Offcourse you need to have http server running to serve this file. There is free services that supply a real ssl. Seems overkill, but this seems to work for all devices (apple, windows) Copy the pages from the NXfilter webapp folder into your apache folder. Multiple rules to accomplish the same result: where can your clients find wpad.dat query all DNS upstream servers, so not failover: Use ony if you have the same upstream DNS company I needed the tag, but normally you do not need that. (See the backups in option6 if pihole goes down, your cliets will fallback to ) The DHCP scope: range, gateway and option6 dns servers your client should receive. I have another DNS server running on the same box, so this is to make sure I can start DNS on eth1 etc. Download NxFilter, Your free DNS filter Download, nxfilter-4.6.7.4.exe, mirror 73.2M changelog, nxfilter-4.6.7.4.deb, mirror 48.2M changelog, nxfilter-4.6.7.4.zip, mirror 49.1M changelog, nxfilter-4.6.7.4-azure.zip 80. Stop servring DHCP or DNS on any other nic than eth0 Most routers support DHCP feature these days. So, the best way would be using a DHCP server. But you don't want to set up all the PCs in your network one by one. If you are happy with pihole (and you should as it is a superp lightweight product) just continue to use it as you are doing now The simplest way of setting up NxFilter as the DNS server for your users would be modifying the network setup at OS level like the screenshot above. It's very easy to combine them into 1 small box and have the best of multiple worlds. It is not a competation about what product is best. Because I combine privoxy with the adblock pro rules.Īn intelligent proxy.pac makes sure there is almost no speed loss. My setup does all that centrally, so also on mobile devices. You can read the forums: using pihole in combination with local adblock/ublock is recommanded. It also does element hiding, removing annoying cookie banners I can send you a privoxy logging and you will be amazed how much more is blocked in addition to PIhole blocking. Privoxy filters out many more you can not filter on dns level: lots of unwanted java crap for example. NXfilter can.ĭHCP sends out a very intelligent wpad file to proxy /not proxy sites. Pihole cannot do catagories, nor can it interact with an AD dns server if you have the need for that. Mxfilter to filter catagories (porn etc.), enable google safe search etc. Shellinabox (try it!!, no more screen needed on your rasp) Samba (so I can edit blacklist, etc.very easy) Real https filtering (very difficult as there is a valid ssl cert needed.) Real firewall? and set privoxy as transparent. Privoxy getting adblock pro rules import to work in Jessie with cron. Sudo ip link add link eth0 address fe:06:19:80:36:cc name eth4 type macvlan Worst case I need to move to better hardware, but so far not needed.įor the second dns server I just cloned eth0 to eth4 with this trick: Network seems to be fine in smaller test scenarios. Just running the build in fake HW clock of the rasp to keep costs low.ĭuring boot it just updates correct time from internet and then starts acting as time server. Tried someting similair myself with windows sinkhole dns, but that was a disaster.Ībout time server. The issue is that unless we install the Filter appliance SSL root certificate on every device, we're going to see the 'This connection is not private' error, typically in modern browsers (related to HSTS).Ĭan any other filter show a block page for HTTPS sites without needing to install the SSL certificate?īasically, I'd like to take some examples back to them and suggest they are not correct in saying that all filtering engines suffer the same problem - I'm sure I've seen a block page on my device when going joining a guest network and heading to a HTTPS site (without SSL certificate) Can't remember whether it was Smoothwall or Sophos.ĮDIT: Apologies, I should have mentioned that I actually don't want to SSL inspect any traffic, but without the inspection this issue is compounded in the sense that most HTTPS sites then show the 'Connection not private' problem page.I really like the pihole. They suggest all filtering providers are the same on this issue. Came across an issue with our current filtering solution that has an undesirable workaround.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |