Since the webgui is redirected to port 81, the webgui is now accessible from the internet even though http remote administration is disabled in the webgui. Anyone know how to fix this?

  124. sde

    Well, looks like the only way is port forward 81 to non existing ip. Webgui is still accessible thru ssh tunnel since it appears local to the router.

  125. Aviad

    @sde what?
    I’ve just had a second look at the configuration to see if there is an actual problem, because mstombs provided one, when he enabled running the pixelserver on a specified port.

    however, i was not able to reproduce the situation your describing… also logically the iptables on the INPUT chain simply don’t allow such a thing.

    perhaps you could explain what is your setup, and what you are trying to accomplish?

    also this line “Webgui is still accessible thru ssh tunnel since it appears local to the router.” makes little sense out of context, could you elaborate?

  126. Cool job

    Great job works well

    If you do an scp from a *nix remember to strip out the dos characters or you get
    Wilson Tangs problem…
    root@TH:/jffs/dns# sh ./
    : not line 10: {
    : not line 12: }
    : not line 13:
    : not line 15: {
    ./ line 184: syntax error: end of file unexpected (expecting “do”)

  127. Kingster

    Aviad: While implementing this on my router, I found issues, not only with the script as described by folks like Wilson Tang, but the rest of the “text” files provided.

    As “Cool job” pointed out, users of a “true” scp (like on a Mac, PuTTY’s pscp, or the scp provided in Linux) will NOT do end of line automatic end-of-line conversions (removing ^M) like WinSCP, so people not using WinSCP will have issues when trying to run the transferred files. Additionally, because of the extra characters, the files called by the DNSMasq entries will “break” the router, requiring a 30-30-30 reset usually.

    I’ve repaired the EOLs on all scripts in the current file (2.2, as of this writing) and uploaded it here:


  128. MrT69

    @ Kingster:

    Sorry m8! This link is not existing… :(

  129. Jeremy

    I’m all about Internet Performance tweaking. I already use ad block plus and dd-wrt and several other tweaks but I’ve been researching absolutely all over the internet to get a definitive answer as to whether this will increasing speed and reduce latency issues or not. I can’t figure out if it will or not. At one time I used to have a massive hosts file on my computer and turned off DNS caching because the file was so big it actually was reducing my internet speed until I turned that off… here again I’m about ready to try this guide out but wanted to ask if anyone has any idea if this will make things more faster?

  130. duc


    I, too, would like to know this as well. I am currently using privoxy.

  131. johnk

    Currently have an issue with a website. It a music website that have mostly youtube links, but half the videos are just white and if you right-click it you get adobe flash setting so i can’t understand what’s wrong with only some of the embedded links?

    I have added the website and even youtube to the white list and but still have the same issue. If i stop the blocking those videos work fine.

    Please help/

  132. Jake

    Thanks for this walk-through. I followed the instructions to the letter and it works perfectly on my E2000 router.

    However, I’ve encountered a pair of minor resulting issues. First, it appears that my Xbox360 doesn’t like the ad blocking as tabs on the dashboard are flickering on/off and I’m randomly being disconnected from XBL. This YouTube video ( ) isn’t mine, but is shows the exact issue I’m having as well.

    Secondly, and this may not be related anyway, but my GoogleTV Rovi guide won’t download any listings. It states in the setup that the listings are downloaded over the RF input, but there are also spaces for ads on the guide that are not populating. This leads me to believe there may be a connection.

    My thought was, is there any way to set up whitelist for specific IP’s on my network to bypass the ad block script all together? I have static leases set up for both my Xbox360 and my GoogleTV, so if I could set up an “ad DMZ” so to speak, I wouldn’t have to worry about finding and locating the ad url’s and whitelisting them, just to have them change in a few months or miss some ect…

    Any help anyone could provide would be greatly appreciated, thanks!

  133. Aviad

    I haven’t thought of implementing an exempt list… not a bad idea… but currently i don’t have a need for it.

    What i can suggest, is that you point the clients that you don’t want to use the ads-filter to use another DNS server manually.
    You can follow this guide to use the Google DNSs, or this guide to using openDNS.

    That way the one client that’s having problems will not use the ads-filter and the others will.
    sorry its a bit of an archaic answer, but it should work with the least amount of effort.

    I enjoy getting new success stories , so thank you for the feedback.

  134. Jake

    Of course! I don’t know why I didn’t think to simply manually set up the DNS servers on these devices to something other than my router.

    I’ve successfully resolved the issue on my Xbox360 (and am going to comment the fix on the YouTube video I linked to).

    I have yet to find out how to do so on my GoogleTV (the network setting options aren’t very extensive, very PnP), but I’m sure I’ll discover a way.

    Thanks for the help!

  135. Roger

    Thank you Aviad, very well done.
    I install it on my router, and the first time, my router have reset itsell to default setting.
    Have retry and work perfectly.
    But as soon as I configure the PPTP Server on the VPN tab, nothing work.

    Any idea to solve my problem, because I very need PPTP server.
    My router is a ASUS RT-N16 (using mega build) , but I also try it on a ASUS WL-500g V2 (using std build) with the same result.



  136. Neeral

    Thanks for this very useful script. My only issue: the newer DD-WRT versions are so large that there is no space for JFFS on my router anymore. Is there a way to get this to run from a USB flash drive plugged in the router? I copied the files to the USB drive and made sure to have the router run the command: “/mnt/dns/” on startup, but no luck.

    I can confirm that it’s running the script because if on Administration page, I run the script in the execute commands box, it outputs that its sleeping for 30 seconds waiting for router to boot up. I feel like I’m pretty close, but just missing something small to get it to work right.

    Any ideas? Any help would be appreciated, thanks!

  137. Aviad

    I think the script has some “hard coded” locations that rely on the script to be were the guide instructs you to put it… my guess?
    do a substitution on all the /jffs locations in the script to the new location of your USB mount… good luck :)

  138. Aviad

    define “nothing works”?

  139. Neeral

    You were right and it was A LOT easier to fix than I expected. As you said, I just used replaced all “/jffs” to “/mnt” in script and now it all works perfectly from USB drive!!! Thanks man!

  140. Aviad


    No problem, I’m glad your issue was solved so easily :)

    May the power of free code be with you, always… ^_^

  141. Garren

    It may be worth noting that your is ff=dos. Open it in vi on the router and it’s littered with trailing “^M”.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!