My favorite time is when the raspberry pi foundation releases something new. Why, you ask, am I so happy? Read on and I will show a few easy steps to block even more ads with RPi3.
Using the software Privoxy, we are able to reduce even more javascript run ads. While pi-hole does block domains by their IP, it can not block scripts hosted on the legit domains. Take a moment to look over the enclosed details.
Tutorial to install and use Privoxy transparently:
-Update software on RPi
To my surprise, after changing my gateway back to my router, Privoxy still intercepted HTTP requests. How could this be?
With default gateway . . . . . . . . . : 192.168.11.1
The performance is as follows:
-amazon.com no Privoxy: 2 seconds
-amazon.com Privoxy and router as gateway: 1 second
Macat12 I think you are right because the request is sent to the RPi which has an IPtables policy. The Pi-hole has always provided a fake domain response for ads. Due to IPtable listening for incoming packets on port 80 and forwarding them to Privoxy port 8118, it blocks even more ads. However, this does not use all Privoxys has to offer and only helps when the DNS trick is not working.
P.S.
If anyone is having Privoxys service fail on boot, tell Raspbian to start it later:
I am playing with pi-hole on my local network, and I find that even if I whitelist my local AD domain, setting the pi-hole to my primary dns still wreaks havoc on my PC with other programs. So, instead, I set up the pihole as a web proxy.
However, instead of using privoxy, I install tinyproxy. Then, I go into FireFox and configure http proxy to the IP of my pihole, the port (set for 8888), and setting the "use this proxy for all protocols", and checking off Remote DNS.
It works fantastic, and is very fast.
The only downside is that none of stats are logged, as even though the browser is supposed to be making dns calls to the proxy, nothing is logged.
Oh, and a secret - my "pi-hole" device is really just a stock Debian 8 vm running under Hyper-V. The autoinstall script worked like a charm. So, even if you don't have a Raspberry PI, you can still have the same function of a virtual machine running in a hypervisor such as Hyper V or even Virtual Box.
That is a good way to force only Firefox to use pi-hole and avoid dns errors with other programs. And it not have much overhead, as you mentioned. However, Firefox already has a addon (adblock plus) that blocks ads and allow you to write your own rules. What do you get from pi-hole that you don't get from adblock plus?
@dan019 The main advantage Pi-hole has over browser-based addons is that it blocks ads network wide, so even Android, IOS, or Windows Phone devices can have ad blocking. It also blocks it at a DNS level, causing the ad to never even be downloaded.
modprobe: ERROR: ../libkmod/libkmod.c:557 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.21-v7+/modules.dep.bin'
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Update : Code pass already , just install again but i cannot enter http://config.privoxy.org/ I dont know my privoxy in running or not.
Okay, so you have ipv4 forwarding enabled in /etc/sysctl.conf. You updated to say you were able execute the command correctly without any errors. Now, did you make it persistent after reboot by installing iptables-persistent and following their instructions?
Remember, in order for privoxy to intercept and remove ads from webpages that are not HTTPS, the gateway set on the router must be the IP of you RPi. You can check the status of privoxy using the command systemctl status privoxy.