Gigabit Internet Gateway Network PC

Following our home network upgrade in August 2017 we have been trying to find a way to add global adblocking for the computers, tablets and phones connected to our network and to run additional software.

We had tried using Pi-hole® software on the Asus Tinker Board but it wasn’t very stable on the Tinker Board and the board was also struggling to run the Partkeepr inventory management software we use to keep track of our components.

We looked at several small form factor PC boards and decided on the Gigabyte EL-20 3700 ultra-small form factor PC which has a quad-core Intel N3710 processor, 8GB ram, dual Gigabit LAN and built-in 32Gb eMMC storage.  

Specs:

• Intel Pentium processor N3710
• 2 x SO-DIMM DDR3L slots
• 2 x GbE LAN ports (Realtek RTL8111HS)
• 32GB onboard eMMC memory
• 1 x Full-size Mini-PCIe slot for 3G module or mSATA storage
• 1 x SDXC card slot

The system is silent and fanless and has the option to add additional storage using an mSSD drive inside the case, so we added a 120Gb Kingston mSATA drive and installed it in the system.

We purchased the new PC from Mini ITX at http://www.mini-itx.com/ and it was delivered a few days later.

The new system is installed between our broadband router and network switch to separate the networks.

For the software, we initially installed Ubuntu Server 17.10 but we soon found that a lot of the other software we wanted to use wouldn’t run or install so we reinstalled using Ubuntu Server 16.04 on the SSD drive and setup the 32Gb eMMC as a temporary storage space for files and databases.

Stock Management

Once the OS was installed and updated we installed the latest version of Partkeepr inventory manager from https://partkeepr.org/ and then migrated the database and files from the old install to the new version.

Ad Blocking

Pi-hole® was installed using their install script

curl -ssl https://install.pi-hole.net | bash

The Pi-hole® software default setup logs all requests to the drive for stats and reports, but we decided to disable the logging after a few hours to save space on the mSATA drive.

Network Configuration

We installed and configured a DHCP server and set this to provide IP addresses for our computers and other devices and assigned some of our devices static IP addresses such as the Raspberry Pi data logger and the NAS drives.

Using iptables we added routes to route internal requests to the router and internet but block all incoming traffic. This will be very useful when working on customers' computers which are infected with malware as we can connect these directly to the router and it will be blocked from accessing the computers on our main network.

For general admin, we installed Webmin from www.webmin.com and this has been set up to only allow access from the internal network IP addresses.

Pi-hole® is a trademark of Pi-hole, LLC