Following from our home network upgrade in August 2017 we have been trying to find a way to add global adblocking for the computers, tablets and phones connected to our network and to run additional software.
We had tried using Pi-hole® software on the Asus Tinker Board but it wasn’t very stable on the Tinker Board and the board was also struggling to run the Partkeepr inventory manager software we use to keep track of our components.
We looked at several small form factor PC boards and decided on the Gigabyte EL-20 3700 ultra-small form factor PC which has a quad core Intel N3710 processor, 8GB ram, dual Gigabit LAN and built in 32Gb eMMC storage.
- Intel Pentium processor N3710
- 2 x SO-DIMM DDR3L slots
- 2 x GbE LAN ports (Realtek RTL8111HS)
- 32GB onboard eMMC memory
- 1 x Full-size Mini-PCIe slot for 3G module or mSATA storage
- 1 x SDXC card slot
Front of the Computer
The system is silent and fan-less and has the option to add additional storage using a mSSD drive inside the case, so we added a 120Gb Kingston mSATA drive and installed it in the system.
We purchased the new PC from Mini ITX at http://www.mini-itx.com/ and it was delivered a few days later.
The new system is installed between our broadband router and network switch to separate the networks.
For the software we initially installed Ubuntu Server 17.10 but we soon found that a lot of the other software we wanted to use wouldn’t run or install so we reinstalled using Ubuntu Server 16.04 on the SSD drive and setup the 32Gb eMMC as a temporary storage space for files and databases.
Back of the computer
Once the OS was installed and updated we installed the latest version of Partkeepr inventory manager from https://partkeepr.org/ and then migrated the database and files from the old install to the new version.
PartKeepr home page
Pi-hole® was installed using their install script
curl -ssl https://install.pi-hole.net | bash
The Pi-hole® software default setup logs all requests to the drive for stats and reports, but we decided to disable the logging after a few hours to save space on the mSATA drive.
We installed and configured a DHCP server and set this to provide IP addresses for our computers and other devices and assigned some of our devices static IP addresses such as the Raspberry Pi data logger and the NAS drives.
Using iptables we added routes to route internal requests to the router and internet but block all incoming traffic. This will be very useful when working on customers computers which are infected with malware as we can connect these direct to the router and it will be blocked from accessing the computers on our main network.
For general admin we installed webmin from www.webmin.com and this has been setup to only allow access from the internal network IP addresses.
Pi-hole® is a trademark of Pi-hole, LLC