superMaru

  • Home
  • About

Category Archives: Raspberry Pi

PI-HOLE: Adblocking for home

05/24/17 / / 1 Comment / Home DIY, linux, Raspberry Pi / linux, networking, security, ubuntu

I’ve came across a yet another easy and cool home project that is intended for Rapsberry Pis, but can run on any flavor of Linux (Requirements here). Its called Pi-Hole and you can set it up in 5 minutes or less.

Website: https://pi-hole.net/

The idea is simple: it blocks all add traffic in your network as it acts as a DNS server. While you should have browser extensions to protect your privacy (a post for later), mobile devices, smart TVs, your mom’s laptop and your younger siblings computer full off questionable “free” software can benefit as they do not have to install or configure anything. Its all dynamically configured with some effort on the network level and the result is there is no user-level interaction required.

 

If you are familiar with OpenDNS, the service is similar with the following differences:

  1. You need to install PiHole locally in your network, then configuring your DNS server to send queries to PiHole versus setting the DNS server IP to OpenDNS
  2. PiHole takes care of blocking advertisements only
  3. OpenDNS does content filtering and protects you from malware, botnets, phishing and targeted online attacks

 

To get the best of both worlds,

  1. Configure your local LAN to resolve DNS queries to PiHole
  2. Configure PiHole to forward DNS queries to OpenDNS
  3. Use a firewall (pfsense works great)

Installation

I’ll go over the basic installation on a Ubuntu 16.04 LTS server VM instead of a Raspberry Pi. The configuration would be the same, except I already have openssh-server, updates, etc setup on a VM that I’ve setup and treat as my template. I just simply did a link-clone in VMware Workstation and my environment was up in seconds.

Things you need to get started:

  1. Access to your DHCP server
  2. Provide a static IP address that is not within the range of your DHCP scope
  3. A Raspberry pi or Linux system (A VM would suffice for testing it out)

DHCP configuration

You will need to configure your DHCP server (if its home, then its most likely your router) so when a client requests for a DHCP IP, you can push the DNS IP address as well. I won’t touch on this configuration step as everyones home configuration would be different.

Once you have terminal access to your server, just type: curl -sSL https://install.pi-hole.net | bash

The installation process is straight forward and quick.

Shortly after, a pink install dialogue will open:

Once the packages have loaded, you’ll be greeted with the automated installer message below. You will need to hit enter to proceed with the installation

Just like any open-source project, its free. However donations help and go a long way.

A message will appear stating that you will need a static IP address (regardless if you have already done so)

This is where you can select your upstream DNS provider. Don’t worry, you can configure this later in the nice UI dashboard

Your next choice is to decide which protocol to select (IPv4 or IPv6, or both)

The installer will detect your IP address and ask if you really want to proceed. Go ahead and hit enter.

One last warning stating the static IP address may be within a DHCP scope.

Next menu is regarding the web admin interface. Leave as default and continue

Last item would be log queries. I left it default.

 

Assuming your install went fine, you should see this final screen. Make note of your login password!

 

 

Once the install is done, open up a web browser and navigate to http://[your ip address]. You’ll need that password to proceed from here.

Once you are in, you are presented with a nice admin web dashboard:

I overwrote the DHCP assigned DNS server on my desktop with my PiHole server and started browsing the web. So far, it managed to block a couple advertisements already, regardless if i have AddBlock Plus

If you want to change the Pi-Hole configuration such as making it a DHCP server, changing the upstream DNS server, etc – its all do-able under Settings:

Now you’re all setup! Now start browsing websites and check back on the dashboard in 30 minutes. I guarantee how surprised you will be to see how much content you are filtering and how many things are working in the background on websites. Once cool idea is to run tcpdump (WireShark) and see how much calls to ad-related servers are going on before and after switching to PiHole.

Raspberry pi Console Server

05/06/15 / / Leave a comment / data center, linux, Raspberry Pi, tips and tricks / console, networking, raspberry pi, serial, telnet

Do you work with networking devices but don’t have the money to shell out for a Opengear, Pele, or Tripplite serial console server? Fear not, Raspberry Pi is here! Home lab users and budget constrained Network Admins will enjoy this.

For those who are unfamiliar with the Raspberry Pi (RPi for short), its a credit card sized computer that runs Linux. Your imagination is the only limitation.

Using the Raspberry Pi

Because the RPi runs linux, we’ll use a program called ser2net. This allows us to take a network configuration and pass it over to a serial connection. The RPi 2 has a total of four USB ports, so we can squeeze in a total of 16 serial ports if we want to by using the USB to 4xDB9 adapters. If you use the RPi Model A, you are limited to just two USB ports.

If you really want the ports, you can use a USB hub and go bananas with the serial connections. Just keep in mind you’ll need additional power to drive the USB hub.

Bill Of Materials:

Item Qty Price
Raspberry Pi 1 $35
RPi Case 1 $10
Micro SD Card, 8GB 1 $10
Power 1 $8
USB To 4 Serial connectors 1-4 $45 ea

Total for just 4xDB9: ~$108

You can pimp out your RPi with 16 ports for about $240.

IMG_3961

Setup:

I have my RPi 2 running Raspian, which is a Debian distro with a 3.18 kernel.

Installing ser2net

wget http://downloads.sourceforge.net/project/ser2net/ser2net/ser2net-2.9.1.tar.gz
 tar -xzvf ser2net-2.9.1.tar.gz
 cd ser2net-2.9.1/
 ./configure
 make
 sudo make install
 make clean

Identifying USB -> TTY mapping.

Since I have two of the USB adapters, I see a total of eight TTY lines. You’ll want to run dmesg | grep tty

root@peach-pi:~# dmesg | grep tty
<output ommited>
[ 4.279028] usb 1-1.2: FTDI USB Serial Device converter now attached to ttyUSB0
[ 4.376444] usb 1-1.2: FTDI USB Serial Device converter now attached to ttyUSB1
[ 4.480113] usb 1-1.2: FTDI USB Serial Device converter now attached to ttyUSB2
[ 4.599098] usb 1-1.2: FTDI USB Serial Device converter now attached to ttyUSB3
[ 4.665776] usb 1-1.3: FTDI USB Serial Device converter now attached to ttyUSB4
[ 4.724553] usb 1-1.3: FTDI USB Serial Device converter now attached to ttyUSB5
[ 4.764607] usb 1-1.3: FTDI USB Serial Device converter now attached to ttyUSB6
[ 4.795576] usb 1-1.3: FTDI USB Serial Device converter now attached to ttyUSB7

 

Looking at the output above, usb 1-1.2 has a total of four tty lines mapping to ttyUSB0-3. The second USB port, 1-1.3 takes ttyUSB4-7. If you decide to use all eight ports, usb 1-1.4 and usb 1-1.5 will show up.

IMG_3962

With the cables I have purchased, the port numbers are molded onto the connector (1-4). Since I’m using two of these, the second USB serial cable #1 becomes ttyUSB4, #2 becomes ttyUSB5, and so on. I’ve used a cable label maker to make life easier and quickly see what cable is mapped to what TCP port number.

Setting up the port forwarding

Now we know how Linux mapped our USB Ports to the tty lines, lets set the port forwarding by editing /etc/ser2net.conf

Here is my config file:

 root@peach-pi:~# cat /etc/ser2net.conf
 BANNER:banner:Macky's Raspberry Pi console server. All connections are monitored and logged. V VATCHING U
 1001:telnet:0:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT banner
 1002:telnet:0:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT banner
 1003:telnet:0:/dev/ttyUSB2:9600 8DATABITS NONE 1STOPBIT banner
 1004:telnet:0:/dev/ttyUSB3:9600 8DATABITS NONE 1STOPBIT banner
 1005:telnet:0:/dev/ttyUSB4:9600 8DATABITS NONE 1STOPBIT banner
 1006:telnet:0:/dev/ttyUSB5:9600 8DATABITS NONE 1STOPBIT banner
 1007:telnet:0:/dev/ttyUSB6:9600 8DATABITS NONE 1STOPBIT banner
 1008:telnet:0:/dev/ttyUSB7:9600 8DATABITS NONE 1STOPBIT banner

 

Whoa there, what the heck is all that?! Lets break it down:

BANNER – this is your motd (message of the day) when you connect to the terminal server. You don’t need it, but its a nice to have.

Setting up the port forwarding:

1001:telnet:0:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT banner

The configuration is broken down like so: <port number>:telnet:<state>:<device>:<options>.  So in my example above, I’m taking TCP port 1001 and forwarding it to /dev/ttyUSB0, using 9600 baud rate, 9 DATA bits, no parity, 1 stop bit, and display the banner.

 

Testing it all out

root@macky-vm1:~# telnet peach-pi 1001
Trying 10.X.X.X...
Connected to peach-pi.eng.storvisor.com.
Escape character is '^]'.
Macky's Raspberry Pi console server. All connections are monitored and logged. V VATCHING U

IMG_3963

I have a couple improvements I’d like to do for my RPi terminal server such as having power via POE Ethernet and maybe utilizing the GPIO pins by adding temperature sensors to monitor the hot and cold aisles, or an airflow sensor to see if the AC supply is dumping air or not. Since its running linux, we can run more open source applications and add alerting.

 

Recent Posts

  • Ethical Hacking Final – Fall 2018 (Mission College)
  • Hackthissite.org – Basic 2 and 3
  • New YouTube Channel!
  • Ethical Hacking Midterm – Fall 2018 (Mission College)
  • Windows Subsystem for Linux – Ubuntu GUI with xfce

Categories

  • data center
  • ESXi
  • Home DIY
  • linux
  • Networking
  • Raspberry Pi
  • security
  • tips and tricks
  • Uncategorized
  • VMware
  • vSphere
  • Wireless

Archives

  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • October 2017
  • August 2017
  • July 2017
  • May 2017
  • March 2017
  • February 2017
  • November 2016
  • October 2016
  • October 2015
  • July 2015
  • May 2015
  • April 2015
  • January 2015
  • September 2014
  • August 2014

Tags

authentication bind bootable image cit016 cli console cooling dcui dns DOS esxi freenas hackthissite.org html kernel linux mssh networking ova ovf preview build raspberry pi RDP security serial sha1sum spotify ssh storage telnet temperature tips and tricks tradeshows two factor ubuntu vCenter virtualization vm vmware vmworld vmworld2014 vmx vulnerability Windows zfs
© superMaru 2017
TwitterLinkedIn