Pi-Hole - Network wide Ad blocking

    • OMV 2.x
    • @jollyrogr

      My current setup is:
      • OMV on Debian
      • installed virtualbox plugin in OMV
      • two virtualbox VM based on dietpi distro (dietpi.com/phpbb/viewtopic.php?f=8&t=390)
        1. PiHole with a fixed IP which is different from OMV IP adress
        2. NextCloud with DHCP IP adress which is different from OMV IP adress
          Access to OMV user data through SMB/CIFS
      Setup of PiHole and configuration of router settings took me half an hour and now it's operating fine since 1 week without hazzle.
      Pros:
      • no additional hardware required => no invest
      • no additional power concumption (i know Pi current draw is small ;) )
      • no additonal hardware i have to take care of
      • if PiHole breaks it won't affect OMV setup directly (same for NextCloud!)
      • especially DietPi VM comes with a relatively small footprint => no demanding VM
      • my Core i3 NAS will be utilized in a better way
      Cons:
      • i'm relying on virtualbox plugin and i do hope that it will be supported in upcoming releases (MANY THANKS TO ryecoaaron!!!)
      • i'm relying on dietpi VM and i do hope that it will be supported in upcoming releases
      • ... tbd
      All in all, right know i'm happy with this setup. By trend i do think it might be better to have a combination of OMV focussing on fileservices (BTRFS, SNAPRAID, ZFS, Unionfilessystem, SMB/CIFS, AFP, NFS, FTP, timemachine, Antivrus ...) with VM with dedicated servers (i.e. PiHole, NextCloud, PLEX, ...). This would easier the maintenance/development of OMV for the OMV team. Again many thanks for the effort to Volker and all the other guys maintaining the distro!!!

      Regards
      UZI
    • @UZI
      • Thanks for your reply. I have never used vbox before, so I'm a little apprehensive about setting it up, especially on a headless machine like my OMV NAS is. Are there any guides out there for using the vbox plugin? I haven't found anything thus far.
      • I would have to hook up to the machine to get into the bios to enable virtualization cause I think it's disabled by default :(
      • I agree that using VM makes sense for this. My OMV box has a Pentium G4560 so it should have plenty of horsepower to run VM's. OMV doesn't tax it much except when doing a snapraid scrub.
      • I have never heard of NextCloud, but I read some about it, and now I want it! So your nextcloud files are all in OMV shares that you access through SMB? That's cool because then those files would be protected by raid or snapraid or rsync or whatever you're using.
    • Virtualbox is pretty simple. You can download the virtualbox software on your PC and try it. It is almost the same for the Webinterface version besides you have less settings to configure. There´s not much you can do wrong here. If you get stuck anywhere, you can just create a thread here :)
      OMV 4.x| HP Microserver | 256GB Samsung 830 SSD for system | 4x 2TB in a RAID5
      OMV 4.x| Odroid XU4 | 5TB Data drive | 500GB Backup drive
    • I was able to install Pi-Hole (current version as of today, 3.1) directly on my RPi1 running OMV 2.2.14.
      Installation worked great, the only thing I had to do afterwards is to configure a different port for lighttpd and restart it:

      curl -sSL https://install.pi-hole.net | bash
      nano /etc/lighttpd/lighttpd.conf
      -> set server.port to something that is not used by OMV (I used 8080)

      /etc/init.d/lighttpd restart

      Then I was able to log into the web interface using http://openmediavault:8080/admin
      Works great :) Would be nice to have Pi-Hole as an OMV-plugin though ...
    • this is my HOWTO Install Pi-Hole.
      [HOWTO] Install Pi-Hole


      I'll try your approach to edit lighttpd.conf.

      thanks.
      OMV 4.1.11 x64 on a HP T510, 16GB CF as Boot Disk & 32GB SSD 2,5" disk for Data, 4 GB RAM, CPU VIA EDEN X2 U4200 is x64 at 1GHz

      Post: HPT510 SlimNAS ; HOWTO Install Pi-Hole ; HOWTO install MLDonkey ; HOHTO Install ZFS-Plugin ; OMV_OldGUI ; ShellinaBOX ; ctop
      Dockers: MLDonkey ; PiHole ; weTTY
      Videos: @TechnoDadLife
    • jollyrogr wrote:

      No OS installation necessary.
      If you run pihole in a docker, no OS installation is necessary either :)
      omv 4.1.22 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • jollyrogr wrote:

      True, but can you update pi-hole when new updates are available? All I need to do is SSH into the VM and do a "pihole -up".
      Sure. You shutdown the old container and spin up a new one (assuming you have the right tags). It will start using the latest code. watchtower can do it automagically for you.
      omv 4.1.22 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Neat. But what about flmaxey's pi-hole docker tutorial that says this:

      ** If upgrading to the latest image, it is recommended that the previous container is stopped/deleted, delete the previous image, delete the macvlan driver in the networks tab and delete the file contents of [b]/dockerparms/pihole . [/b]Then proceed with the installation of the new image as follows.**

      Sounds a lot more involved than what you describe. Sounds like starting over every time.

      The post was edited 1 time, last by jollyrogr ().

    • I have 2 OMV servers, one is on PcDuino 3 Nano (ARM CPU + 1 SATA) and one X86 with 7 HDDs, it's noisy and I don't need it all the time. So no docker on pcduino etc, but no noise also.
      24/7 OpenVPN server: PCDuino3 Nano OMV 3
      used with WOL by demand: OMV 3, AMD Phenom, 9 drives, 26TB of storage.
    • tornadox wrote:

      I have 2 OMV servers, one is on PcDuino 3 Nano (ARM CPU + 1 SATA) and one X86 with 7 HDDs, it's noisy and I don't need it all the time. So no docker on pcduino etc, but no noise also.
      That works. Honestly I'd like to get an SBC to run Pi-hole simply because then I don't need the NAS powered up in order for the internet to work. If the power goes out, I can shutdown the server and the UPS could keep the modem, router and pi-hole running for hours.
    • jollyrogr wrote:

      Sounds a lot more involved than what you describe. Sounds like starting over every time.
      That is his method. Do some searching and you will find plenty of people using the method I described. Use whatever works for you.
      omv 4.1.22 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • jollyrogr wrote:

      I need to install docker and familiarize myself with it
      And think twice about using Google's DNS as 'some tutorial' suggest if your use case (Pi-Hole) is about privacy. Handing out everything what happens in your local network to Google is most probably not exactly what you want in this case.
      No more contributions to this project until 'alternative facts' (AKA ignorance/stupidity) are gone
    • tkaiser wrote:

      And think twice about using Google's DNS as 'some tutorial' suggest if your use case (Pi-Hole) is about privacy. Handing out everything what happens in your local network to Google is most probably not exactly what you want in this case.
      Privacy on the internet... What an entertaining notion... Without really good VPN equipment or, better yet, Class A encryption point to point, there's no such thing as "privacy" on the internet. It's simply a matter of "who" collects a users ephemerous networking data. On the other hand Pi-hole can, and does, block Microsoft's "known" telemetry servers from coming into a user's LAN and plugging directly into Windows clients.

      I used the Google server as an "example", in a HOW-TO. An example is, by definition "one". While there are others, Google supports DNSSEC and ANYCAST which, in the vast majority of cases, will locate the nearest end point server and provide some protection from "man in the middle" DNS attacks and cache poisoning.
      But as I've repeatedly pointed out, there are several public DNS server choices. There are also plenty, within that group, that support both DNSSEC and ANYCAST.

      Of course, if I botched it in your opinion, feel free to write a better Pi-hole How-To. We'll see how that goes... :)

      jollyrogr wrote:

      Agree 100%. I use pi-hole with my ISP's DNS.
      The question to be asked is, how do you know your ISP's DNS server, is actually a DNS server? It's easy to set up a proxy server that appears to be a DNS server, but actually forwards requests up-line to an authoritative public server. Some ISP's do this and it's not easy to detect.

      To look at it clearly, ISP's route data for money and it's all about the money. In attempts to "traffic shape", ISP's have a number of tools at their disposal which include DNS redirects, point-to-point tunnels, BGP, eBGP (protocols that route by policy, with cost as a primary metric), and others. ISP's can, and do, route traffic half way around the planet, if it will save a few dollars, rather than take a direct route. (And that longer path might be used for your high bandwidth Netflix streaming account.) In the bottom line, your ISP does not always have your best interests at heart.

      While it's impossible to prevent all forms of traffic shaping:
      In my case, I chose not to grant my ISP all the tools they typically use to easily track what I'm doing, throttle my traffic, etc. Since the vast majority of users hand them this information, the small percentage who do not are, for the most part, lost in the noise.

      Setting aside ISP's known manipulation of DNS, I believe better security is offered on public servers, so I use public servers. But that's just my opinion, and it's all about choices and what we're comfortable with. Since it obviously works, there's nothing wrong with using your ISP's DNS.

      The post was edited 3 times, last by crashtest: edits ().