Installing and running Pi-Hole on the router

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Fried Chicken
DD-WRT User


Joined: 12 Jun 2019
Posts: 142

PostPosted: Thu Sep 24, 2020 4:35    Post subject: Installing and running Pi-Hole on the router Reply with quote
I see a lot of excitement around pi-hole, but it seems to be run almost exclusively on a raspberry-pi.

This need not be the case, as I use a micro PC as my router that chills with the following conditions:
Code:
load average: 0.00, 0.00, 0.00


Pi-Hole can be compiled for x86_64 with support for Ubuntu, Debian, Fedora, and CentOS.

Why not dd-wrt? Would it be a "simple" process, or would it be horrible?[/code]

_________________
Google is Spyware
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu Sep 24, 2020 8:12    Post subject: Reply with quote
Pi-hole needs a minimum of 512 MB of RAM and 55 MB of free disk space.

That is the minimum, not much routers have these resources let alone the processing power.

As an alternative you can use ipset and use blacklists (ipset is a recent addition on DDWRT)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Thu Sep 24, 2020 11:27    Post subject: Reply with quote
egc is the ipset, is only present on the high end routers with large flash ram ?? or BS implemented it on the all units, im asking for a 8MB 1043v2...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu Sep 24, 2020 12:06    Post subject: Reply with quote
Alozaros wrote:
egc is the ipset, is only present on the high end routers with large flash ram ?? or BS implemented it on the all units, im asking for a 8MB 1043v2...


I do not know, I have made it optional with the CONFIG_IPSET parameter in the .config file when compiling (anticipating that lower specced routers will not get it, it adds about 24kB for the ipset utility, the kernel modules and the DNSMasq ipset extension).

Problem is BS is not using the publicly available .config files (or maybe he does but also adds some private stuff) so it is not easy to tell.

If you are running a build post 44366 (so if you use the latest 44406 build) you can check from command line:
root@R7800-2:~# which ipset
/usr/sbin/ipset
root@R7800-2:~#

It is on my list to write some documentation but I am rather busy at the moment.

It is a really neat feature:
Quote:
Using and handling large sets of IP’s which are acquired for a domain can be useful for handling url’s which have many ip addresses hidden under one URL (the large companies, like Facebook, Netflix, amazon etc), it can be useful for efficiently handling of dynamic ad blocking white and black listing etc.



Some light reading:

https://www.linksysinfo.org/index.php?threads/using-ipset-to-bypass-a-vpn.73136/

https://superuser.com/questions/1185861/linux-routing-based-on-domain-names

https://github.com/trick77/ipset-blacklist

http://unixetc.co.uk/2016/04/18/protect-your-web-server-with-ipset/
https://confluence.jaytaala.com/display/TKB/Using+ipset+to+block+IP+addresses+-+firewall
https://upcloud.com/community/tutorials/iptables-firewall-recent-triggering-ipset/
https://wiki.ipfire.org/configuration/firewall/ipset
http://blog.ls20.com/securing-your-server-using-ipset-and-dynamic-blocklists/

https://community.ui.com/questions/Dnsmasq-Ipset/738d0e0d-9e9f-4808-8e8c-0795275fb847

https://ipset.netfilter.org/ipset.man.html
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1078633

https://wiki.archlinux.org/index.php/Ipset

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Fried Chicken
DD-WRT User


Joined: 12 Jun 2019
Posts: 142

PostPosted: Thu Sep 24, 2020 15:38    Post subject: Reply with quote
egc wrote:
Pi-hole needs a minimum of 512 MB of RAM and 55 MB of free disk space.

That is the minimum, not much routers have these resources let alone the processing power.

As an alternative you can use ipset and use blacklists (ipset is a recent addition on DDWRT)


I have 8GB in my router

_________________
Google is Spyware
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Thu Sep 24, 2020 16:52    Post subject: Reply with quote
as egc said you'd need some resources...8GB is you attached USB drive, but not the internal stuff...

in fact DDWRT on the high grade routers, can do most of the things pi-hole can do about routing and networks...so what do you need...well we have to exclude the fancy stuff, like graphs and advanced monitoring and so..

By the design, routers are simple devices that can do routing, networks and some other not very advanced stuff...while Pi's are portable computers, so not much point to move computer into router environment...more likely to move router to computer environment like DDWRT on x86/x64 as simple as that... Laughing Rolling Eyes

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Fried Chicken
DD-WRT User


Joined: 12 Jun 2019
Posts: 142

PostPosted: Fri Sep 25, 2020 4:50    Post subject: Reply with quote
Alozaros wrote:
as egc said you'd need some resources...8GB is you attached USB drive, but not the internal stuff...

in fact DDWRT on the high grade routers, can do most of the things pi-hole can do about routing and networks...so what do you need...well we have to exclude the fancy stuff, like graphs and advanced monitoring and so..

By the design, routers are simple devices that can do routing, networks and some other not very advanced stuff...while Pi's are portable computers, so not much point to move computer into router environment...more likely to move router to computer environment like DDWRT on x86/x64 as simple as that... Laughing Rolling Eyes


So... I built an X86 router.... and the only SSD I had laying around was a 250GB SATA drive.... I still haven't found a good use for the extra 248GB. I agree routers should be simple dedicated devices, and I use mine as such. It does everything veeerrryy nicely.

You say DD-WRT can do most of the things PiHole can do, the only option I see is Privoxy. I don't want to pay for some subcription DNS service to do DNS-based adblocking.

It should also be said PiHole seems to be quite well made, so credit where credit is due (DD-WRT is still king of course).

_________________
Google is Spyware
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Fri Sep 25, 2020 6:40    Post subject: Reply with quote
well there are tons of ad-blocking scripts for DDWRT all domain name based..

have a look at this one
https://pastebin.com/aySi7RhY

im using something else and there are other already proven that i can give you too...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Fried Chicken
DD-WRT User


Joined: 12 Jun 2019
Posts: 142

PostPosted: Sun Sep 27, 2020 0:36    Post subject: Reply with quote
Please forgive my ignorance here.

I briefly looked at pi-hole's implementation. A raspberry pi is connected to the router and its IP address is used as the DNS server.

So, Pi-Hole acts as a DNS for the sake of adblocking? I guess it's a piece of software, and it pulls from their own IP list? Does it work in conjunction with existing DNS servers or do the PiHole people have their own full fledged DNS server, or does the Pi-Hole implementation on the raspberry pi have its own DNS server that allows you to specify which server you want to pull from, and conduct filtering based on a blacklist that PiHole maintains?

Alozaros, I see the script you posted. Is this unix that you just run as commands on the router? Seriously what language is this?

egc, I will look at some of the light reading you posted, thank you.

_________________
Google is Spyware
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Sun Sep 27, 2020 6:44    Post subject: Reply with quote
the idea of Pi-hole as a DNS, means its taking over the DNS requests completely, so the router forwards those requests there and receives the replys from there....

on the Pi-hole you can do, some ad-blocking and DNS advanced statistics and some graphs....

nope, its not a unix script as DDWRT is a linux 😜 is a bash (shell)script

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Fried Chicken
DD-WRT User


Joined: 12 Jun 2019
Posts: 142

PostPosted: Tue Sep 29, 2020 5:07    Post subject: Reply with quote
Alozaros wrote:
the idea of Pi-hole as a DNS, means its taking over the DNS requests completely, so the router forwards those requests there and receives the replys from there....

on the Pi-hole you can do, some ad-blocking and DNS advanced statistics and some graphs....

nope, its not a unix script as DDWRT is a linux 😜 is a bash (shell)script


So Pi-Hole is just a DNS server with filtering and other more user-directed functions?


I thought linux is based on unix? What's a shell anyway... How can you have a shell script...

_________________
Google is Spyware
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum