Pi hole plus
I am considering setting up a Pi-hole on my LAN.
I thought that rather than dedicating the pi to just that alone, maybe I could double up and use it for more than one job.
Probably not a good idea. Adding unnecessary complexity to what, in this case, really should be a "set it and forget it" type of appliance is a recipe for frustration.
Linux is great but the frequent updates (especially in libraries) can and do cause all sorts of strange and hard to diagnose interactions.
The cost should be minimal and easy to justify. Once it is originally setup it should probably run fine "headless" (i.e. no monitor or keyboard) and you should be able to login remotely to add any updates to the ignore/black hole database.
Okay, sounds like a disaster waiting to happen given my inexperience with Linux.
All I had in mind was a not-much-to-do sensor monitor which turned on a buzzer or light when triggered but rather than mess with a dedicated appliance I guess I can build another pi and use it as an experimental do-everything item.
The great thing about RPi is they are so cheap. You can easily justify using several for various purposes. I’m not positive, but I’m reasonably certain that even a RPi0 could easily handle the job.
And even the “Zero” should have plenty of excess power to do other stuff — BUT the Pi-Hole (of necessity) becomes an integral part of your network, and a reboot or even a slight hiccup will cause all sorts of problems across your whole network.
Having said that, I’m sure that many people do successfully run Pi-hole on all sorts of complicated configurations, but 4 decades of I.T. experience has made me a strong believer in the KISS principle.
I have Pi Hole running on a dedicated RasPi on my LAN here at my home. It runs headless and has been running for months in a just set and forget mode. In fact until I saw your posts, I had 'forgotten' I even had Pi Hole running on my LAN. It has been running flawlessly for months and may be in need of some updates.
I'm just a little hesitant to touch it. You know the old adage, "If it ain't broke, don't fix it!"
Like you say, If it ain't broke why give it some cash?
@will Or he would try to make it better by tacking on a lawn mower, wheelbarrow, duct tape, and God knows what else...
Probably a K car as a power source and snow fence as a belt to drive it from the rear tires 🙂
Experience is what you get when you don't get what you want.
I have been toying with the idea of using a Raspberry Pi for NAS storage. I just found something better.
This is a step up. Combining this occasionally used service with the Pi Hole might work. I don't know if it is possible though. You would have to install the custom cloud OS then see if you can install Pi hole. Limiting the different services bandwidth would be recommended.
I would be interested to know how you get on.
I haven't done anything with a Raspberry Pi at all yet. I was just fishing for ideas before I put my toe in the water.
Hi @revver11, @madmisha et al,
I have only glanced at the Pi-hole website to find out what it does, from which I got the impression it is a kind of "supplementary firewall" to minimise some of the "more dubious", but not "openly hostile" Internet traffic, the latter being the focus of the primary firewalls and other security measures. I guess most of us use various browser protective mechanisms and this seems to be in the same general category of tools to ward off annoyances, albeit from a different angle.
(Apologies for this vague and possibly inaccurate definition - please feel free to 'politely' enlighten me.)
However, assuming its function is like a "supplementary firewall", then it is likely to occupy a fairly privileged position in your network, especially if you enable it to front up DNS, DHCP, etc. My initial fear is that even the basic 'Pi-hole' may introduce a weak spot that the hostile side of the Internet fraternity could use as a back door into your network. However, assuming Pi-hole as an open source design with wide scrutiny, is well secured when running on a 'clean machine', this security might be compromised by attaching another task.
Additionally, the network position of Pi-hole is not (physically) somewhere I would want to put 'high value' data .. so NAS storage of my 'private' data feels totally inappropriate. (If I had a subset of data I also needed to access from outside of my local network across the Internet, that might be a different matter .. but currently I don't need such access, so I haven't considered this possibility.)
Please note this is only a personal impression, but sadly the Internet is great resource for those of both good and evil intent.
Please think carefully and take care whatever you decide!
Just because you can do something, it doesn't mean it is wise to do it.
Pi Hole intercepts ads, it is not really a firewall(in my case there would still be a good firewall before the Pi). You just route your DNS through it and whenever you go to a site like YouTube or a news article, it scans for anything on the Black list and when forwarding it to your computer, it is missing the code to display the ad(and blocks traffic to the ad). Where the add was is just blank on the page. It also works with cookies. But I do see your point of using it for storing sensitive data.
I will only be using the cloud service(I might not ever do port forwarding, I don't have much on my phone that I need backed up like that). I just want a cheaper NAS for 2 computers on my network(It infuriates me to see the price of NAS units and that's without the hard drives!). I'm really ok with ads. I access sites for free and I'm fine with them making money to cover the costs. I also haven't seen an ad on YouTube in at least 6 months and I do not have Premium. Maybe they are phasing out? For me, YouTube ads were the only one that was bothersome. And if it became a problem, there are extensions for Chrome and Firefox that do the same thing. For things that you pay for and still get advertising, I'm probably going to drop their service out of principle.
I might try it as an academic exercise though. It's easy to reformat. That will be months away though. I have bigger projects on my plate now.
I'd agree with Steve on this one, at least in "production mode." I run mine on a dedicated Pi. I would also consider a Pi Zero, since the CPU requirements are small. However, you'd have to get a connector for USB-to-Ethernet, then maybe another connector for USB-to-microUSB. What a pain. It's best to have hard wired Ethernet. So use a Pi 3B or even earlier, if you can find one on eBay. I'm actually using my original Raspberry Pi, Model B, the one that had no mounting holes at all. It works great, though I restart it in the early hours, once a week, just to watch out for memory leaks. Good luck!
In theory, theory and practice are the same.
In practice, they're different.
Yes, I realised it was not a firewall in the proper sense..., especially as it is only seeing a small proportion of the traffic, but it is sitting in a slightly strange position, so I visualised it as a kind of firewall helper, to improve the overall effectiveness of the firewall.
I agree and sympathise with your feeling that an internal low cost NAS might be a smart move ... and concur the commercial offerings are not compatible with my credit card health ... but think Pi-hole and NAS are a place for as much independence from each other as possible.
As for Pi-hole, I only looked quickly at its website, but when the memory requirements were discussed I wasn't clear whether they were discussing RAM or EPROM, and whether these requirements included the operating system or were in addition to the operating system. Hence, if someone was looking to buy a 'minimal' Pi, exactly would you need. I am not planning to implement at the present, but it might be useful info to be clear about for the future.