The Class E Network

    • Offizieller Beitrag

    On the server side of life:
    Have you ever heard of Pi-Hole? It's an ad-blocker that covers all clients, network wide. Check it out. Pi-Hole

    Yes I've heard of it but the interest has never gone any further.....I have read your howto on it, installing in Docker....been trying to work out how to implement it.
    I have the main OMV which also runs my W7 VM and I have the pi which does the rysnc...the pi is only on when I need it, and with the main OMV, each month I re image to a like for like USB this can take a few hours.....so to me the pi would be the obvious choice and as I can't re direct DNS through my router that would mean either setting DNS on each individual piece of hardware or turn off DHCP on the router and use Pi-Hole....or as I use a VDSL Modem in front of my router (I don't have too, it's just that the modem connection is more stable) use the Modem DHCP which does allow me to specify a DNS server in it's settings.

    • Offizieller Beitrag

    I'm not sure what you mean in the implemention of it, but DNS and DHCP are two separate services that can ran from two different devices. In any case Pi-hole is only handling the DNS part of it. (You could activate Pi-Holes DHCP server but, as noted in the Docker guide, I wouldn't do it.)


    In the DNS function, most routers are DNS relays. If DHCP is on the network segment, typically, the gateway router becomes the default DNS server for DHCP clients. In reality, the router is just a proxy that relays DNS requests to the actual Name Server (DNS) IP address(es) that you supply at the router.


    ________________________________________


    Here's two typical setups.
    ------------------DHCP
    ------------------Client --------------> Router --------------- > Name server
    -(Auto)-DHCP 192.168.1.X <------> 192.168.1.1
    -(Auto) DNS - DNS request ---------> 192.168.1.1 ------------> 8.8.8.8 (Assumes that 8.8.8.8 is configured as the DNS at the router.)


    ------------------Static
    ------------------Client --------------> Router --------------- > Name server
    --------------IP 192.168.1.10-----> 192.168.1.1 ------------> 8.8.8.8 (Static IP, and the client with "auto" for DNS)
    -----DNS Server entry 8.8.8.8 --------------------------------> 8.8.8.8 (Static DNS address at the client results in DNS requests that bypass the Router.)
    ____________________________________________


    Pi-Hole set up


    ------------------Client -------------> Router ---------------Pi-Hole------------- > Name server
    -(Auto)-DHCP 192.168.1.X <-----> 192.168.1.1 -------192.168.1.50---------> 8.8.8.8 ((The Router's DNS entry is configured for Pi-Holes
    -(Auto) DNS request ---------------> 192.168.1.1 ------192.168.1.50--------> 8.8.8.8 IP address and Pi-hole is configured for
    Name server 8.8.8.8))
    ------------------Client -------------> Router --------------Pi-Hole-------------- > Name server
    --------------192.168.1.10----------> 192.168.1.1 ----->192.168.1.50---------> 8.8.8.8 ((The Router's DNS entry is configured for Pi-Holes
    -DNS Server entry 192.168.1.50------------------------ >192.168.1.50--------> 8.8.8.8 IP address,and Pi-hole is configured for
    Name server 8.8.8.8. If PI-hole is the statically entered DNS entry, at the client, the client bypasses the Router.))


    ___________________________________________


    With the above to consider, as noted in the "How To", more than likely your router is your DHCP server. That's fine. The router hands out an IP address to a DHCP client and it becomes the client's DNS proxy. I'd leave your DHCP server as it is.


    Pi-Hole, on the other hand, would become the DNS proxy in place of your router or upstream from your router. In that role, it parses all DNS requests against its blacklists for malware and sites that do nothing but advertising, and stops them by simply dropping the Name Requests. You get your web pages without the ad's or those annoying and unexpected video popups (complete with blaring sound). There's also protection from malware redirects where "by accidental clicks of the mouse" or other, you end up at a hack site. If you see an address in the browser bar, but get an empty white page, you're at one of those places. While you may have Internet savy, note that some of your Lan users may not.


    In any case, despite having a cable modem connection that flies, eliminating the unwanted video popups and advertising has made browsing seem "snappy" again. My wife and I love it.
    ___________________________________________


    On the implementation end of it, the device hosting Pi-Hole should be up 24x7:
    Since I leave my OMV server up 24x7, I believe a docker was the best way to handle Pi-Hole because it (the docker container) runs in a similar manner as a service. With a "always" restart policy, even if it exits or crashes, it restarts. Adding to that, the Pi-Hole function is nicely isolated from OMV.
    (BTW: I wouldn't install the docker plugin on an R-PI. You could dedicate an R-PI to the Pi-Hole function but, again, I wouldn't do that either.)


    To run initial tests and to insure that it's working, you can statically address one clients' DNS entry to the Pi-Hole IP address, and thoroughly check it out. The rest of your clients will operate as normal.


    After that, when you're happy that it works, change your DHCP server's DNS entry to the Pi-Hole IP address. If the DHCP server is also your router, good. If not, I'd enter the Pi-Hole IP address, as the DNS server, in the router as well. Statically addressed clients would have to be done one at a time, but they'll be fine on their old setting until you get it done. (By the way, after any change to one of these consumer routers, I'd save and reboot.)

    • Offizieller Beitrag

    On the implementation end of it, the device hosting Pi-Hole should be up 24x7:

    That's what I thought, so to use my main omv setup it would go down once a month to do the usb cloning, not a problem as I could do this during the day when no one is at home.


    Here's two typical setups.

    Wow you can explain things better than I can, so I'll try again.


    VDSL Modem----------------->Router
    Router acts as a dhcp server and a dns proxy, you cannot implement a change to dns it's locked.


    VDSL Modem this takes care of the internet connection, it's not necessary but it gives a more stable internet connection, this is connected to the Router via a WAN port set up as IP_Bridged. However, the modem is capable of acting as a DHCP server, and within that DHCP set up I can specify a DNS server effectively pointing it to Pi-Hole.


    So in summary using;


    VDSL Modem-----------------> Router, clients receive ip address but their DNS would have to set manually to PI-Hole on each client.


    VDSL Modem; this would take charge of client ip addresses and dns


    The first image is the modem, the second is the router, there is no option to change dns, there is an option to use a dynamic dns service that's all.

    • Offizieller Beitrag

    I still might not have your set up right, so please comment on the following


    ----------LAN--------------WAN---------------------------DSL--------->
    Client---------->Router------------>VDSL modem -------------------> TO ISP (Frame Relay).


    ---1. ---------------2.----------------------3.


    I had the above setup (ADSL), before I went with a cable modem connection. Typically the DSL modem has a DHCP server to provide and address to the Router, on the WAN side.
    On the LAN side, DHCP service is usually handled by the router. But, if it the router doesn't do DHCP, it is what it is.


    __________________________________________________________________


    I you have this, I've never seen it before,
    ----------LAN--------------------------WAN--------------------------??------->
    Client--------------->VDSL modem ------------------>Router-------------> TO ISP.
    ---1. ----------------------2.------------------------------3.


    In any case, it seems like you have ISP provided equipment. (Sometimes, they'll put both functions in one device.)


    __________________________________________________________________


    Regardless, you could do as you said, statically set Pi-hole as the DNS entry on each client, That setting trumps DNS proxy's upstream. If you go this way, you'll have to access Pi-hole by its IP address. Typing Pi-holes name in the browser window probably won't work (http://pi.hole/admin/) because the modem/router won't bounce the Name Request back to Pi-Holes IP address. However, for your clients, Pi-hole will still do full page blocks.


    ((That issue, full page blocks, made configuring the docker tricky. Pi-hole had to have exclusive access to port 80 DNS requests, to do full page blocks. This meant using the macvlan driver to give Pi-hole a separate address, apart from OMV.))

    • Offizieller Beitrag

    I still might not have your set up right, so please comment on the following


    ----------LAN--------------WAN---------------------------DSL--------->
    Client---------->Router------------>VDSL modem -------------------> TO ISP (Frame Relay).

    That's how mine is set up, but all the modem does is act as an ip bridge to the router on the wan side......the only way I can implement this is to install pi-hole on my nas omv, set up the vdsl modem to act as the dchp server because I can add the pi-hole ip to the dns entry. This would effectively make the router a wireless ap.

    • Offizieller Beitrag

    An IP bridge? That's the typical design. The modem sets up an IP tunnel, through (typically) a Frame Relay system, to the ISP's autonomous system on the other side.
    It's using the router as an access point (versus as a traditional router) and shifting router functions like DHCP and DNS to the modem that's odd.


    BTW: (If there's some advantage in it and **If** you can turn DHCP off at the modem.)
    I've tested Pi-Holes DHCP function and it works fine, but I didn't test it extensively. My only reservation about using Pi-Hole for DHCP is that I couldn't test IP multicast which is how some streaming services "used to work". (Things change - I'm out of date.) I'm thinking of services like Netflicks, Hulu, etc. In any case, they may as intended. I just couldn't come up with a reasonable test scenario.

    • Offizieller Beitrag

    An IP bridge? That's the typical design. The modem sets up an IP tunnel, through (typically) a Frame Relay system, to the ISP's autonomous system on the other side.
    It's using the router as an access point (versus as a traditional router) and shifting router functions like DHCP and DNS to the modem that's odd.

    Unfortunately not, further research this is how my set up works;



    What is Bridged Mode?


    For the sake of this tutorial, Bridged Mode is when one device acts as the DSL modem and performs the connection and synchronisation to the exchange, whilst a second device acts as a router connecting to your ISP on the WAN side and controlling access to your local (home) network.


    That's the forum I use regarding my particular modem.


    Further info from the same forum;


    Also note that the HG612 isn't really powerful enough to operate as a full modem/router with VDSL2. It's good as a modem in bridge mode with a separate router.


    So my only way around this would be a either new hardware :( or setting up pi-hole to run dhcp and dns and then leave the router as the gateway, or set each individual device dns to use pi hole....16 devices :(

    • Offizieller Beitrag

    A bridge is, usually, an unregulated pass through on a network. The only requirement is that the destination address of a frame is local to the network segment and, if the mac address is on "other side" of the bridged port, it will be passed. Otherwise, it's blocked. Bridging is done at layer two, Ethernet, using MAC addresses. (Other than keeping track of a mac table and doing a bridge lookup, a bridge is a brainless device.) Ethernet switches are the equivalent of "a bridge" on every port.


    Where your modem is concerned I think the term routing is a bit more accurate. The idea is to attach the IP address the ISP assigns to your router/modem (using DSL/frame relay as a transport), to the ISP's in-house network. Still the modem could be thought of as a bridge if it has a MAC table and bridges MAC addresses to pass traffic over the link, versus routing or tunneling based on IP addresses.


    With the model #, I just looked up your modem and it is a router/modem combo. Here You can easily put a router of your own behind this unit. Set the WAN side of your own router to DHCP and the HG612 will assign it an address on the WAN side. On the LAN side, you could configure your own router for anything you like (as long as you use another one of the available private networks).


    ___________________________________________________________________


    If the router is yours and it doesn't do DNS or DHCP, it might be time to consider getting another one. I'm using a $20USD TP-Link (TL-WR841N) flashed with DD-WRT. And while it's getting harder to find them new, they're on E-bay for $20.


    It would be best to use a router that faces your ISP, as a router, not an access point. A router is, in it's function, a basic firewall.


    For example, here's a LAN side configuration screen shot from my router. There are many other settings, but following are just a few of the basic functions available on most consumer routers.




    Notice I have an "in-network" DNS address. That's Pi-Holes address and while it's in the DHCP range, the "56" address is reserved. (The DNS entries used to be 8.8.8.8 and 8.8.4.4)
    __________________________________________________________


    **I just learned that static leases (0=indefinite), in Pi-hole are written to a conf file. I have a question in the Pi-Hole forum about where the file will be, when it appears, to insure that container mappings make it persistent. (Static lease info would need to survive reboots.) If you use static leases, hold on until I get an answer.***

    • Offizieller Beitrag

    I got an answer for the Pi-Hole forum already. DCHP configuration info will be persistent, in the docker, as configured in the current How To. When created, the DHCP config file will fall into one of the host mapped paths.


    They're not familiar with dockers but when they heard "persistent data" (needed to survive a reboot of the container) they made a recommendation for another path. (/var/logs) After I test it, I'll add it to the set up process, but in the interim you could go with it as it is.
    _____________________


    Anyway, if you want to keep the equipment you have, give Pi-Hole's DHCP server a try. Just check any streaming service you may have. (Netflix, etc.) If it works, and I believe it will, great.


    A couple implementation notes:
    - You don't want two DHCP servers operating at the same time. (Pi-hole will prompt you for that.)
    - If you have clients with indefinite DHCP leases, it might be necessary to hard reboot them to get new leases from Pi-Hole. (I had a Windows client that refused to respond to ipconfig /renew.) Depending on what they are, a hard reboot might mean yanking the AC cord for 20 seconds or so.
    ____________________


    I'm assuming that if Pi-hole is the DHCP server, it should provide it's own address for DNS lookup service for the DHCP clients is gives leases to. (That's the last question I sent to their forum.)

    • Offizieller Beitrag

    Anyway, if you want to keep the equipment you have, give Pi-Hole's DHCP server a try. Just check any streaming service you may have. (Netflix, etc.) If it works, and I believe it will, great.

    For me that would have to work.


    A couple implementation notes:
    - You don't want two DHCP servers operating at the same time. (Pi-hole will prompt you for that.)

    Yeah, that would be a bad idea....but....does pi-hole allow an entry for gateway within the dhcp options....because that would mean I could keep the router as the gateway and to act as a wireless ap


    Edit; Just checked pi-holes faq and yes there is an option to the Router (gateway) within it's dhcp settings......so that would work for me.

    • Offizieller Beitrag

    What's the make and model of the router behind the modem?


    It occurred to me that if you have it set up as an access point, the extended routing functions might simply disappear from the config screen. (DNS, DHCP, and others.)


    As a note, you can have a router behind a router, if you turn on the routing function. The only thing you can't do is have addressing for the same private network on both sides of a router.
    __________________________________________


    With separate networks on both sides, this scenario will work fine. And a byproduct is that it increases, to a significant degree, the security of your network. (Automated port scanners usually stop with a scan of the first private network.)


    ---------192.168.1.0/24----------192.168.2.0/24
    clients---------------------router----------------------router/modem

    • Offizieller Beitrag

    Implementation note:


    If you turn on the routing function of the second router, it might be smart enough to know about the need to use two different networks on the LAN and WAN sides. Since the modem/router has set the network on the WAN side side of the second router, the second router may select another network for it's LAN side.


    This would mean that your clients may suddenly find themselves on a new network. If they're statically addressed, they don't work until readdressed. If they're DHCP (most likely) a reboot would be required.


    More on this later. (Out of here.)

    • Offizieller Beitrag

    What's the make and model of the router behind the modem?

    ISP provided, it's a BT Home Hub 5.



    If you turn on the routing function of the second router, it might be smart enough to know about the need to use two different networks on the LAN and WAN sides. Since the modem/router has set the network on the WAN side side of the second router, the second router may select another network for it's LAN side.

    Ok you lost me on that, but I don't think the router is that intelligent, turning off the dhcp and adding dynamic dns is about all the end user can do....oh you can open ports but they are usually specific software that require different port access.
    It's literally a plug n play for home users, there's very little an end user can configure, unlike DD-WRT and Tomato.

    • Offizieller Beitrag

    Ok you lost me on that, but I don't think the router is that intelligent, turning off the dhcp and adding dynamic dns is about all the end user can do....oh you can open ports but they are usually specific software that require different port access.It's literally a plug n play for home users, there's very little an end user can configure, unlike DD-WRT and Tomato.

    I've looked over the configuration of the BT Home Hub 5 and it appears that you're right. While it has good throughput locally, from what I can gather, it's a brainless device. Functionally, it seems to be a switch with a wireless access point.
    (Since you lined through local addressing, above, I can't determine if it has a routing/gateway function.)
    Still, I'm amazed at why it seems to be so popular. It must have something to do with the plug-and-play aspect working well, for non-tech types. (ISP's would love that.) On the other hand, its' good reviews couldn't have anything to do with it's flexibility.
    (BTW: if you haven't done it already, it's suggested that smart setup be turned off. Here )
    _____________________________________________


    It seems as if it boils down to three options already discussed:
    - Get a real router and connect it to the BT Home Hub. (That's a lot of devices and a lot of reconfiguration.)
    - Use the DHCP server in Pi-Hole. (Which will mean hard rebooting all DHCP devices and checking streaming services.)
    - Statically address all PC clients, one at a time, to use Pi-Hole as their DNS server.


    While it would be a pain, the last option is the safest. Even if you decide to use Pi-Hole's DHCP server, I'd still test Pi-Hole out on a single client for a couple days before committing.

    • Offizieller Beitrag

    Since you're running Win7 in an OMV/VM, maybe you can tell me what I'm doing wrong.


    I installed the Virtualbox plugin, in OMV, and when I try to log into phpVirtualBox, I get "invalid username or password". I've tried the defaults, admin - admin , and even gave "vbox - pass" a try. They don't work.


    Did I miss something?

    • Offizieller Beitrag

    it's a brainless device

    :D:D:D:D8o8o8o that's an excellent analogy.....it's best point is it's wireless connectivity and range.


    All ISP's in the UK supply a router and they are all locked to their own network and most are restricted is some way. The HG612 was given out when BT started rolling out FTTC (Fibre to the Cabinet) as at the time they had no VDSL modem/routers. But the HG612 can be unlocked and re flashed with a different firmware giving greater flexibility, but it was never the intention for to be used as a modem/router. The other advantage is that the chipset used in the HG612 is the same as most of the street cabinets.


    You can use your own modem/router and there a number that end users recommend depending on your ISP.....but....the ISP will not give support if you're having connection problems you have to be smart enough to give support sufficient information to resolve a connection problem, anything thing else you can get from the manufacturers support forum.


    I use DSLStats to 'interrogate' the modem gives loads of information, but it's only compatible with certain modem/routers and it certainly wouldn't work with the Home Hub.


    In the past I have used Draytek and Billion modem/routers, Draytek is one of the best but it's also one the most expensive, what I really need is to have something along the lines of a network server that handles all dhcp requests, the modem then would act as a connection to the ISP and the router would be a wireless ap and gateway...similar set up to what I had at the school.



    RE phpVirtualbox log in:


    Got it. admin + OVM's GUI password

    8o8o sometimes it's the obvious that isn't so obvious ;)

    • Offizieller Beitrag

    8o8o sometimes it's the obvious that isn't so obvious ;)

    Yeah, that was a bit embarrassing. (I have to plead "NOOB" :rolleyes: .)


    Usually, OMV plugin's have the default login on the plug in page. Since it wasn't there, I assumed it would be the defaults, admin - admin. (Which might apply if another web server isn't running.) It appears that some php5 web/server app's with share OMV's GUI log on.


    After I got it running: I installed a VM, inside of an OMV VM. That was interesting. With very low hardware requirements, a "Slitaz" Linux client worked.
    _______________________________________________________-


    I took a second look at your HG612, specifically at the unlocked setup manual, and I got a better understanding of what it is. ADSL typically works into or through Frame Relay (older tech). Your modem works into ATM (still old tech but somewhat newer and faster than Frame Relay). I got hopeful with I saw a 2nd Lan port, but in reviewing potential configurations of Lan ports, it's "one port or the other". I was hoping for "both". In the bottom line, any change to improve your network setup would require more hardware.


    Short of buying hardware, as it seems, your best option might be the DHCP server in Pi-Hole or, if the implementation is too disruptive, drop the idea.


    I only mentioned it because the difference in surfing performance and Web page clutter is remarkable. After the first day or so, it became apparent that it would be permanent. My wife and I love it.
    (If they maintain the project and the black lists, they'll see a small donation from us every year.)

    • Offizieller Beitrag

    Short of buying hardware

    Yes that's my thought as well and there a number that work well on BT's Infinity this would be my preference as I've used Draytek before, however, this Asus and Billion are recommended by end users on the BT forum along with this TP-Link
    Forum members don't appear to recommend any one in particular, but the interesting part is this from the Draytek site and as yet not all UK VDSL2 modem/routers comply.
    For instance according to Billion their's are still in testing!!


    Anyway all of those babies are £100+ with the Draytek top of the list......however, taking a step back again some forum members have continued to use the HG612 in front of the HH4/5/6, 1) for it's stability (doesn't lose it's connection) 2) it connects at a higher speed.


    The following are the stats from the telnet data using DSLStats:


    xdslcmd info --stats
    xdslcmd: ADSL driver and PHY status
    Status: Showtime
    Retrain Reason: 1
    Last initialization procedure status: 0
    Max: Upstream rate = 24094 Kbps, Downstream rate = 129380 Kbps
    Bearer: 0, Upstream rate = 19999 Kbps, Downstream rate = 79999 Kbps
    Bearer: 1, Upstream rate = 0 Kbps, Downstream rate = 0 Kbps
    Link Power State: L0
    Mode:VDSL2 Annex B
    VDSL2 Profile:Profile 17a
    TPS-TC:PTM Mode(0x0)
    Trellis:U:ON /D:ON
    Line Status:No Defect
    Training Status: Showtime
    DownUp
    SNR (dB): 17.6 15.3
    Attn(dB): 13.1 0.0
    Pwr(dBm): 13.0 3.3


    the above you cannot get from the HH5 because it's locked down, also if I used the HH5 direct to the wall socket I know it would drop to 73000 Kbps sometimes lower.


    your best option might be the DHCP server in Pi-Hole

    I would agree, initially the disruption could be a pia, but long term would be beneficial, and it would mean adding Docker to my server.



    If they maintain the project and the black lists

    That is always the one thing with Linux I greatly admire the people that develop and maintain both Linux distro's and Linux applications, but they can and do end/stop, (for whatever reason) maintenance and further development.....I was looking for something the other day (can't remember what) only to find the last update was a number of years ago, Ok someone else has taken up the baton, but the new version/option was more complicated (for me anyway) to install and it didn't quite do what the original application did.


    I'm going to have to mull over the implementation of pi-hole.....may even speak to my nephew he works for a tech/media company, if I know Tom they will either be using it or using something else

    • Offizieller Beitrag

    Have you given any thought to the DNS/DHCP server plugin for OMV? You could load it up without activating it.


    At first glance, it appears to fully support DNSMasq which means it could be configured to do just about anything related to DNS and DHCP.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!