Hi there,
On my router/modem I cannot change the DNS entries, thus just using Adguard/PiHole for DNS blocking ads doesn’t work. Would a seperate Router circumvent this problem? Could I set up Adguard (or PiHole) on a Raspberry and use it as a DNS server for my home network?
The plan would be to use my ISP-provided router just as a modem to connect to the internet. Then us a second router to provide my home network, where also Adguard/PiHole can do their thing.
Would this setup work and how would I need to configure it?
Yes, that will work. On your router plug in WAN (or whatever that’s called on your router) port to the ISP router, set up IP-range and NAT (plus DHCP and whatever other services you might want to use) and plug in the rest of your network on the LAN side of the router. That way the only thing ISP router will see is your own router and everything else is behind that & yours to configure however you wish.
I’ve ran setup like this on several locations and (if possible) I’ve used bridged port on the ISP router, so that ISP router is only a ‘media converter’ and my own router connects directly to the public internet. Just make sure to have proper firewall configuration and keep safety in mind when doing that. If bridging isn’t possible your traffic just goes trough NAT twice (your router and ISP router) which in some odd edge cases can cause problems, but they’re very rare.
Connect the router’s WAN port into the cable modem. Plug your stuff into the router LAN ports or connect to the new router wifi. Set pi hole to a static address and then set the router’s DNS to point to that. Remove any secondary DNS in the router settings. Reboot everything and make sure it all works. That should be about it.
I’ve done something similar in Ireland, where ISP router was the only way to connect. Managed to setup everything on OpenWRT router, but it kept disconnecting, so I put openwrt router behind ISP router.
Interesting thing I found in ISP router is DMZ host - just point it to your own router and that’s it. Basically ISP router doesn’t exist lol.
This is also sometimes referred to as “bridge” mode. Even if the ISP doesn’t officially support it, some googling may reveal how. It’s shockingly easy to find the default credentials for these things, for example.
Bridge mode on the ISP router is what you want. Then it just passes through the internet connection to the internal router on the edge of your network. It’s what I do with Comcast.
I had this same problem but Pihole can act as your DHCP server too. I turned off DHCP on my ISP router, turned it on in Pihole and configured my range (with some buffer for static IPs for servers and others) and off it went. When all my clients (laptops, workstations, phones, etc.) requested an IP (which I saw them trickle in almost immediately), they got their IP from Pihole and also automatically directed all DNS queries to Pihole. No need for complicated setups.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
Wireguard + pihole?
I don’t see why it shouldn’t work. I have my ISP router set to pass through mode and my mikrotik router behind it
Yes, that will work. On your router plug in WAN (or whatever that’s called on your router) port to the ISP router, set up IP-range and NAT (plus DHCP and whatever other services you might want to use) and plug in the rest of your network on the LAN side of the router. That way the only thing ISP router will see is your own router and everything else is behind that & yours to configure however you wish.
I’ve ran setup like this on several locations and (if possible) I’ve used bridged port on the ISP router, so that ISP router is only a ‘media converter’ and my own router connects directly to the public internet. Just make sure to have proper firewall configuration and keep safety in mind when doing that. If bridging isn’t possible your traffic just goes trough NAT twice (your router and ISP router) which in some odd edge cases can cause problems, but they’re very rare.
Connect the router’s WAN port into the cable modem. Plug your stuff into the router LAN ports or connect to the new router wifi. Set pi hole to a static address and then set the router’s DNS to point to that. Remove any secondary DNS in the router settings. Reboot everything and make sure it all works. That should be about it.
I’ve done something similar in Ireland, where ISP router was the only way to connect. Managed to setup everything on OpenWRT router, but it kept disconnecting, so I put openwrt router behind ISP router.
Interesting thing I found in ISP router is DMZ host - just point it to your own router and that’s it. Basically ISP router doesn’t exist lol.
Then you have absolute freedom with your router.
removed by mod
It’s not really optimal, having two firewalls and double NAT. Maybe check if your ISP router supports a modem-only mode.
This is also sometimes referred to as “bridge” mode. Even if the ISP doesn’t officially support it, some googling may reveal how. It’s shockingly easy to find the default credentials for these things, for example.
Cant you just set PiHole’s IP as DNS on your clients?
Yes, especially if you use it as your dhcp server.
Bridge mode on the ISP router is what you want. Then it just passes through the internet connection to the internal router on the edge of your network. It’s what I do with Comcast.
I had this same problem but Pihole can act as your DHCP server too. I turned off DHCP on my ISP router, turned it on in Pihole and configured my range (with some buffer for static IPs for servers and others) and off it went. When all my clients (laptops, workstations, phones, etc.) requested an IP (which I saw them trickle in almost immediately), they got their IP from Pihole and also automatically directed all DNS queries to Pihole. No need for complicated setups.
Edit: fix typos.
You can do this with Tailscale. Added plus is you can then use Tailscale on you phone to access your pihole for DNS when on the go.
https://tailscale.com/kb/1114/pi-hole/
https://shotor.com/blog/run-your-own-mesh-vpn-and-dns-with-tailscale-and-pihole/