Ad Blocking Pi Hotspot

The purpose of this tutorial is to create your own Wi-Fi hotspot with ad-blocking capabilities from a Raspberry Pi

Items Needed:

• Raspberry Pi 3 Model B
• Access to a wired Ethernet connection
• Micro SD Card with Raspbian Jessie
• A Micro Usb "Power Supply" for the Raspberry Pi
• A way to view your Pi, such as a monitor with an HDMI cable or the ability to SSH into the Pi
• A keyboard and Mouse to interact with the Pi

Programs to be used:

• HostAPD
• Dnsmasq

Assuming your Pi has a fresh install of Raspbian it is recommended that you do a few small things first, if you already have an Up-To date Raspbian you can skip this first step.

To start we can enter into the Pi's software configuration tool by typing the following command:

• sudo raspi-config

from here i recommend:

• changing the user password to something you will remember.
• changing the "Hostname" to Pi-Fi Hotspot (or another name you would prefer for your pi).
• Open the "Boot Options" tab (Number 3) and enable "Wait for Network at Boot".
• Opening the "Localization Options" tab (Number 4) and setting up any changes such as: Timezone, Language, Keyboard Layout, or legal Wi-Fi channels in your country that you may need.
• Opening the "Advanced Options" tab (Number 7) and selecting "Expand Filesystem" to allow the Pi access to all of the space on your SD card.
• Exit by selecting "" with your arrow keys and pressing enter.
• When prompted to reboot the Pi select yes.

Although not needed, it is strongly advised to confirm that Raspbian is up to date. To update the Pi run these commands one after the other:

• sudo apt-get update
• sudo apt-get upgrade -y

Updating the Pi may take some time, so feel free to stand up and stretch.

HostAPD will be used to create a WPA-secured network.

First, run the command to download HostAPD:

• sudo apt-get install hostapd

Now we need to configure the ".conf" file using nano, or your favorite text editor. (if this file doesn't exist, create it)

• sudo nano /etc/hostapd/hostapd.conf

add the following lines:

• interface=wlan0
• driver=nl80211
• ssid=Pi-Fi
• hw_mode=g
• channel=6
• macaddr_acl=0
• auth_algs=1
• ignore_broadcast_ssid=0
• wpa=2
• wpa_passphrase=Example #Replace "Example" with the password of your choice
• wpa_key_mgmt=WPA-PSK
• rsn_pairwise=CCMP
• ieee80211n=1 #802.11n support
• wmm_enabled=1 #QoS support
• ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]

Example: See above image

Edit the file /etc/default/hostapd and change the line:

• #DAEMON_CONF="

To:

• DAEMON_CONF="/etc/hostapd/hostapd.conf"

HostAPD is now configured.

NAT, or Network Address Translation, allows your Pi to receive multiple devices connections and for them to share a connection into the internet. NAT is supported in Raspbian using iptables.

Enable IP forwarding in the kernel:

• sudo sh -c "echo 1> /proc/sys/net/ipv4/ip_forward"

Edit the file /etc/sysctl.conf to set this up automatically on boot:

• sudo nano /etc/sysctl.conf

Change:

• #net.ipv4.ip_forward=1

To:

• net.ipv4.ip_forward=1

Example: See above image

Next run the following commands:

• sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
• sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
• sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

The Raspberry Pi is now setup with Network Address Translation, however you will have to enter in each of these commands after every reboot, to fix that enter the following command:

• sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

As well as editing the following file:

• sudo nano /etc/network/interfaces

and add the following line to the bottom of the file:

• up iptables-restore < /etc/iptables.ipv4.nat

The Raspberry Pi is now setup to restore these settings after each reboot.

DNSmasq will be the program that takes care of all internal routing of internet traffic, as well as configuring wireless adapter settings.

First, run the command to download DNSmasq:

• sudo apt-get install dnsmasq

Open the dhcpcd configuration file with nano, or your favorite text editor:

• sudo nano /etc/dhcpdc.conf

add the following line to the bottom of the file, but above any "interface" lines you may have added!:

• denyinterfaces wlan0

Our next steps are focusing on configuring the settings for our wireless adapter.

First we need to configure a static IP:

• sudo nano /etc/network/interfaces

After opening the file we need to edit the "wlan0" section to include the following lines:

• allow-hotplug wlan0
• iface wlan0 inet static
  • address 172.24.1.1
  • netmask 255.255.255.0
  • network 172.24.1.0
  • broadcast 172.24.1.255

and add a "#" infront of the following line:

• wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Example: See above image

Restart dhcpcd with the command:

• sudo service dhcpcd restart

Next, reload the configuration for wlan0 with the command:

• sudo ifdown wlan0; sudo ifup wlan0

DNSmasq comes with a default config file that is very lengthily for those wishing to customize to the fullest, but for our purposes, is very complex. to move the config file so its not deleted use the following command:

• sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

Now we need to create our own config file for DNSmasq to use:

• sudo nano /etc/dnsmasq.conf

Add the following to our new config file:

• interface=wlan0
• listen-address=172.24.1.1
• bind-interfaces
• server=8.8.8.8
• domain-needed
• bogus-priv
• dhcp-range=172.24.1.50,172.24.1.150,12h

DNSmasq is now successfully configured!

Now the Pi is successfully functioning as a hotspot, but without any ad-blocking capabilities. With DNSmasq you have the ability to "Specify an IP address to return for any host in the given domains", allowing us to effectively redirect the ad traffic elsewhere , all we need is the address distributing the ad. To achieve this we can borrow a script found on debian-administration.org that will download and update a list of known ad-distributing servers.

First we need to create a file called "update_bannerhosts" in the /usr/local/bin directory:

• sudo nano /usr/local/bin/update_bannerhosts

Run the following to command to change owners:

• chmod 755 /usr/local/bin/update_bannerhosts

Now run the command for the first time to update the file:

• /usr/local/bin/update_bannerhosts

Next, add a cron for the file to run every day at 1am:

• 0 1 * * * /bin/sh /usr/local/bin/update_bannerhosts

DNSmasq is now blocking ads!

To finish up the Pi all that is left to do is reboot the Pi and connect!