Smoothwall Firewall project

Wednesday, 13 November 2019

How to use pi-hole with a Docker container on your Mac Laptop to stop unwanted internet adverts.

If you are fed up with pointless internet advertising on sites you visit, here is a great additional service you can install on your local machine - or more importantly for your network to stop it dead. I shall not go through what this product is as here is a link - Pi-Hole.

Basically, you need to install the Docker application on you laptop or desktop so that running up the pi-hole docker container is straight forward. You can get docker for Mac here. For the network installation, a Linux server virtual machine or docker container on a machine continuously running would make sense.

Then you need to clone the pi-hole docker git repository to your local machine

https://github.com/pi-hole/docker-pi-hole.git

Change into that directory and run docker_run.sh 

Once the script has run - it will spit out an admin password that you will need to remember to log into the web-based admin screen.

You can look at that by pointing a browser tab at http://127.0.0.1

Once logged in you will see something like this.


 The last part of getting this working on your laptop is to point the DNS resolution of OSX to point to the localhost - as pi-hole is now listening on port 53. Again for network-based installation you would point this at the IP address of your server running the service. You can also then setup that IP address in your routers DHCP settings so any machine on your LAN will get the same protection as they will push all their traffic through the new DNS server.



You can then run a test from the command line to make sure all your DNS requests are going via your new DNS service like so:

dig www.ubuntu.com

;; Query time: 23 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 13 11:16:40 GMT 2019
;; MSG SIZE  rcvd: 139


You will notice the response comes from your machines localhost - so all is working. With the settings of pi-hole you can specify several upstream DNS resolvers which also keeps your DNS queries out of the clutches of Google. There are many options - but I tend to use OpenDNS and 1.1.1.1

Enjoy. 

 

Saturday, 9 March 2019

Staying safe on the Web - what can I do to make my browsing more secure and leach less data?


Friends and family often ask me about technologies they can use to make their lives just that little bit safer on the Web. So to save me having to answer the same questions repeatedly - I thought I would write a blog post to just highlight the tools,apps and extensions I use to make it better than just connecting to the web and hoping for the best.
  • Use a VPN whenever and wherever you are. There are so many good and inexpensive examples to use these days - there is really no excuse not too. I hear good things about this one ExpressVPN. I use my own - but this should be a good one. This will work with you PC, Ipad, mobile phone. So you will be covered whenever you decide to get some free internet in a cafe  you have never been to before :-)
  • Use Mozilla Firefox, Safari or Opera as your main browser. I know Google Chrome offers many features, but can you honestly trust Google to not be constantly looking to take your data and use it? I certainly don't trust Chrome anymore.
  • Install a good set of extensions to stop trackers and unwanted information leaching.
  • Don't use Google as your default search engine - switch to using DuckDuckGo - it is an option on all modern browsers - just change the default. You will be amazed at how all the targeted ads suddenly stop appearing everywhere - because you will have stopped Google building a complete profile of you on the web.
  • Never use Facebook or Twitter to log into another site - always select to create a new account with your email and a strong password.
  • Use a password manager to ensure strong passwords on all sites you use. Three good examples are Bitwarden, Lastpass or 1Password
  • Where sites allow it use 2FA - 2 Factor Authentication - on all sites. Not all sites do - but check and where you can implement it. There are many apps you can use , FreeOTP, YubiKey Authenticator, Protectimus Smart OTP, Lastpass Authenticator.
  • Turn on Firefox browsers "DNS over HTTPS" to keep your ISP and snoopers - it's to be found in Preferences/General/Network Settings
  • If you must use Facebook - I recommend you don't - then install an extension that puts it in a sandbox container - Firefox FB Container. This will reduce the amount of data you will leach from that app. 
  • Also for facebook - also look at this article and turn it off - How to delete Facebooks of page tracking of you web surfing.
  • Always look to use an anti-virus product - there are many to choose from - I use AVG
  •  Make regular backups - so if you machine does get hijacked your have always got access to you valuable files. This can be to a secure cloud storage area as well as local USB type storage.
  • Glasswire is a great tool for keeping an eye on your Windows and Android machines activity and is worth installing https://www.glasswire.com/
There are other add-ons to stop javascript - which can stop a lot of nasty attacks - however - it can make a huge difference to the way the web looks and feels and a lot of sites depend on it. So unless you know what you are doing , I would stay clear of that to start.

I have also just started using pi-hole, a network-wide tool to stop unwanted advertising in its tracks. I will be writing an article shortly on how to set this up on your local laptop or network server.

Updated: 15/7/2019 
Updated: 13/11/2019
Updated: 9/02/2020
Updated: 1/3/2020
Updated: 16/6/2020

Useful reading on the Topic :