Pi-hole

beepsilver

Getting comfortable
Joined
Mar 9, 2014
Messages
863
Reaction score
982
Location
Nebraska
I'm considering using Pi-hole to block ads on my network. I'm a noob with this kind of stuff, but want to press forward because I'm tired of trying to block ads on my browsers, phones and smart TVs. I tried to block ads using my Netgear R7000 router, but it's not up to the task--allows only a limited number of keywords to block and doesn't seem to block any https addresses.

I don't have a linux machine of any type--no raspberry pi either. But I have one Win 10 Pro machine that I could activate Hyper V and install Docker on, but it's my dedicated Blue Iris machine...I haven't used it for anything else. I'm not using a VPN on this machine (I know I should, but both my router and my skills are limited). Is it ill-advised to run Pi-hole (using Docker) in the background on a dedicated Blue Iris machine?
 

whoami ™

Pulling my weight
Joined
Aug 4, 2019
Messages
230
Reaction score
224
Location
South Florida
honestly I wouldn't waist my time. If you want to learn something worthwhile and block ads, I'd build a cheap computer with used parts and a dual nic and run pfsense, or opensense. the pfblockerNG package will do the ad blocking. If $100 is too much to spend, buy a used Raspberry Pi 4 and have at it with pie hole. But IMHO its not worth the time it takes to figure out.
 

Old Timer

Known around here
Joined
Jul 20, 2018
Messages
1,352
Reaction score
2,945
Location
I'm ok
honestly I wouldn't waist my time. If you want to learn something worthwhile and block ads, I'd build a cheap computer with used parts and a dual nic and run pfsense, or opensense. the pfblockerNG package will do the ad blocking. If $100 is too much to spend, buy a used Raspberry Pi 4 and have at it with pie hole. But IMHO its not worth the time it takes to figure out.
I agree with Whoami, it's not really worth it on a Pi.

If you want to do it the proper way, look at the PF sense. It's open source, so the software is free, and it's used at commercial locations all over the place.
You can use an old PC just add a second ethernet port. Or pick up a small fanless and use it. There is a lot of you tube videos on setting it up, including blocking with PFblockerNG.


Or if you do not want to build it, look at Netgate devices. It is PFsense inside.

I am running a Protectili with Celeron, 4G ram and 32G SSD and have 3 internet connections coming in, along with 5 different LAN's hanging off of it. So it does not need much processor, memory, or disk space even for commercial use.
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
Not sure what the "proper way" to block ads is but maybe you could educate me. I am running Pi-Hole which cost me about $50 to build and seems to block ads just fine. For the small investment, it may just be worth trying. My 2 cents.
 

whoami ™

Pulling my weight
Joined
Aug 4, 2019
Messages
230
Reaction score
224
Location
South Florida
Not sure about "proper way", I just feel the idea of ad-blocking is better than actual ad-blocking. Maybe my expectations were too high? With COVID, and my Wife having to work remotely from home, pfblockerNG almost got me beat up quite a few times for blocking her work related URLs. Even after looking at logs and whitelisting what she needed whitelisted, it would update with a new list and break something else. Now that she's back to working on site I've been ad-blocking again, but in all honesty I barely notice its running. It still leaves empty white boxes where ads should be in apps which sux. ¯ \(ツ)/ ¯ A pfSense router can be built out of damn near anything with a PCIe slot to add a dual nic. For double the price of a Raspberry PI you get 100x the features. VPN, complex firewall rules, ad-blocking, VLANS, network statics, DNS over TLS... The list goes on and on... Plus the knowledge you'll get is priceless. There are YouTube vids on everything since its very popular software.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
I'll argue the other side too. I think Pi-hole is great as a simple < $50 appliance to drop on your network for ad and site blocking. Works very well. It's not pfsense but it's not intended to be. Pfsense is great too but it's not trivial. In about an hour pretty much anyone with basic skills can have a Pi with Pi-hole on it up and running and it's relatively simple to maintain. Depends what you want.

I wouldn't mess with Docker and all. More trouble than it's worth. Just do it on a Pi if you're going to do it.
 

LittleBrother

Pulling my weight
Joined
Sep 16, 2014
Messages
480
Reaction score
119
I have pi running OpenVPN. If it’s just serving as a DNS server to block ads I should be able to get it to run pihole also, right?

I assume set router’s DNS to reference the IP of the pi, so that any new device that defers to router’s dns automatically now uses the pihole?

finally, does this get around the Adblock detectors? Those have become a huge nuisance lately and make Adblock less effective than it used to be.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
I have pi running OpenVPN. If it’s just serving as a DNS server to block ads I should be able to get it to run pihole also, right?

I assume set router’s DNS to reference the IP of the pi, so that any new device that defers to router’s dns automatically now uses the pihole?

finally, does this get around the Adblock detectors? Those have become a huge nuisance lately and make Adblock less effective than it used to be.
Yes. Basically the same thing as a filtering DNS like OpenDNS. The advantage is that you have full control over what's blocked. There are master lists that are maintained automatically and then you can create whitelists/blacklists above and beyond that.

Yes, you can set up so that the router points to Pi-hole and then have other devices refer to it. And/or you can set the IP of the Pi-hole as the DNS for a device as you want.

Depends on how the ad block detection works. I'd say better than the ad blocking in a browser but not in all cases. I have so many different levels of blocking going, it's hard sometimes to tell what's blocking what.

One big advantage is that it will block ads without setting all of that up on each and every device and will work on devices that aren't as easy to block ads and other traffic on.
 
Last edited:

David L

IPCT Contributor
Joined
Aug 2, 2019
Messages
7,932
Reaction score
20,757
Location
USA
So I run pfSense on a Qotom Mini PC. I got a i5 version, 4 NICs, that will handle Gig Internet connection. Also AES-NI encryption. I know 2 other users here who has a Qotom too, they love these boxes. One is running OPNsense, while the other pfSense


1607054909356.png

I Highly Recommend!!! My network is running So Much faster and is more stable, thanks to pfSense and Managed TP-Link switches...
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.

newfoundlandplucky

Getting the hang of it
Joined
Dec 1, 2018
Messages
87
Reaction score
86
Location
Ottawa
I tried to block ads using my Netgear R7000 router, but it's not up to the task--allows only a limited number of keywords to block and doesn't seem to block any https addresses.
I run a Netgear R7000 router with TomatoUSB Firmware 1.28.0000 -138 K26ARM USB VPN-64K. It's getting a bit ancient like its owner. TomatoUSB has AdBlock built-in and I assume operates much like other DNS blockers. Its currently configured to get rid of anything related to facebook, instagram, google-analytics, and twitter. The feature subscribes to a bunch of optional blacklist sites. There may be better technology but this seems reasonably complete last I checked.
 

TRLcam

Getting comfortable
Joined
Apr 16, 2014
Messages
292
Reaction score
1,074
Location
Nebraska!
Pi-hole user here. It`s been great,. Only takes a short time to set up on a raspberry pi. Our local newspaper web site was unusable on my tablet. The abunbence of ads would make the site unreadable. Pi-hole blocked every ad.

I used a raspberry pi B+ with a POE board. This keeps instalation simple. With SSH no monitor, keyboard or mouse needed.
 

beepsilver

Getting comfortable
Joined
Mar 9, 2014
Messages
863
Reaction score
982
Location
Nebraska
I ended up getting the Canana kit with Pi 4. Easy to setup then install pi-hole--runs from the router. I use the pi's ip address as my dns so all my devices are 'protected.' I don't even get Pandora ads anymore. I monitor blocking and update blocklists with the pi-hole dashboard but use Putty to update pi firmware and pi-hole.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
You can put xrdp on the pi and RDP into it too:

sudo apt install xrdp
 
Joined
Dec 30, 2016
Messages
807
Reaction score
622
Location
Somewhere in the space/time continuum
So I run pfSense on a Qotom Mini PC. I got a i5 version, 4 NICs, that will handle Gig Internet connection. Also AES-NI encryption. I know 2 other users here who has a Qotom too, they love these boxes. One is running OPNsense, while the other pfSense


View attachment 76090

I Highly Recommend!!! My network is running So Much faster and is more stable, thanks to pfSense and Managed TP-Link switches...
What Qotom device are you running? And are you running any other packages like snort, for intrusion protection? I'm thinking of moving from an i3 based mini-pc to a Protectli or Qotom device.
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
Pi Hole is good. Not sure why anyone wouldn’t want to run an ad blocking service. I get a big smile when I see those blank empty add boxes on websites. I run Unbound in a VM which blocks ads and gets me recursive DNS lookups so name lookups are wicked fast on my network.

I also had to white list a few domains for the Mrs. No big deal.
 

David L

IPCT Contributor
Joined
Aug 2, 2019
Messages
7,932
Reaction score
20,757
Location
USA
What Qotom device are you running? And are you running any other packages like snort, for intrusion protection? I'm thinking of moving from an i3 based mini-pc to a Protectli or Qotom device.
Qotom-Q355G4

1608032447973.png

I got mine for under $300 about a year ago. Ended up changing out the 16G SSD for a 128G, a little over kill but price was right at the time. I did look at the Protectli but found they were higher priced, plus I wanted at least an i5 proc. Qotom was recommended by a Power User here, who has built and personalized/configured many of these boxes with pfSense and sent them to users who requested them.

Here are my Temp/CPU Usage:
It resides in a closet which does have an A/C duct, it rarely hits 50C, only warm at top to the touch.

1608033143586.png

I am extremely pleased with this setup. One other Power user here just recently bought a 6 NIC i7 version, he is running OPNsense on it. He has a very nice setup too. This is how he is using the extra NICs:

1608034009918.png

I think he added a NTP server (GPS) box off Port 3 recently.

Also, he lives in Italy and sent us his WAN2 box info:

I use a Netgear MR1100 (aka Netgear NightHawk M1). Cat. 16 LTE Advanced Pro with 4-band Carrier Aggregation (you aggregate channels to improve bandwidth), but you have to hack it a little bit in order to force it to do it: Nighthawk® M1 Mobile Router (netgear.com)


1607029163840.png
1607029172221.png

I know that in USA is a very popular LTE router, sold with subscription by AT&T and other telcos.

During the night I have spectacular transfer rates, better than my VDSL connection, but during the day, when everybody is using their mobiles, bandwidth drops to normal values. Overall I'm very satisfied about the product, when I travel, I bring it with me and I have high speed access almost everywhere. I have a small data subscription with a cap at 80GB per month. But it's enough as my backup line. Actually I'm thinking about making this my primary internet connection, but I have to put a directional antenna on the roof, luckily the cell tower is at 200mt from my house, they installed it 1y ago. :)



My setup is very simple, WAN, LAN, Website, My wife's work Citrix box. You really only need 2 NICs (WAN/LAN), unless you are wanting WAN redundancy (2nd ISP). As you see above he has 2 LANs in a LAGG group, so a 4 NIC Box is what I would suggest. Maybe one day I will add a second WAN...
 
Last edited:
As an Amazon Associate IPCamTalk earns from qualifying purchases.
Joined
Dec 30, 2016
Messages
807
Reaction score
622
Location
Somewhere in the space/time continuum
Qotom-Q355G4

View attachment 76892

I got mine for under $300 about a year ago. Ended up changing out the 16G SSD for a 128G, a little over kill but price was right at the time. I did look at the Protectli but found they were higher priced, plus I wanted at least an i5 proc. Qotom was recommended by a Power User here, who has built and personalized/configured many of these boxes with pfSense and sent them to users who requested them.

Here are my Temp/CPU Usage:
It resides in a closet which does have an A/C duct, it rarely hits 50C, only warm at top to the touch.

View attachment 76893

I am extremely pleased with this setup. One other Power user here just recently bought a 6 NIC i7 version, he is running OPNsense on it. He has a very nice setup too. This is how he is using the extra NICs:

View attachment 76897

I think he added a NTP server (GPS) box off Port 3 recently.

Also, he lives in Italy and sent us his WAN2 box info:

I use a Netgear MR1100 (aka Netgear NightHawk M1). Cat. 16 LTE Advanced Pro with 4-band Carrier Aggregation (you aggregate channels to improve bandwidth), but you have to hack it a little bit in order to force it to do it: Nighthawk® M1 Mobile Router (netgear.com)


1607029163840.png
1607029172221.png

I know that in USA is a very popular LTE router, sold with subscription by AT&T and other telcos.

During the night I have spectacular transfer rates, better than my VDSL connection, but during the day, when everybody is using their mobiles, bandwidth drops to normal values. Overall I'm very satisfied about the product, when I travel, I bring it with me and I have high speed access almost everywhere. I have a small data subscription with a cap at 80GB per month. But it's enough as my backup line. Actually I'm thinking about making this my primary internet connection, but I have to put a directional antenna on the roof, luckily the cell tower is at 200mt from my house, they installed it 1y ago. :)



My setup very simple, WAN, LAN, Website, My wife's work Citrix box. You really only need 2 NICs (WAN/LAN), unless you are wanting WAN redundancy (2nd ISP). As you see above he has 2 LANs in a LAGG group, so a 4 NIC Box is what I would suggest. Maybe one day I will add a second WAN...
It looks like I'll be going with a 6 port NIC on either an i5 or i7. I will need to do failover and load balancing as well, so the extra ports could be usefull. Really appreciate all your info as it shows the possibilities of what can be done once you get past consumer grade router/firewalls. It's a world of difference, and open source! Thanks, again.
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.

David L

IPCT Contributor
Joined
Aug 2, 2019
Messages
7,932
Reaction score
20,757
Location
USA
It looks like I'll be going with a 6 port NIC on either an i5 or i7. I will need to do failover and load balancing as well, so the extra ports could be usefull. Really appreciate all your info as it shows the possibilities of what can be done once you get past consumer grade router/firewalls. It's a world of difference, and open source! Thanks, again.
You bet, yeah I will never go back to consumer grade boxes, even though I like the new AX WiFi 6 support on the new boxes. I am waiting for TP-Link to release their new APs.

1608036353846.png
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
...I get a big smile when I see those blank empty add boxes on websites.
Run AdBlock or another browser-based blocker on top and you can get rid of most of the empty boxes too. Sometimes you can get the empty space to close up, sometimes not. Depends how the page is done.

It's odd when I use some other computer without ad blocking to access a familiar site. Like "WTF is all this extra crap?" ; )
 
Top