Pihole on gateway device?

CameronDev , 6 hours ago

Openwrt can run Adguard, and as long as your gateway can run docker, you can probably get pihole working.

Dave OP , 6 hours ago

Thanks, so what I should look for is a gateway running OpenWRT, which can run docker?

tired_n_bored , 6 hours ago

Yes you can install Docker on OpenWrt but do your own research as if I remember correctly you have to thinker with it

CameronDev , 5 hours ago

I think its better to keep your gateway basic, and run extra services on a separate raspi or similar. Let your router/gateway focus on routing packets.

DarkDarkHouse , 5 hours ago

Agreed. I would also reconsider ditching the ISP router. You can still connect your gateway to it, and having the ISP device on premises can mean they might not blame your equipment for a line issue.

Dave OP , 4 hours ago

It’s a little bit more complicated than I made out. For one, the network is super unstable and restarting the ISP router seems to fix it. I want to replace the router to test the theory that it’s the problem.

Secondly, this is a bring your own router to the ISP situation, but the router came from another ISP, but they are all the same ISP in the end because one company owns a whole bunch of ISPs and sends the same router to all the customers of all the child companies. Long story short, it’s the router they would have issued to me, but they didn’t, because a different subsidiary sent it to me before I changed ISPs to take advantage of a special because I live in a country where the lines are open and anyone can start an ISP using the existing lines but if you get big enough to be competition then the big company will buy you out and pretend it’s still a separate company. But if it doesn’t work well then it’s up to me to solve unless I am willing to pay the ~$10USD for them to send me the ISP router that is supported by them but it will be the same cheap router as I already have. Ok that’s not a very short story but that’s why it was easier to just call it an ISP router 😆

Dave OP , 4 hours ago

I’m not overly against keeping them separate. It’s just I have a lot of stuff piling up and consolidating would have been nice 😆

Finkler , 6 hours ago

May I suggest that you visit https://homenetworkguy.com/. Will give you plenty of information on what you are looking to do.

It helped me do the same.

Dave OP , 6 hours ago

Thanks! I’ll check it out.

just_another_person , 6 hours ago

Look into a Gl.Inet device. Ships with OpenWRT and can run whatever you want as an integration.

Dave OP , 6 hours ago

Thanks! It seems OpenWRT was the magic word I was needing.

hungover_pilot , 6 hours ago (edited 6 hours ago)

Most of the more advanced gateways have some sort of DNS filtering built in. Opnsense has an adguard plugin, pfsense has pfblocker-ng, openwrt has a few different options, Unifi and mikrotik both have solutions too I think. Usually you can just load the same block list that pihole uses into the filtering software and you are good to go.

If you want the most flexibility and want to use the same hardware for both gateway/DNS and want to try out different DNS/router solutions a hypervisor would give you the most options. But it would also be the most complicated.

Dave OP , 4 hours ago

One of the things I use pi-hole for is to set customer DNS entries so anyone on the network will be redirected directly to the self hosted services when the type in the appropriate domain name. So it’s not just about the filtering (which I also want), but also the (network wide) custom DNS entries.

I’m also happy with simple. I’m not overly against keeping the pi-hole and gateway separate but was just wanting to know if combining them would be an option (which is sounds like it is, but not super easy).

tychosmoose , 3 hours ago

The easiest part of your requirements are the custom DNS records. All of the platforms recommended so far can do this. OpenWRT has the advantage of WiFi capabilities. If you want the router to also be your WiFi access point then it may be your best option. But it sounds like you only need it to be a wired router, which is good.

As far as the ad blocking, I have done this with pi-hole, and with the built-in DNS and block capabilities of OpenWRT, Mikrotik and OPNSense. They are all fine. The router ones don’t have the fancy web UI like pi-hole. So if you use that a lot you will be disappointed. Mikrotik’s is the most basic and a new feature for them, but they are actively developing it. Plus their current routers can run containers, so you can run pi-hole on the router as a container if you want.

PoE ports as a requirement is what narrows your options considerably I think. You could get that from a separate switch. If you want that in the router itself then you have very few options.

Mikrotik has a lot of routers with PoE out. Their newest model in the RB5009 series can do either passive or 802.3af/at PoE out. Many of their older routers have passive PoE only. Make sure you know what your cameras need.

I had similar requirements as you and got this: mikrotik.com/product/rb5009upr_s_in

It has PoE out available on all 8 Ethernet ports. The default 48v power supply works with 802.3af/at PoE. It is a 96 watt supply, and can support ~76 watts of PoE downstream. If you need passive PoE then you would need to change to a 24v power supply.

Mikrotik RouterOS requires some learning to use its advanced features, but their quick setup defaults are good. And the platform is super reliable and flexible.

For DNS you would use their Adlist functionality along with a script similar to the one from BartoszP in this thread to enable DNS name resolution for lan hosts: forum.mikrotik.com/viewtopic.php?t=181640. That script is added to the DHCP server config to run when each client gets an address lease. And then you would add static name records in IP / DNS / Static for the other host.domain names you want your lan devices to connect to by name which can’t be resolved via your upstream DNS server.

Dave OP , 2 hours ago

Thanks for all the info and the detailed response!

But it sounds like you only need it to be a wired router, which is good.

Correct, don’t need wifi.

PoE ports as a requirement is what narrows your options considerably I think

I’m happy with doing this through a separate switch, but I’m happier if I can have less things to plug in. It’s not a must have though.

Mikrotik has a lot of routers with PoE out. Their newest model in the RB5009 series can do either passive or 802.3af/at PoE out. Many of their older routers have passive PoE only. Make sure you know what your cameras need.

I don’t have cameras yet, but I’m considering some Reolink ones. Happy to take suggestions. Am I likely to find a lot of difference in the PoE type or are most things compatible with each other?

drakz_au , 1 hour ago

As someone who is also a fan of having less things to plug in I must say, one pitfall of having an all-in-one device is that if it fails then EVERYTHING fails and you're left having to replace a (probably expensive, possibly hard to get) all-in-one device.

Decronym Bot , 3 hours ago (edited 1 hour ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters	More Letters
DHCP	Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network
DNS	Domain Name Service/System
IP	Internet Protocol
PoE	Power over Ethernet
Unifi	Ubiquiti WiFi hardware brand

---

5 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

[Thread #955 for this sub, first seen 7th Sep 2024, 10:25] [FAQ] [Full list] [Contact] [Source code]