I just got a GL-MV1000 and setup AdGuard, and its working amazingly. The only issue I’m having is that all my clients in the logs show as localhost. I can’t figure out what setting I change to make it so it shows all the clients IP’s instead of localhost.
Would be fantastic if it could do individual clients because then you can start using client based policy settings which you can’t at the moment (eg kids devices have Facebook blocked but parents devices don’t).
Ok i did some research and testing and i think i found how to display each client instead of only 127.0.0.1 (localhost). It is not a real solution but more like a workaround that is clearly not perfect.
In Open-WRT (the OS used in GL.iNet routers) there is dnsmasq installed, this is a program that provides DNS and DHCP functionality to the router. By default dnsmasq listen to port 53 and by default all your devices connected to your LAN/WLAN private home network use port 53 to make DNS requests.
However AdGuard Home is pre-configured by GL.iNet to listen to port 3053 for DNS requests because port 53 is already taken by dnsmasq on your router.
When you enable AdGuardHome in the ADMIN PANEL of your router, you basically tell it that you don’t want to use dnsmasq anymore for DNS but you’d like to use AdGuard Home to provide the DNS service (with ad blocking added compared to using dnsmasq). However all your devices in your private home network already send their DNS requests to port 53 (dnsmasq).
So when you enable AdGuardHome, GL.iNet configured the thing to add a DNS Forwarding Rule to tell dnsmasq to forward the DNS request to 127.0.0.1 (aka this router) port 3053 (the port used by AdGuard Home). You can see that forwarding rule by going to the Advanced Admin Panel > Network > DHCP and DNS > DNS forwardings 127.0.0.1#3053. When you disable AdGuardHome that DNS Forwarding Rule disappears.
So if you want every device IP address to be displayed in AdGuard Home you need to cut off the middle man (dnsmasq with that DNS Forwardingg Rule) without disabling dnsmasq because it still provides the DHCP service by default. So you want the DNS requests to directly go from our devices to AdGuard Home, in that case the DNS part of dnsmasq is not used.
What we have (by default) :
Connected Device (smartphone, PC …) ----> port 53 dnsmasq —> port 3053 AdGuard Home
(DNS requests come from 127.0.0.1 because they come from dnsmasq)
What we want (requires changing some ports) :
Connected Device (smartphone, PC …) ----> port 53 AdGuard Home
(DNS requests come from each Connected Device IP address)
Steps to do :
1. Backup your router configuration in case something goes wrong, go to the Advanced Admin Panel > System > Backup / Flash Firmware, in the " Backup" section click on “Generate Archive”. Wait a couple minutes then the download window will appear to save the archive on your computer.
2. Use Putty to connect via SSH on your router (by default 192.168.8.1 port 22, login as: root, password: <router_admin_password>)
If you don’t know how to use the Linux (OpenWRT is a Linux distro) “vi” command, read this VI Editor with Commands in Linux/Unix Tutorial to know how to go from Command Mode to Insert Mode to insert or delete text and how to save the modifications or exit without saving.
3. Change the dnsmasq port to something else like 5300 (by default if nothing is specified dnsmasq uses port 53)
In the Putty terminal use “vi” command to add on a new line port=5300 at the end of dnsmasq.conf file vi /etc/dnsmasq.conf
Then save and exit
4. Change the AdGuard Home port to 53 (by default GL.iNet configured it to use port 3053)
In the Putty terminal use “vi” command to change the dns port to “53” in the AdGuard Home config.yaml file vi /etc/AdGuardHome/config.yaml
The beginning of your config.yaml file should look like this :
5. Restart your router, and check in AdGuard Home if you can see your device IP address now.
If you want to undo what we did, change back the AdGuard Home port to 3053 and dnsmasq port to 53 then restart the router. Or Restore your router configuration with the Backup Archive generated in step 1.
I haven’t tested in depth this modification of ports for dnsmasq and AdGuard Home but it seems to work. I don’t really know if it breaks something else from dnsmasq or something preconfigured by GL.iNet.
I used this post as a baseline :
The first message by “brokenpipe” (the author) tells us to leave the default port 53 for dnsmasq and port 5353 for AdGuard Home (their default port for AGH is not the same as our default port 3053 configured by GL.iNet).
Then in 2.3 instead of changing the port for AGH he adds 2 iptable PREROUTING rules (one for UDP¨one for TCP) in the /etc/firewall.user file to tell the router to replace each DNS request coming from devices (port 53) with port 5353.
So each device send the DNS request on port 53, the router modifies the port to change it to 5353 and then the request ends up going to AGH instead of dnsmasq.
I tried his method but the /etc/firewall.user file already has a script probably made by GL.iNet. If i add the 2 PREROUTING rules before or after the script (i have to adapt this and change port 5353 with port 3053 and change 192.168.1.1 with 192.168.8.1 the router IP Address) and restart the router then nothing changes. And if i delete the script and add the 2 PREROUTING rules and restart the router then i cannot connect to the Internet. So this method doesn’t work for us unless someone is good enough to modify this script orGL.iNet does it for us.
Then the message from “beerisnotacrime” advises us to change ADH and dnsmasq ports just like i explained and this seems to work for us.
Wow, thank you. Someone had to do it. localhost as source was no good from the start. I’ve been waiting for this since I own these routers. I hope it will work. But I have just installed 3.203_beta1 this morning so one step at a time.
OK it seems that i can access the internet just fine, but i found a couple problems with my method :
It seems like all DNS requests from 127.0.0.1 are reverse DNS loockups (requesting the host name to local IP addresses like “18.104.22.168.in-addr.arpa”). I don’t know if this behavior is normal. I can still block DNS requests from 127.0.0.1 but it doesn’t seem right.
Some of the DNS requests of my PC (IP address 192.168.8.101) come from its IPv6 address. I don’t know if this is normal or not.
Although i can now see the IP address of my connected devices, It seems like AGH cannot resolve the hostname and replace them with their hostname.
It would be nice if GL.iNet could provide a real solution for AdGuard Home that integrates well with the way they pre-configure their routers.
From what i understand the solution provided by @rp201rp is different from mine.
Instead of telling AGH to listen DNS request to port 53 (instead of the default 3053), he added a “DNAT” rule (or Destination NAT) in the router’s config. So that for every paquet that is a DNS request sent to the router to port 53, the router will keep the source IP but change the destination IP to port 3053.
So the router basically routes all DNS requests to AGH without the need to change AGH or dnsmask config and without modifying the source IP (of our connected devices).
In that case, AGH will receive DNS request from each device as if they were configured to send DNS to port 3053. And dnsmask will sit here doing nothing because no paquet will reach port 53 because they are changed to port 3053 bu the router itself.
His solution should be added alone (add it to the end of /etc/config/firewall file) and is simpler than mine because there is only 1 step. I haven’t tested it but it seems like it should work.
I tried that solution but it did not separate the clients. if that also works then great because If I recall it caused some other error. perhaps a requred reboot or firewall rerun or som eother specific difference in my testing environment yielded negative results. any time I forwarded to another port agh stopped separating the clients.