^ -- Up
This guide will show your how to edit DG834g and similar routers to enable it to block adverts and to do port translation using iptables.
You will need ssh access to your router. To do this you may need to first flash a custom firmware image onto your router. For this guide, I am using DGTeam Rev. 0849 firmware on a Sky Broadband branded DG834g.
To block adverts from the local network, we will download a custom host file onto the router. After logging into the router we need to cd to a writeable directory, then download the file:
Now we need to kill and restart dnrd so it flushes the dns cache and uses the downloaded host file:
Now your will need to flush the dns cache on your computers (or simply restart them):
Adverts will now be blocked for every device on the local network
To help stop script-kiddies and bots trying to bruteforce my ssh server, I want to map a high number port, ie 23932 on my router to port 22 of my ssh server. This blocks the majority of dumb bots from trying to bruteforce the root account (which is disabled anyway. duh!)
For this example, the ssh server is 192.168.0.50 on the default port (22). To make your ssh server more secure, use key-pairs instead of login passwords, or/and google authenticator for 2-stage login. This will make bruteforce attacks useless.
Unfortunately these changes are NOT persistent, so you will need to redo this every time the router is rebooted.