Install pi-hole on NethServer


(sal cuomo) #1

Thanks for interesting and useful answers. Very interesting, but I did not understand how to activate Pi-hole on nethserver? With bash? and the script where I load it?

curl -sSL https://install.pi-hole.net | bash ???


Deploy content filter at school
A look at pi-hole.net
(sal cuomo) #2

I tried to install pi-hole in the nethserver terminal window. But I can not make it work. Can you help me?


(Rob Bosch) #3

This might be a nice feature for NethServer. Especially in environments where you want to create a safe environment. For example at schools.
In this topic I hope we can come to a howto on installing pi-hole on NethServer. Anyone can give a hand? @mrmarkuz @m.traeumner

Anyway, I will give it a go, if time permits… :wink:


(Joel Clendineng) #4

https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh

This script was posted in another thread.


(Joel Clendineng) #5

The issue is this probably doesn’t work with shorewall/dns like it should, would probably break things. I can’t install on my production server but ill fire up a vm. Again, do not install on a server you like. :smiley:


(Markus Neuberger) #6

I’ll try it in a lxc…couldn’t make it work on NS directly.


(Joel Clendineng) #7

Just did, works well. Doesn’t seem to screw up anything, Ill test in production next :smiley:

I have it running on red interface, so i believe it will block everything before it reaches green, need to test.

Edit: Installs fine, some issue with active directory on my server to figure out, doesn’t seem to be processing dns requests on my server. Will try to fix and report back.


(Joel Clendineng) #8

Ok so I spent the good part of yesterday afternoon and evening restoring my server because I broke it. I got pihole installed, gui works mostly fine, for some reason it does not process dns requests yet, its probably a firewall issue. Then it totally wiped my network settings and I couldn’t get them back manually, db networks show was a mess, etc. Fun night :slight_smile: Ill keep trying, probably in a vm this time, though I cant get a proper test without a machine I can send traffic through. I do want pihole as it would make dns filtering very nice, and provide a great way to log requests.


(Bogdan Costin) #9

Maybe this will help ?
https://hub.docker.com/r/diginc/pi-hole/


(Joel Clendineng) #10

Only supports debian based os. That script I linked will work, just have to get it to play nice with the nethserver networking. Though you gave me a great idea…Ill deploy a virtual vm running stock centos (or debian+docker) and set that as my default dns server on nethserver and see if that is a solution.


(Joel Clendineng) #11

Annnnd it works. So basically use the virtualmachine built into nethserver to install centos, you can do this from the nethserver iso, then you need to disable selinux (set it to disabled), reboot and install pihole. Copy that script linked into /root and call it pihole.sh, set perms to x for all, and run from terminal sh /root/pihole.sh and set your nethserver dns to point to your vm, and set dhcp dns pushed to the vm and your’e all set.


(Bogdan Costin) #12

I think that a appliance could be made so it will integrate into the NS


(Joel Clendineng) #13

Ok so the issue is it needs its own ip, it uses lightpd not apache, and it uses iptables rules that break networking. Its much better to install on docker/vm. It could be done, but it would be a bigger project as it would require firewall/ips/ldap/ad workarounds. When I installed on a nethserver vm the gui came up, but I couldn’t get the firewall to work right. Ill throw up a new vm and test again, I have a couple more ideas.


(Joel Clendineng) #14


Just for the record on the forums here is a compiled blacklist source


(Rob Bosch) #15

I am sensing a compete new approach to add services to NethServer: instead of installing a service on NethServer, just add a LXC or docker container with that funtionality.
With Cockpit as possible new interface for NethServer management, would this be a viable option? Or do ‘we’ see any problems, for instance on the resources part (each container will consume at least 512MB memory, probably even 1GB)


(Markus Neuberger) #16

LXC is the way to go at the moment, docker still has some problems:


(Rob Bosch) #17

The consequence of this, would mean that we will abandon CentOS as base for several services. There are many services that are way easier to deploy on, for instance, Debian than on CentOS…
I think this is something to really think over.
What kind of impact would this have on stability and quality of additional functionality on NethServer? @giacomo @davidep


(Markus Neuberger) #18

Direct implementation is still the one to prefer I think (less ressources, one config/system layer), but if this is not possible:

  1. Implement as nextcloud app if available
  2. docker, if it works
  3. LXC

(Joel Clendineng) #19

I spent a while playing with pihole and could not get dhcp working on centos, so moved to debian. I used ubuntu server for the base vm and installed pihole on it, it works a lot better. I had to modify /etc/networking/interfaces and use a static ip/mask/gateway as when using pihole as dns server and dhcp server it didn’t want to connect to the internet without a static ip. Pihole as dns/dhcp server works better because you can manage the clients better. So I have nethserver as gateway and im running a virtualbox machine off my nas server with pihole that acts as dns/dhcp server. It generally blocks about 60-70% of the traffic, just insane how much of the internet is malware/trackers.


(Giacomo Sanchietti) #20

I really like the idea of pi-hole but it take control of the whole server and this behavior doesn’t play well with NS, as @Jclendineng correctly pointed out.

I’d say quite big. I like the idea behind containers (Spethane and Davide are trying to integrate Docker). But when you have a container, it’s like a black box.

I’d rather work with pi-hole developers and try to integrate is inside NethServer (including the awesome web interface!).


A look at pi-hole.net