![]() But we removed it as there's no need to make it complicated while most people using it for their local network requests only. In old days, we have a GUI option for another Block Redirection IP for that case. So NxFilter responds those blocked requests with its private IP and that makes a problem. In that case, since your NxFilter sits in a local network your Block Redirection IP would be a private IP. It's for when you run NxFilter in your local network while dealing with the DNS requests from public network at the same time. ![]() What does that do for nxfilter? If i add that line to the config, what is that actually doing for me? But what I don't get is, what IS a "Block Redirection IP". Are you saying when it gets a request from an external/public IP (the office), it needs to handle it differently. So was have nxfilter on a cloud server, being accessing from our office. So we made that you can set 'block_public_ip' option on cfg.properties.Īdd above line into your cfg.properties file. One is a private IP and the other one is a public IP. When NxFilter runs in a local network and it gets request from public IPs, you may need to have 2 kind of Block Redirection IPs. However, there's one problem with network over router or port forwarding. "With v4.3.8.8, we have a hidden feature related to private DNS or DNS over TLS. Note that I'm not publishing DHCP port 67, since I don't use Pi-Hole dhcp.I'm curious if there is any actual documentation on the settings in cfg.properties anywhere. Use a static IP in the 'dns' network subnet (here 172.18.0.2). # Create a folder where we will keep our containers' persistence data We will use it to set static IPs to the containers. # Check which subnet was assigned to the network (e.g. # Create a docker network where we will keep both containers Folders for Pi-Hole configuration persistence: /home/pi/Documents/DOCKER/.Update the environment variable TZ to your timezone. Ports for this container must be published to the recommended standard values to work properly, as this is what LAN clients will face first: 80, 443, 53. Run Pi-Hole in a docker container and verify that it works. Systemctl status rvice systemctl start rvice systemctl enable rviceĢ. # Verify that docker is running or start it if it's not: # Import the key sudo curl # Add the repository url to the apt list # EDIT FILE: /etc/apt/sources.list deb stretch stable # Verify that repository is working and upgrade packages, if needed sudo apt-get update sudo apt-get upgrade Sudo apt-get install vim apt-transport-https ca-certificates software-properties-common -y # Get the docker easy install script curl -fsSL -o get-docker.sh & sh get-docker.sh # Allow pi user to run docker commands without sudo sudo usermod -aG docker pi # Add docker to the package update repositories. It will use actual internet DNS servers and complete the name resolution. Configure NxFilter for DOH (DNS over HTTPS). Configure Pi-Hole to use NxFIlter's container IP as the only upstream DNS Run Pi-Hole on the raspberry Pi and expose DNS port 53 to the client devices. Set Raspberry Pi as the primary and only DNS IP for you LAN network (can be done in DHCP settings on your router/modem or manually on each device). Configure your Raspberry Pi with a static IP. For this scenario we want to use docker containers and leverage their default security and isolation. ![]() ![]() Also, I'm not a fan of installing everything on a bare metal - it's often more complicated, leads to port conflicts and too much configuration, harder to keep up to date. ![]() We want to daisy chain Pi-Hole and NXfilter to take advantage of both of them in our home network and run all of that on our Raspberry Pi. Manage categories and classifiers, easily create your own Creating users based on IP or LDAP and assigning different DNS access policies to them, including time quota It is free, and the Jahaslist for blocking that comes with it is free for home usage (under 25 users configured in the system). NXFilter is much more than an ads filter, in fact it's designed to be used in an enterprise environment with many amazing features that allow granular control. Even in a home network you may be tempted to have more control and custom policies. Although it helps to get rid of some of the annoying ads and known malware, it lacks advanced functionality and control. Pi-Hole is known as a good and easy to use DNS filter for a home network with many ads blocking lists publicly available. I'm also not focusing on extra-security configuration for the setup, which is surely possible. I do not explicitly explain how to image the Pi or configure network interfaces her. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |