Hello,
Do you know if there is any complete solution for newbies plz?
Cheers
That's not possible. You have very few options. Without understanding which device, or your requirements or your reasons - this is "unpossible" .... therefore can you be more specific?
Thank you very much.
Devices:
1 Proprietary router with very simple admin interface.
1 Samsung SmartTV with YouTube installed as app
1 AppleTv with Youtube installed as app
2 Android smartphones
1 Nintendo Switch
and 3 Pi, (2b, 3b+, 4b) + 1 touch screen 
Regards,
Look in your query log and see what domains the device requests when you start the YouTube app. Then blacklist them all.
Okay I'll start with - Youtube is difficult to block. However there are a few things you can do but it will break ranging from mild to severe. However in order to set expectations - anything proprietary will not support any configuration I might suggest. Some of these do not require Pihole BTW.
FIRST: If you are using pihole, set it up as a dedicated system and give it a fixed IP address.
SECOND: If you can't replace your proprietary router with a standard (Netgear & ASUS are really good IMO), my suggestions will not work (or just partially).
CAVEAT: Pihole won't block Youtube 100%. I doubt that any other service can except for CISCO. OpenDNS will work in conjunction with Pihole but not 100% success rate.
-
For the Smart TV, if you can set a reserved DHCP IP address for it's MAC address, you can block tcp/udp 80 & 443 for that device. It will stop everything and break every app on it. You now have a unSmart TV but Youtube won't work anymore. Mission accomplished.
-
If you can set the DNS on your router to point to the dedicated Pihole server, you will then filter most Ads out of every device, but in some cases, some pages will not work properly (or tell you that you are blocking their life source revenue). You can also use OpenDNS with Pihole by configuring OpenDNS DNS servers in Pihole resolv config file. Google is your friend. This setup will mostly work, but some webpages and maybe game consoles might have minor issues. If you are filling out a form on a webpage and it doesn't "accept" or "submit" - chances is that Pihole is intercepting it. My ASUS router allows me to assign a dedicated primary DNS to a pre-reserved DHCP client. This means I can determine if Pihole is blocking that single device as Pihole is not in my router's primary DNS but OpenDNS is.
-
Some Smart TVs have a "restricted profile" feature (Sony does), and you can add approved apps to it and simply activate the profile. There may be some hissy fits and wailing.
-
Uninstall Youtube. Problem goes away.
-
Enforce parental controls. You can block their devices but give them a "window" of operation via the router. Most routers have parental controls except maybe proprietary ones.
Wow!!!! Could not expect a better explanation. Big Thanks! Really appreciated! Definitely I have to better choose my devices in the future as the old samsung tv that doesn't have a smart parental control on apps but for tv channels only. Now that my kids learned how to install apps it's very difficult to handle all these constraints as everybody use the same devices and and need a specific profile for kids, parents and grandparents
I will give a try and will share my experience. I think that I will turn-off the wifi of the router and connect all devices to the rpi's wifi.
Again thank you very much for your time!
Chers.
1 Like
It doesn't work this way. The Pi is not a wifi router.
Devices continue to connect to the router by WiFi but they use Pi-hole for DNS.
You're right but I'll put the pi behind the router (rj45) and use the pi as sigle WIFI accès. I will not remove the providers router but just turn off its wifi.
Don't use Wifi on the Pi if it already has a RJ45 port - use the RJ45 instead. You want your local DNS traffic to use the gigabit bandwidth as well it's a guaranteed connection.
You are going to install additional access point software on the Pi to support this? And constrain traffic to the bandwidth limits of the Pi?
I assume your home router has Wifi. This can now provide DHCP (make sure to deactivate the provider's DHCP) as well as pointing the home router to the PiHole as DNS.
I will offer just a few pointers on your network design. Most peple do not realise that the network is your most critical component when it comes to internet access. Security, ease of setup, range, compatibility and number of supported devices are considerations. You don't just accept the service provider's hardware and plug it into your home. If you do that, it's like leaving the front door unlocked. If they have access to the same device as the rest of your house - you need to put a proverbial lock on that. 'Nuff said. Now, you can Google "whats a good router" and read, I have owned nearly all brands except these: Cisco residential (which I will never buy), TP-LINK, Huawei and Linksys (this was a good product until CISCO bought them). I will only speak about my personal experience with Dlink, Netgear & Asus.
Router Placement
Set it high and not on the ground floor.
Subnetting:
First of all your subnet design should be well thought out as these vendors use different subnets - Dlink 192.168.0.1, Netgear 192.168.1.1 & Asus 192.168.50.1 - instead you decide what you want to do. Again, Google is your friend.
DHCP & reservations:
Don't assume DHCP is a cure. It's not. Most devices have a MAC address on them. You can pre-assign an IP mapped to a MAC address. So you don't have to install an app to search for it's device. If you are installing, say a wifi camera, you can assign a range e.g. 192.168.1.100 - 130 as your planned range (on paper). Document each device as you add them to your network. When you take stock of all devices in your home - there will be many: dryer, washer. fridge, game console, smart dimmers, smart TV, smart bulbs, phones, handheld consoles, cameras, PCs, tablets, storage devices and more. Those are a lot of IP addresses to manage. Or you could just close your eyes and pray.
Parental Control:
Establishing ground rules on the use of internet is very important. Let your kids know that you are reviewing the routers logs and you know (or pretend) what they are doing. Use OpenDNS. Set up schedules for internet access, don't leave it as any time, if you do, as kids get older, you create a precedence that you cannot rescind. Eventually kids become smarter by using VPNs, and how to change the DNS pointer.
VOIP
Create QOS for VOIP as it will compete with all the devices on your network.
Port Forwarding:
Your game consoles actually benefit and this reduces game latencies. That's a different discussion but Google is your friend.
WIFI & Passwords
Don't use your birthdate, dog's name or "password" as your password. Create your admin password to be hard to guess because if your router has a vulnerability, some guy in China, India or Russia now pwnd you. Norton has a good internet tool to create passwords. I also read (somewhere) that you can create an unguessable password using three words separated by spaces, like "thr33 br0wn b1rds". Your wifi password should also be hard to guess for obvious reasons. If your router has guest network capabilities, set an expiry of no more than 2 days.
Firmware updates
You shouldn't automatically update. Only if there is a security patch, then yes, please update. I have had the bad luck of updating and then discover a feature that I depended on, has stopped working. This is not going to happen all the time.
Antenna strength & direction
Electromagnetic radiation is what emanates from the router. Not the bad kind. However, we have yet to see what the effect of wifi on humans over the next 100 years. Anyways, a vertical antennal propagates its signal perpedicular to it's axis. So if your router is on the second floor, and you have three MIMO antennas, then one antenna will be vertical to service the current floor. One other antenna will probably be oriented around 30-45 degrees towards one half ground house area that you wish to service and the third pointing opposite to service the other half on the ground. ( \ | / )
Thanks for all these important advice.
I was thinking implement something like this:
Dont know if this make sense.
In theory, this will work only if you make the Pi an access point, however a few things will be problematic:
- Pi has limited horsepower (i.e. cpu & wifi transmit) to service multiple clients. You may have favourable results with two to four clients, but as the numbers grow, you may start having disconnections.
- The wifi broadcast of Pi will be much lower than the orginal wifi router. This will translate to a lower signal. As well, you need a high gain antenna to have a usable range.
- Additional software will be required and configuration of setting up a routable Pi access point. You can find this here: Setting up a Raspberry Pi as a routed wireless access point - Raspberry Pi Documentation
- Pi does not have a heatsink on it's cpu (at least the one I have does not). When the cpu becomes heavily utilised, this will translate as heat. If you don't cool it then thermal shutdown will occur.
It might be worth the hassle to find a good cheap router rather than put yourself thru this battle.
Alternatively, you can keep the proprietary wifi router as your main wifi, disable DHCP on it, point it's DNS to your Pi (which is configured as router), i.e. ensure you have followed the link I gave above (Note: Pi is now a DNS, DHCP & router but you can skip the access point configuration). In effect you now have an open source homebuilt router, but still using the service provider's wifi. Note that they can look at your wireless clients, this is why I prefer a separate user owned router in between.
1 Like
Option 1: Configure your router to use your pihole as DNS. Not always possible, particularly with ISP provided router.
Option 2: Configure your pihole to serve DHCP.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.