Security Pi-Hole

Moriath

I am a FH squatter
Joined
Dec 23, 2003
Messages
16,209
pihole.JPG

one working pi hole :)

Now i found another pi i have .. what can i do thats fun with that ?

MWahahaha
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,076,920
How come your blocked domains are that high? Is there a list to add? Seems default its only 80k.
I download quite a few lists. Let me go grab them for you.
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,076,920
Here is my blocklist. You can import them under Settings -> Teleporter -> import.

Make sure that clear existing data is unchecked.
 

Attachments

  • pi-hole-teleporter_2020-06-13_03-18-14.tar.gz
    3.1 KB · Views: 1

MYstIC G

Official Licensed Lump of Coal™ Distributor
Staff member
Moderator
FH Subscriber
Joined
Dec 22, 2003
Messages
12,362
I have 2 Pi-Holes running in case one crashes....
Same...
You got a tin foil hat also?
... because ...
Android devices can be a bit sneaky about DNS servers as well, if only have one DNS server it can sometimes default the 2nd one to 8.8.8.8 which can let some stuff through
... Google don't quit unless you cover the bases 😒

I'm mucking around with running the 2nd one on some RPI's using a Docker Swarm & Macvlan trickery. Was hoping to run them all that way but can't use net_admin with swarm which you need for the DHCP stuff :(
 

Moriath

I am a FH squatter
Joined
Dec 23, 2003
Messages
16,209
Same...

... because ...

... Google don't quit unless you cover the bases 😒

I'm mucking around with running the 2nd one on some RPI's using a Docker Swarm & Macvlan trickery. Was hoping to run them all that way but can't use net_admin with swarm which you need for the DHCP stuff :(
Ok that last para was greek to me
 

MYstIC G

Official Licensed Lump of Coal™ Distributor
Staff member
Moderator
FH Subscriber
Joined
Dec 22, 2003
Messages
12,362
Ok that last para was greek to me
I've got a couple of RPI's where I've got it set up that I can take one down and the other one keeps everything running.

Let me stop running stuff directly on my NAS and since an RPI has no moving parts, the worst that's likely to go wrong is an SD Card dies.
I ordered one from RS yesterday. When it turns up I'll be using it to replace the one I have running Plex and the old one will go to taking some of the donkey work off my NAS's shoulders. I'm curious to see if it will have enough grunt to run Plex Media Server though as I'd like to move that off my NAS.
Given that I posted that in 2015 about RPI2 and I've not lost an SD Card yet, it was definitely the right move :)
 

Moriath

I am a FH squatter
Joined
Dec 23, 2003
Messages
16,209
I got an old pc running plex and working as a minecraft server. I have turned my nas off tbh. Its got a store of my music and photos but other than that i dont use it.

did you attach A big hdd to the pi for plex?
 

MYstIC G

Official Licensed Lump of Coal™ Distributor
Staff member
Moderator
FH Subscriber
Joined
Dec 22, 2003
Messages
12,362
I got an old pc running plex and working as a minecraft server. I have turned my nas off tbh. Its got a store of my music and photos but other than that i dont use it.

did you attach A big hdd to the pi for plex?
Nah, I just set up NFS shares and moved all the work to the RPI's. Now if I need something to run faster it's £35 to replace/add another Pi. It was my cheap at home way of separating out compute from storage.
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,076,920
Nah, I just set up NFS shares and moved all the work to the RPI's. Now if I need something to run faster it's £35 to replace/add another Pi. It was my cheap at home way of separating out compute from storage.
I do something similar but use CIFS. I run LibreElec (Kodi) on an Intel NUC to access all my media. Works fantastically except Linux does not quite support HDR so I have a Minix U9H for that.
 

old.Osy

No longer scrounging, still a bastard.
Joined
Dec 22, 2003
Messages
2,632
I'm running Diversion + Skynet on AsusWRT Merlin. Does the job.

Used to have OpenWrt on the former router, loved it more for the extensive list of apps and modules developed for it, plus it was fun to toy and experiment with.

When I upgraded, I went to Asus based on cost/performance, went with RT-AC88U - not the most recent, but a decent piece of hardware. Coupled with Merlin, it is more than adequate for the home network.
 

MYstIC G

Official Licensed Lump of Coal™ Distributor
Staff member
Moderator
FH Subscriber
Joined
Dec 22, 2003
Messages
12,362
I'm running Diversion + Skynet on AsusWRT Merlin. Does the job.

Used to have OpenWrt on the former router, loved it more for the extensive list of apps and modules developed for it, plus it was fun to toy and experiment with.

When I upgraded, I went to Asus based on cost/performance, went with RT-AC88U - not the most recent, but a decent piece of hardware. Coupled with Merlin, it is more than adequate for the home network.
That's really interesting. One of the things that I'm finding looking at OpenWRT is it has that whole purists attitude to most people who attempt to engage. It's a shame because I always feel that discourages cool things happening because people don't stick around and both Diversion & Skynet look awesome
 

old.Osy

No longer scrounging, still a bastard.
Joined
Dec 22, 2003
Messages
2,632
That's really interesting. One of the things that I'm finding looking at OpenWRT is it has that whole purists attitude to most people who attempt to engage. It's a shame because I always feel that discourages cool things happening because people don't stick around and both Diversion & Skynet look awesome

Well I'm at best security aware and have good command of networking / internet concepts (goes with the job). Can't say I'm big on linux or linux entrails... or even more, coding.

Still, OpenWRT is fun to play with - I didn't notice that smugness or purist attitude tbh, and I even engaged a fork developer over on his github issues page, he was rather nice. It's for the most part pretty well documented, and people with issues do share their story.
 

MYstIC G

Official Licensed Lump of Coal™ Distributor
Staff member
Moderator
FH Subscriber
Joined
Dec 22, 2003
Messages
12,362
Well I'm at best security aware and have good command of networking / internet concepts (goes with the job). Can't say I'm big on linux or linux entrails... or even more, coding.

Still, OpenWRT is fun to play with - I didn't notice that smugness or purist attitude tbh, and I even engaged a fork developer over on his github issues page, he was rather nice. It's for the most part pretty well documented, and people with issues do share their story.
Probably just luck of the draw then. I was on a thread where people were discussing best devices, there were a couple of "I hope to use x someday" posts and you'd think somebody had poisoned the town's water supply!

It's not going to put me off though. I want more control over my LAN which was reinforced when there was a BT Openreach issue on our whole road making my TalkTalk router a useless mess all week. There's a dude currently working on the R2S so maybe I'll try just talking to them :)
 

old.Osy

No longer scrounging, still a bastard.
Joined
Dec 22, 2003
Messages
2,632
My own opinion:

OpenWRT - widely flexible and modular, very open and customizable (and most of the nice packages are maintained), not very newbie friendly though. Research and trial and error to be expected, but large community.

AsusWRT Merlin - Dependable and solid in features and packages, but not much variety in choices of plugins and modules (smaller developer community). Vanilla Merlin doesn't require specialist knowledge to configure, as the interface is still Asus based, so pretty user friendly. Package manager optional (entware), plugin manager available as option (amtm). It's what I'm running now, because I bought an Asus router.

Both are good options for securing and controlling your LAN/WAN, so preference to one or the other boils down to how much you like to play with customizing, setting up, troubleshooting stuff. AsusWrt is piss easy, OpenWrt requires more involvement.
 

Moriath

I am a FH squatter
Joined
Dec 23, 2003
Messages
16,209

Overdriven

Dumpster Fire of The South
Joined
Jan 23, 2004
Messages
12,630
What am I forgetting here? And (For Windows) how much is getting OpenVPN setup with Nord on Pi?

- Raspberry Pi (I either need to find a cable or buy a new one)
- SD Card
- SD Card adapter
- Pi Hole
- OpenVPN
- NordVPN

Also I'm assuming... (I don't do networks guyz)

Pi connected to router.
PC connected to router.
PC using the PI as it's primary DNS
Pi doing magic with OpeVPN to Nord?
Magic?
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,076,920
What am I forgetting here? And (For Windows) how much is getting OpenVPN setup with Nord on Pi?

- Raspberry Pi (I either need to find a cable or buy a new one)
- SD Card
- SD Card adapter
- Pi Hole
- OpenVPN
- NordVPN

Also I'm assuming... (I don't do networks guyz)

Pi connected to router.
PC connected to router.
PC using the PI as it's primary DNS
Pi doing magic with OpeVPN to Nord?
Magic?

Firstly what are you attempting to with OpenVPN and NordVPN?

Pi-Hole is a DNS allow/deny list (cannot use white/black list now as its racist) solution which either allows or denies a domain to be resolved.
 

Overdriven

Dumpster Fire of The South
Joined
Jan 23, 2004
Messages
12,630
I meant using them side by side. Network based VPN and using Pi Hole for network wide adblocks.
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,076,920
New version of Pi-Hole is out and now with a dark theme!!

1595395312544.png
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,076,920
Ooo dark theme :)

i guess theres an upgrade option somewhere i have to find rather than a reinstall
Yes

SSH to Pi

then enter

sudo pihole -up

Sit back and relax.
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,076,920
Just changed the way my two pi-holes stay in sync. Hopefully is a bit more robust than the old method.

Upgraded yet @Moriath ?
 

Users who are viewing this thread

Top Bottom