Privoxy and pi-hole

My favorite time is when the raspberry pi foundation releases something new. Why, you ask, am I so happy? Read on and I will show a few easy steps to block even more ads with RPi3.

Using the software Privoxy, we are able to reduce even more javascript run ads. While pi-hole does block domains by their IP, it can not block scripts hosted on the legit domains. Take a moment to look over the enclosed details.

Tutorial to install and use Privoxy transparently:
-Update software on RPi

sudo apt-get update
sudo apt-get upgrade

-Install it

sudo apt-get install privoxy

-Edit it and change these lines accordingly

sudo nano /etc/privoxy/config

listen-address  192.168.X.X:8118
accept-intercepted-requests 1

-Edit the file /etc/sysctl.conf accordingly

sudo nano /etc/sysctl.conf
net.ipv4.ip_forward = 1

-To enable the transparent proxy type

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8118

-Save the the IP tables (follow after install)

sudo apt-get install iptables-persistent

Thank you for following along. As a test check and see if all the ads are gone from speedtest.net

2 Likes

My apologizes for splitting this tutorial into two posts.

Continuing...
-Change your routers gateway DHCP lease to your RPi IP.
-Reboot the RPi

sudo reboot

Now check and make sure Privoxy is working here http://config.privoxy.org/. Hopefully this should work and Privoxy will run on boot alongside dnsmasq.

so this: """listen-address 192.168.X.X:8118""" would be the rpi ip address?

this """Change your routers gateway DHCP lease to your RPi IP.""" you need to elaborate on..

I may not quite understand what you mean but my first thought was.. : does he want me to use the rpi as a dhcp server????

Ah... I know what you mean now..

is there any performance hit on this?

if not it should be bundled with pi-hole!!

Unfortunately with java script heavy website (amazon.com) load time is impacted.

Load time 2 seconds amazon.com nothing
Load time 7 seconds amazon.com privoxy & pi-hole

Here's my router config

thx.. I might try this again.. I just found a Docker container of pi-hole & privoxy (2 seperate) so might try running both as docker instead of VM.. :slight_smile:

1 Like

To my surprise, after changing my gateway back to my router, Privoxy still intercepted HTTP requests. How could this be?

With default gateway . . . . . . . . . : 192.168.11.1
The performance is as follows:
-amazon.com no Privoxy: 2 seconds
-amazon.com Privoxy and router as gateway: 1 second

How is my pi running Privoxy still blocking without being connected to the proxy?

Sips coffee

your image can't be enlarged... I can barely make out the text :slight_smile:

is it caching?

Sorry -> right click view image.

I cleared my cache in firefox.

Maybe since Pi-hole redirects ads to itself? I've never used Privoxy.

Macat12 I think you are right because the request is sent to the RPi which has an IPtables policy. The Pi-hole has always provided a fake domain response for ads. Due to IPtable listening for incoming packets on port 80 and forwarding them to Privoxy port 8118, it blocks even more ads. However, this does not use all Privoxys has to offer and only helps when the DNS trick is not working.

P.S.
If anyone is having Privoxys service fail on boot, tell Raspbian to start it later:


sudo nano /etc/rc.local
/bin/sleep 20 && /etc/init.d/privoxy start

I am playing with pi-hole on my local network, and I find that even if I whitelist my local AD domain, setting the pi-hole to my primary dns still wreaks havoc on my PC with other programs. So, instead, I set up the pihole as a web proxy.

However, instead of using privoxy, I install tinyproxy. Then, I go into FireFox and configure http proxy to the IP of my pihole, the port (set for 8888), and setting the "use this proxy for all protocols", and checking off Remote DNS.

It works fantastic, and is very fast.

The only downside is that none of stats are logged, as even though the browser is supposed to be making dns calls to the proxy, nothing is logged.

Oh, and a secret - my "pi-hole" device is really just a stock Debian 8 vm running under Hyper-V. The autoinstall script worked like a charm. So, even if you don't have a Raspberry PI, you can still have the same function of a virtual machine running in a hypervisor such as Hyper V or even Virtual Box.

Hey digitlman,

That is a good way to force only Firefox to use pi-hole and avoid dns errors with other programs. And it not have much overhead, as you mentioned. However, Firefox already has a addon (adblock plus) that blocks ads and allow you to write your own rules. What do you get from pi-hole that you don't get from adblock plus?

@dan019 The main advantage Pi-hole has over browser-based addons is that it blocks ads network wide, so even Android, IOS, or Windows Phone devices can have ad blocking. It also blocks it at a DNS level, causing the ad to never even be downloaded.

I cannot pass this code

-To enable the transparent proxy type

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8118
</code

it said

modprobe: ERROR: ../libkmod/libkmod.c:557 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.21-v7+/modules.dep.bin'
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


Update : Code pass already , just install again but i cannot enter http://config.privoxy.org/ I dont know my privoxy in running or not.

Okay, so you have ipv4 forwarding enabled in /etc/sysctl.conf. You updated to say you were able execute the command correctly without any errors. Now, did you make it persistent after reboot by installing iptables-persistent and following their instructions?

Remember, in order for privoxy to intercept and remove ads from webpages that are not HTTPS, the gateway set on the router must be the IP of you RPi. You can check the status of privoxy using the command systemctl status privoxy.

yep , im install iptables-persistent already.

And i set listen-address to my RPi ip.

you mean in red box or blue box ?

Blue box is RPi ip from pi-hole.