Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: ylluminate on November 30, 2018, 05:32:47 PM
-
Saw this and thought it was interesting: https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/
Not sure if an equivalent yet exists, but it would be a nice feature if not.
-
This might be something worth perusing as a possible contrib for SME Server.
Not sure if the project is dead or the project site is just down at the moment:
http://www.privoxy.org (http://www.privoxy.org)
You can read more about the project here:
https://linux.die.net/man/1/privoxy (https://linux.die.net/man/1/privoxy)
-
As the world shifts to https a http proxy becomes less relevant.
Looking at ways to run a https proxy more easily would be worth looking at, but you need certs on the clients etc etc.
-
I'm pretty sure the pi-hole is a pure DNS blocker and doesn't involve any proxying.
Once the installer has been run, you will need to configure your router to have DHCP clients use Pi-hole as their DNS server which ensures that all devices connecting to your network will have content blocked without any further intervention.
-
As the world shifts to https a http proxy becomes less relevant.
Even when https is used, web proxies can still apply filtering, without messing with a private CA. It's just limited to domain name filtering (instead of full url, or content filtering). With a recent enough squid, you can even do this transparently (with peek and splice)
-
To anyone else that finds this thread:
- The pi-hole installer requires root or sudo, updates the yum configuration, installs several packages without prompting, and requires Centos 7. This makes it likely to cause problems if installed directly on SME server.
- Anyone interested could setup a pi-hole on a raspberry pi as intended, then set that as the "corporate dns" in server-manager, or customize the DHCP results to point to the pi-hole server.
- Pi-hole uses dnsmasq, which SME already uses. We could potentially figure out how to download the blocklist sources used by pi-hole (https://github.com/pi-hole/pi-hole/wiki/Customising-sources-for-ad-lists) and apply them directly to dnsmasq on SME -- but this would make the reporting and maintenance functions harder to include.
[edit: doh. I'm constantly confusing dnsmasq with dnscache...]
- There is a docker-pi-hole project on github (https://github.com/pi-hole/docker-pi-hole); that might be the easiest way to get this running for users who don't want to buy a raspberry pi.
-
- Pi-hole uses dnsmasq, which SME already uses.
Nope, SME uses isc-dhcpd and dnscache (from djbdns)
-
Nope, SME uses isc-dhcpd and dnscache (from djbdns)
Yes; thanks; I (finally) figured that out. For some reason I regularly confuse dnscache and dnsmasq, waste 30 - 45 minutes looking for the wrong stuff, then figure out my mistake.
Since I have a pi at home, I went ahead and installed pi-hole on it for testing.
I reconfigured SME to use the pi-hole server (192.168.200.18) as the domain-name-server in dhcpd.conf as follows:
mkdir -p /etc/e-smith/templates-custom/etc/dhcpd.conf
cd /etc/e-smith/templates-custom/etc/dhcpd.conf
echo -e " option domain-name-servers\t{ \$dhcpd{'DomainNameServers'} || \$LocalIP };" > 25DomainNameServers
#
# replace 192.168.200.18 with the LAN IP of your pi-hole server...
config setprop dhcpd DomainNameServers 192.168.200.18
expand-template /etc/dhcpd.conf
sv t dhcpd
Note that the code above for creating 25DomainNameServers includes some escape chars.
Here is what the file should look like when you're done:
option domain-name-servers { $dhcpd{'DomainNameServers'} || $LocalIP };
If things go wrong, these customizations can be completely removed using:
'rm' /etc/e-smith/templates-custom/etc/dhcpd.conf/25DomainNameServers
expand-template /etc/dhcpd.conf
sv t dhcpd
I've created an NFR in bugzilla to make "DomainNameServers" a standard db entry for dhcpd:
Bug 10657 - NFR: Template dhcpd.conf domain-name-servers setting (https://bugs.contribs.org/show_bug.cgi?id=10657)
-
As per my comment I think a contrib does this:
https://bugs.contribs.org/show_bug.cgi?id=10657#c1
https://wiki.contribs.org/Dhcpmanager
-
I am still running pi-hole in a Container "next" to my SMEServer using proxmox.
See here:
https://forums.contribs.org/index.php/topic,53727.msg279631.html#msg279631
Seems to work fine.
Here's my current stats for blocked sites
watson.telemetry.microsoft.com 295
settings-win.data.microsoft.com 159
incoming.telemetry.mozilla.org 136
v10.events.data.microsoft.com 127
fls-eu.amazon.com 122
www.googletagmanager.com 61
www.google-analytics.com 55
sa.bbc.co.uk 50
ssl.google-analytics.com 42
pagead46.l.doubleclick.net 42