Privoxy and pi-hole

Under the Network Setup (LAN) tab, look under Gateway IP because it may be there. Good luck.

I cant change gateway ip of modem to rpi ip because modem dont let me change may be they conflict ip?


another problem ( I guess )
I Cannot start privoxy via putty

Starting privoxy (via systemctl): privoxy.serviceFailed to start privoxy.service: Access denied
failed!

Try starting privoxy like this:

sudo systemctl status privoxy.service

Perhaps, instead of not changing the modem's gateway use bridge mode. Can your modem connect to another router? I think you can turn on bridge mode. Then, you can use your router to change the gateway IP.

is it compatible with the raspberry pi zero + pi hole ?
and is it worth it ??? oh and can i fake the X-Forwareded-For (XFF) address with it?

and @dan019 you ve said:

With default gateway . . . . . . . . . : 192.168.11.1
The performance is as follows:
-amazon.com no Privoxy: 2 seconds
-amazon.com Privoxy and router as gateway: 1 second

how can you achive a faster benchmark with enabled privoxy oO??
that make no sense at all for me.

how to update privoxy?
do i need any further configurations??

No the pi zero may not be up to speed, but give it a try!

You can update Privoxy with the apt program, it will also update all software. Privoxy is a caching proxy, it improves load time by caching the webpage locally. However, it only works for http, I will have to investigate why amazon had a boosted benchmark (it is https so it shouldn't work).

I'm currently not using privoxy anymore because it was conflicting with the Netflix iPhone app. If you also encounter this problem please share, it will help!

@dan019 "Privoxy is a caching proxy"

wut its a caching proxy??

a quote from the official privoxy website:

"Privoxy - Home Page

Privoxy is a non-caching web proxy ..."

now i am confused

i better stay away from privoxy since i dont see any advantage of it and i also dont want to keep two things running becuase i dont want to debug two applications if something goes wrong. btw their website looks pretty ugly tbh. At the end it doesnt matter how many tools you use to block ads or protect yourself as long as you browse through the internet you are not bullet proof. some ads will always make it through because each website is individual.

pi-hole does already a great job i think its not needed to use a proxy solution aswell.

Oh haha yea it is a non-caching proxy! It has been like five months since I used it so I forgot.

You're right pi-hole is great, I've been using it since the beginning. This was a project to see what over network things the Pi can do. Did you know this type of "man-in the middle" proxy of intercepting a webpage and editing it on the fly is actually used by some ISP?

Using privoxy you can mimic an alert warning an ISP will send out if they catch you torrenting things like game of thrones from the pirate bay. To send you an alert they modify non secure webpages and inject javascript that tells you something like "strike one!" that pops up. This message is persistent on every http page until you accept their terms and close it.

So how does this relate to privoxy? Because you can mimic the way they inject javascript into pages with privoxy and create your own fake popups. Scary! That's what I've learned, so it does have potential. If their was a way to make it the default gateway, without messing with your router it might have had some potential in the project to remove more ads.

1 Like

sorry if i was rude/broke any rule i didnt meant to.
but torrents are mostly filled with malware/trojans and its illegal.
my english is not perfect.

That's OK. We just don't need name calling in our forums.

1 Like

Strange... I enter your code and it's said

● privoxy.service - Privacy enhancing HTTP Proxy
Loaded: loaded (/lib/systemd/system/privoxy.service; enabled)
Active: active (running) since Sun 2016-10-30 15:18:07 UTC; 2 days ago
Process: 941 ExecStart=/usr/sbin/privoxy --pidfile $PIDFILE --user $OWNER $CONFIGFILE (code=exited, status=0/SUCCESS)
Main PID: 943 (privoxy)
CGroup: /system.slice/privoxy.service
└─943 /usr/sbin/privoxy --pidfile /var/run/privoxy.pid --user priv...

Oct 30 15:18:07 raspberrypi systemd[1]: Started Privacy enhancing HTTP Proxy.

Active already ? , but why I cant enter config page ?

I dont know how to set to bridge mode , I will check again.

So , my privoxy run normally already that's mean I already use privoxy right ? haha , little confuse here.

Normally to use Privoxy you have to set the address of the pi as a proxy in your browsers settings.
However, you don't have to do this, if you change your default gateway. This shows the network topology in action.

Hi,

When using privoxy make sure you exclude certain domains with wpad.dat or proxy.pac.
Not sure if you can do the same if you run privoxy as transparant.

There is also programs that can ipmort adblock pro rules into privoxy.
For element hiding you can/must also setup a webserver to redirect.

Seeing all stuff above I assume you can do the setup yourself.

After installing privoxy on a system, already running pi-hole and dnscrypt, I found the privoxy service didn't start after a reboot. The error message in the log is "Fatal error: can't bind to xxx.xxx.xxx.xxx:8118: Cannot assign requested address"
By adding the following lines to the unit section of /lib/systemd/system/privoxy.service, this problem seems to be solved.
After=network-online.target
Wants=network-online.target
Add the lines AFTER the Description entry.

I also found you do not need to change the default gateway (routers gateway) setting, instead, since we already have a webserver, put a file called proxy.pac in /var/www/html, containing the following:
function FindProxyForURL(url, host)
{
return "PROXY xxx.xxx.xxx.xxx:8118; DIRECT";
}

change your browsers proxy configuration to use the proxy.pac file (or configure your router, if possible, with an auto proxy configuration setting)
The screenshot below is captured from edge


you need to replace xxx.xxx.xxx.xxx in this post with the IP address of your Raspberry pi

Hi. I followed your guide on a fresh install of raspbian and got this after the transparent proxy command (sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8118
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.)
insmod is not downloadable.
I'm not sure where to go from here.

If you've run apt-get upgrade there is a good chance that your kernel was updated. The update will remove the kernel modules for the current kernel, and that's solved with a reboot. If the reboot does not solve the issue, please post the output from uname -a and we can see if the problem is with the modules or with another part of the configuration.

1 Like

Should we also add port 443, privoxy also works on https
Or does it need to go to another port

I don't think HTTPS and privoxy would work very well. However, I have not personally tried it so I can't confirm. Remember that to act as a proxy for encrypted website you must decrypt and reencrypt the page on the fly. While the Pi can intercept plain web pages quickly, adding encryption will slow things down.

More website are using encryption and self serving ads managing HTTPS is going to be important.

You cannot "filter" https with privoxy out of the box. Your clients will not exept the footage. (certificate erros)
Better see privvoxy as specific URL blocker.
Pihole can only block domains.
Privoxy can block specific paths and supports wildcards.
Diverting all traffic through privoxy as gateway makes it slow on a pi (only 100Mbit, slow network performance)
@jpgpi250 With privoxy as transparent gateway there is no need to setup proxy settings on browsers. Your solutions sets a normal proxy functon to the client instead of transparent. Setting both methods (so gateway=pihole and browser proxy url) might cause issues as traffic will/might flow through pihole twice.
Better choose 1 method:
Set transparent using dchp set gateway or configure browser proxy like your screenshot

Better use privoxy as proxy and not as transparent. (You need to setup your browser's proxy settings in that case or have DHCP inform clients about the pac file)
In your pac file you can make exeptions (*.googlevideo.com and update.microsoft.com) to speed up video loading or microsoft updates for example.

@jpgpi250 good find about the startup loading of privoxy! (/lib/systemd/system/privoxy.service)

Maybe someone still checks this thread.

you wrote :
"Better see privvoxy as specific URL blocker.
Pihole can only block domains.
Privoxy can block specific paths and supports wildcards."

Can the Privoxy function to "block specific paths and supports wildcards" be imported into pi-hole to replace "block domains" ?

Then I would be able to control my 3 family LANs at the router level and still impose specific restrictions on each device via Privoxy.

I would like that very much!

Thanks.

Hi,

I do not think pihole is capabele.
The privoxy rules are imported from several adblock pro subscription lists.
Easyprivacy etc.
If you have your DNS server send out the proxy settings (wpad.dat) you have sort of a centralised solution.
It is possible to have multiple privoxy running on 1 machine.
In wpad.dat you can assign ip to specific proxy

Jeroen