AdBlocking with TomatoUSB Router – Ad free Internet for all your devices (70)

    November 25th, 2012 | Tags: , , , , , , | Posted in Guides, Tech

    Left: Before implementing AdBlock script. Right: After Adblock scripts on TomatoUSB router

    Left: Before implementing AdBlock script. Right: After Adblock scripts on TomatoUSB router

    The Internet is flooded populated with advertisements today. There are AdBlock plugins for browsers. But what about mobile devices like non-rooted or non-jailbroken Androids and iOS devices?

    Recently, I chanced upon a Kickstarter project called AdTrap. It introduces a small zero configuration device that removes advertisements from your Internet connection before they reach any of your home devices. This device is connected between your modem and home router. Sounds cool? Yes if you are willing to fork out US$132 (inclusive of US$12 shipping if outside US / Canada).


    Do I need the AdTrap project to achieve that? No!

    So I gave it a thought – with dnsmasq on the TomatoUSB-enabled router (e.g. ASUS RT-N66U, Linksys E4200), I could probably achieve ad blocking with DNS Cache Poisoning on the TomatoUSB-enabled router. Too geek? In simpler terms, I can make the TomatoUSB-enabled router resolve known advertisement domain names / hostnames to invalid addresses like

    As a result, I will be able to filter advertisements from the Internet before they reach any of my devices at home.

    I started to google around to see if anybody has used the DNS Cache Poisoning  technique (using dnsmasq) and found that somebody actually did the scripts (! Did a little modification to it and here it is.



    29 Apr 2014

    Added Pixelserv for ASUS RT-AC68U. Download Pixelserv (ARM) v43-2.

    28 Apr 2014

    Pixelserv does not work on ASUS RT-AC68U as it was originally compiled for Broadcom architecture. The ASUS RT-AC68U is based on ARM architecture. Instead of using Pixelserv, I decided to use NGINX web server to perform the role of pixelserv. Check out AdBlocking with NGINX: Serving 1 pixel GIF and 204 No Content.

    7 Dec 2013

    Updated  the script to use pixelserv V31. The changes are in the base64 encoded block. Previous version of pixelserv requires a parameter “-n br0″ which is no longer required in V31. Updated the base64 block to reflect that.



    1. TomatoUSB-enabled router like ASUS RT-N66URT-N16, Linksys E4200ASUS RT-AC66U
    2. Flashed to TomatoUSB firmware (I am using TomatoUSB on my RT-N66U and RT-AC66U)
    3. Geeky mind to do some troubleshooting


    Inserting the AdBlocking script

    1. Using a web browser, login to the TomatoUSB web administration page
    2. Navigate to Administration -> Scripts -> WAN Up tab
    3. Copy and paste the contents below. Then save and reboot the router


    Verifying that the script is running

    1. After the TomatoUSB router has rebooted, ssh into the router
    2. Verify that is created by typing “ls /tmp” without the quotes
    3. Verify that the adblock script is running by typing “cat /var/log/messages | grep ADBLOCK” without the quotes
      It should show that it has N amount of entries for hosts and dnsmasq is running
    4.  Congratulations! Ad block is running!


    How do I remove the script?

    To remove the script. Simply delete the content of the WAN Up tab, save and reboot. The /tmp/ should go away.


    What is in the base64 text block

    In TomatoUSB, all scripts are limited to 4096 characters hence some scripts are gziped and converted to base64. The contents of the base64 block is based on the following script. You can also verify by checking the contents of the file /tmp/ You do not have to copy and paste the below script anywhere. I am showing here for illustration purposes only. If you are geeky enough, you can also use the command


    The AdBlock Sources

    I have actually updated the AdBlock sources to one that is more suitable for me. The codes that are responsible for the AdBlock sources are:

    You can choose which hosts files will be downloaded to block ads, update the variable GETS. I am downloading all of them.

    A little explanation about TRIM_BEGIN=2:

    S1 contains hostname only, it will be copied without formatting. While S2 to S6 are file formatted to replace hosts file, these files will be formatted to works with AdBlock. TRIM_BEGIN tells AdBlock which sources need formatting (from S2 to the end). Well usually you don’t need to touch this. Yes, you can add new blacklists to it.

    If OPTIMISE=”Y”, AdBlock will remove duplicated entries.


    Custom Whitelist and Blacklist

    You can add inline whitelist and blacklist to the script by updating this chunk of the codes:


    Auto Updating of AdBlock sources

    By setting UPDATE=”Y”, AdBlock will update the AdBlock entries at 4am daily according to the time specified in the cron rule.


    Getting Pixelserv to work

    Pixelserv is a super minimal web server whose sole purpose is to serve a 1 x 1 pixel transparent gif file regardless of request. When USEPIXELSERV is enabled (set to “Y” instead of “N”). The ad blocked hostnames are resolved to PXL_IP (which actually points to the router itself). This result in your web browser requesting resource from Pixelserv.

    To get Pixelserv to work, simply do the following:

    1. Download Pixelserv V31 or Pixelserv (ARM) V34-2 (for RT-AC68U).
      For non-ARM routers (e.g. RT-AC66U, RT-N66U) use the Pixelserv V31. For ARM-based routers (e.g. RT-AC68U, RT-N56U), use the Pixelserv (ARM) V34-2.
    2. Unpack the package and upload it to your webhost or the public folder of your Dropbox
    3. Update PXL_URL to point to the location of  pixelserv on your webhost or Dropbox without the https (e.g.
    4. Update PXL_IP to a unused IP address on your network (e.g.
    5. Update USEPIXELSERV to “Y”
    6. Change TomatoUSB Web Admin page to run on port 8080 (TomatoUSB –> Administration –> Admin Access –> HTTP Port)
    7. Save the changes and restart the router

    Do note that you will need to append :8080 to your router IP if you intend to access the Web Admin in the future.


    Some useful hosts to whitelist

    I will update the below list whenever I find some desktop / web applications breaks or do not work as they should. Do share your findings too.


    Treat shadowandy!

    If these step-by-step guides have been very helpful to you and saved you a lot of time, please consider treating shadowandy to a cup of Starbucks.  

    70 responses

    1. 2 issues when I try this out.

      1. script does not seem to run even though was created
      2. when I try to manually run in shell, errors were thrown and after debugging, the shell don’t seem to like < > & tags. after the tags were changed, i was able to run

    2. JR,

      Thanks for informing. I think the blog engine messed up the html tags. Updated and it should be fine now.

    3. Works like a champ. I just tried IE which I never use and therefore on which I have not installed any kind of ad-block. Didn’t get a single advertisement no matter which ad-infested hellhole of a website I tried. Thanks! This is effing awesome.

    4. Barry,

      Glad that it worked for you. Do share it with your friends (if they are using TomatoUSB). :)

    5. Hi Thanks..i tried the script it works on my old WRT54GS_v4, but the internet speed was like slow/ cap down to 10Mbps UL/DL in Without adblocking i’m able to gain back to the ISP give speed of 50Mbps. Was it because the WRT54GS_v4 cpu is too slow ?
      Is the script able to run in ASUS RT-N56U ?, which is my current router.

    6. shiki,

      The script does require some computational resources to lookup its (downloaded) adblock hosts so I think that the legacy WRT54* series of routers couldn’t process it efficiently.

      Unfortunately, the ASUS RT-N56U does not support 3rd party tomato-based firmwares. Hence, it won’t be able to benefit from this script.

    7. Hi,

      Would this exact same method still work on DD-WRT? Maybe some modifications?


    8. Hylian,

      From what I read, the script is applicable for DD-WRT too. Just that you will need to insert this custom scripts on the appropriate sections of DD-WRT.

    9. pixelserv v27 works well on ASUS RT-N66U with TomatoUSB (Shibby). Moved the TomatoUSB (Shibby) Web Administration page to port 8080 and pixelserv executed without issues.

      Now all those advertisements (on my pages) are replaced with blank transparent images (gif)!

    10. when doing cat it shows the undecoded file not the one you have pasted. Can you possibly host the file without the html?

    11. Bill,

      The base64 block generates “/tmp/”. The file is the script in section “Inserting the AdBlocking script”.

    12. Hi,

      I tried this on my Tomato router (Asus RT-N16). I see and in /tmp. However, I think I’m still seeing ads ( Not sure if it’s working. Is there a site with ads you recommend I visit to verify the script is working properly? Thanks.

    13. Vinh Nguyen,

      You will need to use your router as DNS for it to work. The other thing to check is to do a nslookup for “” to see if it resolves to or

    14. I followed what you described here, and—How-to-configure-DNS-on-Tomato-firmware-routers.html to use the router as DNS, and this is what I get still:

      $ nslookup

      Non-authoritative answer: canonical name =

    15. Vinh Nguyen,

      From your nslookup, I see that you are using Google’s public DNS and this should be the reason why the AD Block script did not work for you. You will need to use the router as your DNS server. This way the advertisement hostnames will get resolved to / by your router due to the hosts file on your router.

    16. I entered and in tomato per—How-to-configure-DNS-on-Tomato-firmware-routers.html, guess that’s google. What do I enter or how do I set up to use the router as DNS? Thanks.

    17. Vinh Nguyen,

      Do a nslookup for using your computer. I need to know which DNS server are you using on your computer.

    18. From my home NAS:

      $ nslookup

      Non-authoritative answer: canonical name =

    19. Vinh Nguyen,

      It appears that the script is not executing. Please ensure that the script is running by going through the section “Verifying that the script is running”.

    20. Just rebooted router to verify everything.

      ssh into router:

      # ls gen.md5 share
      etc home var
      gen.last mnt

      I originally had ADBLOCK, but just checked, and this is what I see:

      # cat /var/log/messages.0 | grep ADBLOCK
      Jan 10 18:19:20 router user.notice root: ADBLOCK: hosts sorted.
      Jan 10 18:19:20 router user.notice root: ADBLOCK: 34761 entries
      Jan 10 18:19:21 router user.notice root: ADBLOCK ERROR: restarting dnsmasq…

      On computer:

      $ nslookup

      Non-authoritative answer: canonical name =

      Do I have to do something to start dnsmasq?

    21. I tried this on a Tomato flashed router (Linksys WRT54G-TM) and it doesn’t seem to be working. It looks like I’m having the same issue as Vinh.

      From running your checks, I get:
      # ls /tmp gen.last mnt var
      etc gen.md5
      gen home temp
      # cat /var/log/messages | grep ADBLOCK
      Mar 12 23:34:21 unknown user.notice root: ADBLOCK:
      Mar 12 23:34:21 unknown user.notice root: ADBLOCK:
      Mar 12 23:34:28 unknown user.notice root: ADBLOCK:
      Mar 12 23:34:34 unknown user.notice root: ADBLOCK:
      Mar 12 23:34:47 unknown user.notice root: ADBLOCK:
      Mar 12 23:34:52 unknown user.notice root: ADBLOCK:
      Mar 12 23:34:59 unknown user.notice root: ADBLOCK: 70453 entries
      Mar 12 23:34:59 unknown user.notice root: ADBLOCK: sorting hosts…


      Non-authoritative answer: canonical name =

      When I try with pixelserv I also get “Mar 12 23:51:36 unknown user.notice root: ADBLOCK ERROR: cannot start pixelserv”

      Any thoughts?

    22. Sorry for the double post, but I couldn’t figure out how to edit the last comment.

      I tried running the verification again and got this:

      # ls /tmp gen.md5 pixelserv
      etc home
      gen.last mnt var

      # cat /var/log/messages | grep ADBLOCK
      Mar 12 23:51:36 unknown user.notice root: ADBLOCK ERROR: cannot start pixelserv
      Mar 12 23:51:41 unknown user.notice root: ADBLOCK:
      Mar 12 23:51:41 unknown user.notice root: ADBLOCK:
      Mar 12 23:51:47 unknown user.notice root: ADBLOCK:
      Mar 12 23:51:54 unknown user.notice root: ADBLOCK:
      Mar 12 23:52:05 unknown user.notice root: ADBLOCK:
      Mar 12 23:52:09 unknown user.notice root: ADBLOCK:
      Mar 12 23:52:17 unknown user.notice root: ADBLOCK: 70453 entries
      Mar 12 23:52:17 unknown user.notice root: ADBLOCK: sorting hosts…
      Mar 12 23:57:56 unknown user.notice root: ADBLOCK: hosts sorted.
      Mar 12 23:57:56 unknown user.notice root: ADBLOCK: 36584 entries
      Mar 12 23:58:01 unknown user.notice root: ADBLOCK ERROR: restarting dnsmasq…

      # nslookup
      Address 1:

      Address 1:
      Address 2:

      I also wasn’t sure how to use my router as the DNS server.

    23. Can you give an example of how to add multiple URLs to the white list? If you try, the dropped down menus gets blocked. The same goes for java rich sites like or

    24. Two questions:

      1) Do I have to reboot when the hosts files are updated for them to work?
      2) How do I check for updates manually?

    25. Barry,

      The hosts file will automatically be updated daily on the router. However, your computer or device may cache the old records.

      To manually force an update, you can either reboot the router or disconnect and reconnect your WAN connection.

    26. I’m unable to watch videos on and can’t seem to get the whitelist to work. Which entries are required?


    27. I’m not sure which whitelist entries (or how to use it period) are needed to view videos on


    28. Eek. Double post. Didn’t think the last post went through.

    29. Barry,

      Your previous posts were flagged as spam by Akismet.

      As for watching videos on, it appears that you need to whitelist “” (without the quotes).

    30. shadowandy,

      thanks for this wonderful script, which i had been running for long time now. But, all the sudden it stopped working as it seems. I looked at my log file, and it shows same error as ving and nayan pointed out. Im not sure if last line has anything to do with not working properly. Can you help us out?

      Dec 5 20:01:22 unknown user.notice root: ADBLOCK: 68392 entries
      Dec 5 20:01:22 unknown user.notice root: ADBLOCK: sorting hosts…
      Dec 5 20:04:07 unknown user.notice root: ADBLOCK: hosts sorted.
      Dec 5 20:04:07 unknown user.notice root: ADBLOCK: 44577 entries
      Dec 5 20:04:10 unknown user.notice root: ADBLOCK ERROR: restarting dnsmasq…

    31. Mal,

      Did you do anything recently that might potentially cause it to break? Cos it is pretty unusually for it work work all along and suddenly not to work if nothing was done.

      One way is to reduce the number of AdBlock sources to see if it helps.

      Change the line GETS=”1 2 3 4 5 6″ to GETS=”1 2 3″ and restart the router and see if it still throws error.

    32. Ok, so going through one by one GETS, i found that its the very first one (S1=””) causing restarting dnsmasq error, otherwise dnsmasq is running shows. I also thought it may be hosts file size issue or something, but even with only S1 active, it shows that error.

      Also, I was trying to understand code above for base64 and wondering if all my files are there or not. i currently have under /tmp,,, gen.last, gen.md5, and home, var, mnt, etc, and share directories. shouldn’t I have gen file for all the hosts that were sorted when I remove s1 entry from above and dnsmasq is running properly?

    33. Mal,

      There should be hosts file in /tmp (/tmp/hosts) that contains the list of addresses to be ad blocked.

    34. Ahh, so it seems that my hosts file is not being generated at all even with dnsmasq is running which i thought was the culprit. Any idea why this is?

    35. Mal,

      Can you follow the above instructions and do it again? Cos it is rather difficult to troubleshoot. I’ve just implemented it on my ASUS RT-AC66U and it is working fine so the instructions are still working.

      And what firmware version and router are you using?

    36. I guess no replies means issues solved?

    37. No, it’s not solved yet. I been away on mini vacation and will confirm more findings today. Thanks again.

    38. mal,

      Good that you are still around. Because most don’t get back after getting their problem solved.

    39. same issue, hosts file wont generate. Just cant figure it out, it worked before and now all the sudden it wont. btw my router is wrt310n v2 with tomato 1.28

    40. Mal,

      The available memory on the router (WRT310N V2) might be causing the issue. Try replacing the AdBlock Sources section with the following:

      GETS=”1 2 3 4 5″

    41. yea, i have pretty much same that im using. I also think it could be memory related, but here is my memory consumption under status.
      Total / Free Memory 29.07 MB / 18.13 MB (62.35%)

      GETS=”2 3 4 5 6″

    42. Mal,

      I think you might have to cut down on the number of block list. I think your router might have problem with some of the lists.

      My free RAM amount is higher and maybe that is why I don’t counter any issues (yet).

      Total / Free Memory 249.29 MB / 225.72 MB

    43. Hi!
      The script works fine!
      But when it running the DnsCrypt doesn’t work :-(
      Is it possible to fix it?
      Thank you.

    44. Bob,

      That is not a problem with the script. You can either use DNSCrypt or AdBlock.

    45. Shadowandy. Thanks for answer.
      I don’t know what I should to do for it.
      DNSCrypt works fine.
      But when I run AdBlock script
      DNSCrypt stop to work right…
      I’m not programmer :-(
      but seems to me that
      in DNSCrypt and in AdBlock script
      do conflict. Hm.
      Could you help with this?
      Happy New Year!

    46. Bob,

      You have any details on how you have implemented DNSCrypt? I think all DNS requests bypassed the router’s AdBlock DNS causing it not to work.

    47. […] to Administration -> Scripts -> WAN Up tab. If WAN Up tab is used for AdBlock, use the Firewall tab […]

    48. Hi there.
      I am pretty happy with your script but wondering about how to add a new blacklist. Actually I don’t know how that list should me formatted.

      Lets say i want to use that list:
      do I just have to paste it in your script as for example #7 ?

      Since my nslookup looks like that, I the script works, right? Used pixelserv on IP




    49. Don,

      The easylistgermany.txt only has got hostnames entries so trimming is not required. You can see the difference in how the files are formatted for S1 and S2. So you have to insert the easylistgermany as S2 (and shifts the rest back [S2 becomes S3, S3 becomes S4, etc.]). Also set TRIM_BEGIN=3.

      Lastly, yes. Your nslookup should look like that. It is set up correctly.

    50. Thanks for your quick reply but unfortunately it doesn’t work.
      Before adding the list (and before sorting) 63305 entries and after adding the list and restarting the RT-AC66u as well.

      The list does not contain full hostnames but just parts like

      So I assume they need some special adaption.

      There is just a few AD-stuff left and I think I can live with that 😉
      Thanks a lot anyway for your effort!

    51. Don,

      I did not realise that the list is meant for adblockplus. The script in this page does not support that format.

    52. Ok thanks a lot!

    53. hullo

      tried this recently but there’s a big gotcha here – the script as written above blocks BBM. Would proably need to remove some of the hosts sources but I didnt bother to test.

      Anyone already have ideas on this?

    54. […] you recently upgraded to ASUS RT-AC68U with TomatoUSB (Shibby) and had been using the AdBlock script, you will realise that previous pixelserv does not execute on ASUS RT-AC68U as it was compiled for […]

    55. AdTrap is a neat device, but it acts like it’s own router. I had problems because, out of the box, it double-NAT’d everything and broke stuff.

    56. Hello. I have a an ASUS RT-N16, Easy Tomato 0.8

      Am trying to configure to run OPENVPN and your Ad Block script.
      I have installed the OPEN VPN and it works.
      I have installed your script, verified it and installed pixelserv.
      No joy for ad blocks.

      Also adblocking does not work if I disable the OPENVPN script.

      Here is the results of my
      $ nslookup

      Tomato v1.28.0008 RC2
      root@unknown:/tmp/home/root# nslookup
      Address 1:

      Address 1:
      Address 2:

      What setting do I need to change to have ads go away?

      Do I need a different version of Tomato?
      Is it even possible to use OPEN VPN with your script?

    57. My logs keep saying that pixelserv can’t be started.

      Here is my script:

      I’m using Shibby 1.28.0000 MIPSR2-121 K26 Max on a WRT320N.

      Any ideas what’s wrong? Any help would be greatly appreciated.

    58. Hi Andy,
      Cool script. I’m having trouble getting it to run on my e3000 router. When I run

      cat /var/log/messages | grep ADBLOCK

      I get the response:

      Jul 17 20:58:14 tomato user.notice root: ADBLOCK: 59589 entries
      Jul 17 20:58:14 tomato user.notice root: ADBLOCK: sorting hosts…
      Jul 17 20:58:53 tomato user.notice root: ADBLOCK: hosts sorted.
      Jul 17 20:58:53 tomato user.notice root: ADBLOCK: 0 entries
      Jul 17 20:58:54 tomato user.notice root: ADBLOCK: dnsmasq is running

      Any ideas what’s happening there?

    59. Thanks for the script, it’s working great! I’m not sure what I messed up while setting up Pixelserv, but starting over from scratch did the trick.

    60. Buck Bailey,

      Great to hear that! Sometimes it is the blacklist list that ia causing problem. Some routers has got lesser amount of RAM and it cannot process as much addresses. In these type of situation, it is best to remove some adblock sources from the list. It is quite a trial and error process.

    61. tony,

      The Dropbox seems to be causing problem for the pixelserv download. You might want to put the file on a webhost if you have one. Otherwise, you might want to try out using nginx to do the adblocking (

    62. I had absolutely no problems setting up this script on my new RT-AC68U, it’s perfect and the speeds seem better compared to adblock plus, but I haven’t tested this. I just have some questions. I did not enable/install pixelserv. all ads are indeed blocked, but I am wondering if pixelserv is actually needed. Does pixelserv add speed? Is it lightweight? What pro’s are there to using pixelserv instead of leaving it disabled?

      Anyway mega-thanks for this amazing script.

    63. Hi.. thanks for the scripting!
      I noticed the BLACK variable list doesn’t work. Should it be
      echo “$BLACK” |sed ‘s/\s/\n/g’|sed ‘/^$/d’ >> $GEN
      instead of
      echo “$BLACK” |sed ‘s/[ \t]*/\n/g’|sed ‘/^$/d’ >> $GEN

      I had to change
      to the redirected URL
      since the script complained it was not a text file (from the .asp) and never completed.

    64. Thanks so much for this but it has stopped blocking ads for me as of Sept 2014. I went back and added all 7 “GETS 1 2 3 4 5 6 7″ sources and rebooted, still no luck.

    65. How would one go about whitelisting an IP address from the ad blocker? For example, with this enabled, my Sony Blu-ray player connects fine to the network, but says it has no Internet access, so can’t check for s/w updates and such. If I connect to another Wi-Fi network, it works fine.

      Is there a way to exclude the Blu-ray’s IP from being ad blocked? Thanks in advance!

    66. Pete,

      You will need to find out the hostname to be whitelisted though. Sometimes googling does help as others might have documented it somewhere. :)

    67. […] Try this. shadowandy – my life stories – AdBlocking with TomatoUSB Router – Ad free Internet for all you… […]

    68. What’s the difference between this script and the Clean, Lean and Mean Adblock by Haarp? I see both can use pixelserv… I don’t know much adbout adblock for tomato, could you enlighten? Thanks!

    69. TQ,

      Both scripts does it the same way, resolving known advertisement hosts to a prefixed IP address for blocking.


    Leave a Reply


    Treat shadowandy!

    If these step-by-step guides have been very helpful to you and saved you a lot of time, please consider treating shadowandy to a cup of Starbucks.  


    Recent Comments

    Friend's Blog

    Interesting Links

    Previous Postings