Koozali.org formerly Contribs.org

Pi-hole ad blocker equivalent for SME Server?

Pi-hole ad blocker equivalent for SME Server?
« on: November 30, 2018, 05:32:47 PM »
Saw this and thought it was interesting: https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/

Not sure if an equivalent yet exists, but it would be a nice feature if not.

Re: Pi-hole ad blocker equivalent for SME Server?
« Reply #1 on: November 30, 2018, 05:54:35 PM »
This might be something worth perusing as a possible contrib for SME Server.
Not sure if the project is dead or the project site is just down at the moment:
http://www.privoxy.org

You can read more about the project here:
https://linux.die.net/man/1/privoxy
SME user and community member since 2005.
Want to install Wordpress in iBay of SME Server?
See my step-by-step How-To wiki here:
http://wiki.contribs.org/Wordpress_Multisite

Offline ReetP

  • *
  • 2,028
Re: Pi-hole ad blocker equivalent for SME Server?
« Reply #2 on: December 01, 2018, 06:06:01 PM »
As the world shifts to https a http proxy becomes less relevant.

Looking at ways to run a https proxy more easily would be worth looking at, but you need certs on the clients etc etc.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline mmccarn

  • *
  • 2,404
Re: Pi-hole ad blocker equivalent for SME Server?
« Reply #3 on: December 02, 2018, 01:38:33 PM »
I'm pretty sure the pi-hole is a pure DNS blocker and doesn't involve any proxying.

Once the installer has been run, you will need to configure your router to have DHCP clients use Pi-hole as their DNS server which ensures that all devices connecting to your network will have content blocked without any further intervention.

Offline Daniel B.

  • *
  • 1,690
    • Firewall Services, la sécurité des réseaux
Re: Pi-hole ad blocker equivalent for SME Server?
« Reply #4 on: December 02, 2018, 01:57:47 PM »
As the world shifts to https a http proxy becomes less relevant.
Even when https is used, web proxies can still apply filtering, without messing with a private CA. It's just limited to domain name filtering (instead of full url, or content filtering). With a recent enough squid, you can even do this transparently (with peek and splice)
C'est la fin du monde !!! :lol:

Offline mmccarn

  • *
  • 2,404
Re: Pi-hole ad blocker equivalent for SME Server?
« Reply #5 on: December 02, 2018, 02:19:50 PM »
To anyone else that finds this thread:

- The pi-hole installer requires root or sudo, updates the yum configuration, installs several packages without prompting, and requires Centos 7. This makes it likely to cause problems if installed directly on SME server.

- Anyone interested could setup a pi-hole on a raspberry pi as intended, then set that as the "corporate dns" in server-manager, or customize the DHCP results to point to the pi-hole server.

- Pi-hole uses dnsmasq, which SME already uses.  We could potentially figure out how to download the blocklist sources used by pi-hole and apply them directly to dnsmasq on SME -- but this would make the reporting and maintenance functions harder to include.
[edit: doh.  I'm constantly confusing dnsmasq with dnscache...]

- There is a docker-pi-hole project on github; that might be the easiest way to get this running for users who don't want to buy a raspberry pi.
« Last Edit: December 02, 2018, 03:08:55 PM by mmccarn »

Offline Daniel B.

  • *
  • 1,690
    • Firewall Services, la sécurité des réseaux
Re: Pi-hole ad blocker equivalent for SME Server?
« Reply #6 on: December 02, 2018, 02:46:32 PM »
- Pi-hole uses dnsmasq, which SME already uses.
Nope, SME uses isc-dhcpd and dnscache (from djbdns)
C'est la fin du monde !!! :lol:

Offline mmccarn

  • *
  • 2,404
Re: Pi-hole ad blocker equivalent for SME Server?
« Reply #7 on: December 02, 2018, 04:17:49 PM »
Nope, SME uses isc-dhcpd and dnscache (from djbdns)

Yes; thanks; I (finally) figured that out.  For some reason I regularly confuse dnscache and dnsmasq, waste 30 - 45 minutes looking for the wrong stuff, then figure out my mistake.

Since I have a pi at home, I went ahead and installed pi-hole on it for testing.

I reconfigured SME to use the pi-hole server (192.168.200.18) as the domain-name-server in dhcpd.conf as follows:

Code: [Select]
mkdir -p /etc/e-smith/templates-custom/etc/dhcpd.conf
cd /etc/e-smith/templates-custom/etc/dhcpd.conf
echo -e "    option domain-name-servers\t{ \$dhcpd{'DomainNameServers'} || \$LocalIP };" > 25DomainNameServers
#
# replace 192.168.200.18 with the LAN IP of your pi-hole server...
config setprop dhcpd DomainNameServers 192.168.200.18
expand-template /etc/dhcpd.conf
sv t dhcpd

Note that the code above for creating 25DomainNameServers includes some escape chars. 
Here is what the file should look like when you're done:
Quote from: # cat /etc/e-smith/templates-custom/etc/dhcpd.conf/25DomainNameServers
    option domain-name-servers   { $dhcpd{'DomainNameServers'} || $LocalIP };

If things go wrong, these customizations can be completely removed using:
Code: [Select]
'rm' /etc/e-smith/templates-custom/etc/dhcpd.conf/25DomainNameServers
expand-template /etc/dhcpd.conf
sv t dhcpd

I've created an NFR in bugzilla to make "DomainNameServers" a standard db entry for dhcpd:
Bug 10657 - NFR: Template dhcpd.conf domain-name-servers setting

Offline ReetP

  • *
  • 2,028
Re: Pi-hole ad blocker equivalent for SME Server?
« Reply #8 on: December 02, 2018, 05:58:15 PM »
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline brianr

  • *
  • 882
Re: Pi-hole ad blocker equivalent for SME Server?
« Reply #9 on: December 03, 2018, 10:34:59 PM »
I am still running pi-hole in a Container "next" to my SMEServer using proxmox.

See here:

https://forums.contribs.org/index.php/topic,53727.msg279631.html#msg279631

Seems to work fine.

Here's my current stats for blocked sites

watson.telemetry.microsoft.com    295    
settings-win.data.microsoft.com    159    
incoming.telemetry.mozilla.org    136    
v10.events.data.microsoft.com    127    
fls-eu.amazon.com    122    
www.googletagmanager.com    61    
www.google-analytics.com    55    
sa.bbc.co.uk    50    
ssl.google-analytics.com    42    
pagead46.l.doubleclick.net    42    


Brian j Read
(retired, but still looking after 5 SME installations)
.........