Hello all, I need to set up Pi-hole at a public place to offer free wifi. First I was planning to use ISP router as dhcp and then change the DNS server to the Pi-hole IP address, but found that ISP modem will only allow Public IP as custom DNS servers. ISP modem allows setting up dhcp lease time to minutes and I needed to setup lease time of 20 minutes. Since I cannot setup Pi hole as DNS server on ISP modem, I need to set up dhcp server on Pi-hole. However, lowest allowed is 1 hour. I dont expect that many people coming every hour or so, but someone could try to exhaust dhcp leases quickly. Is there a command line option to specify lower than 1 hour as lease time? If not, is there a script that can be installed to run every four hours to clear leases that have lease age of say 35 minutes? Also is there a built in rate limiting on how many dhcp leases can be given out by Pi-hole dhcp server? Something like not more than 6 per minute will be good. Thanks and stay healthy everyone.
Pi-hole is designed to be operated within the (reasonably) safe boundaries of your private network.
Exposing it in a public wifi hotspot would require you to apply adequate security measures (firewalling, SSL, subnetting, to name a few).
You'd probably be facing privacy issues as well, as Pi-hole may log sensitive data (this may be disabled by setting the corresponding Privacy Level) .
Depending on the jurisdiction in your country of residence, you could be obliged to gather and archive consent of your users prior to joining your WiFi (and this may well be true even regardless of Pi-hole's usage).
If you are not already familiar with security and privacy issues, it might be a good idea to hire professional advice before deploying Pi-hole in a public WiFi.
You should be prepared for dealing with usability issues as well, as some of your customer's might complain about not being able to access their favourite sites as they used to, or not at all.
Under the hood, Pi-hole's embedded dnsmasq is handling DHCP.
If you are familiar with dnsmasq (or are willing to familiarise yourself with it), you can configure it in any way that's supported by dnsmasq, unless it would conflict with Pi-hole's own settings.
Setting the lease time would be such a point of conflict.
You could manually edit the dhcp-range option and supply any values as allowed by dnsmasq's documentation, but you should be aware that this value will be overwritten upon saving your DHCP options via Pi-hole's Settings | DHCP.
This is a bad idea.
A client that has acquired an IP address via DHCP will continue to use it until the lease time expires eventually.
Clearing leases from a DHCP server will only deprive it from knowing which IP addresses are already in use. In consequence, a DHCP server may hand-out an IP address already in use to additional machines, potentially resulting in inpredictable behaviour or loss of connectivity for clients.
Thank you so much for such a detailed reply and guidance. The venue is really not a public but a close group of social workers. On top of that, the RPi's SSH and admin ports have been changed to non-standard high ports and passwords are long random as well. We have also disabled query logging. On top of that every user of the free service is required to accept terms and conditions of service, which includes and clearly state that their device mac address and other identifiable information , such as device name may get logged for purposes of legitimate interests to provide this free service and that bandwidth wasting ads and malicious and bad content sites will get filtered. Unless they accept these terms and conditions, they are not allowed free services and they should in that case use their cellular data.
Now coming to dnsmasq, I sure can manipulate the files, if I can specify lease time of 20 minutes. As per the link that you have provided, I will change it as it allows minimum 2 minutes as well. but I cannot specify a wider range than /24 as ISP modem (Bell Canada) does not allow and first two octets are set in firmware to be 192.168 and mask is also set to /24. As to the script knocking the online users off, these users are not supposed to be there for more than few minutes, They come there to pick up and deliver things and then have a cup of coffee or some things to eat at no cost to them and there is a sign posted of 15 minutes. So if a script does run that identify the same IP address in use for 35 minutes, then it can be safely killed. The IP addresses given out are not in the sequential order and somehow depends on mac address of the device, so I will not expect reuse of the same IP by a different device so quickly. I will try and see if this works and I will request that for such use case, an enhancement to lower the dhcp lease time be introduced(may be with a red letters warning on the GUI that this is not recommended at all for 99% of the users). Thanks so much and a small donation of USD50 is coming in next couple of hours for great work.
I can confirm that above solution works, you can go into /etc/dnsmasq.d and then edit the file 02-pihole-dhcp.conf, the config line something along the line "dhcp-range=192.168.2.11,192.168.2.250,20m" and then restart the pi or "service pihole-FTL restart".
The change implemented via CLI stays put even after touching other items in the setting section via GUI. Of course saving the settings from the DHCP GUI, will override this with whatever is specified in there. Thanks
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.