Fresh Install part 2

Part # 1 is here
Create a Ubuntu VM for PiHole

I run two DNS and DHCP servers each running Pihole [1] One is on a old crappy laptop that had a broken screen that I removed and it has serious overheating problem and the other is a VM I am going to rebuild the VM again.

I am going to SSH into the VM and create a new user called "pi11" and delete the user called "test" and then give it a static IP of 192.168.200.10

Set a Static IP

sudo nano /etc/network/interfaces

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

# auto ens33

# iface ens33 inet dhcp

auto ens33

iface ens33 inet static

        address 192.168.200.11

        netmask 255.255.255.0

        gateway 192.168.200.1

dns-nameservers 192.168.200.10

I'm in no rush so I just reboot

sudo reboot

Is it working

pi11@pi11:~$ ping google.com

PING google.com (172.217.12.174) 56(84) bytes of data.

64 bytes from lga25s62-in-f14.1e100.net (172.217.12.174): icmp_seq=1 ttl=52 time=123 ms

64 bytes from lga25s62-in-f14.1e100.net (172.217.12.174): icmp_seq=2 ttl=52 time=122 ms

64 bytes from lga25s62-in-f14.1e100.net (172.217.12.174): icmp_seq=3 ttl=52 time=124 ms

64 bytes from lga25s62-in-f14.1e100.net (172.217.12.174): icmp_seq=4 ttl=52 time=122 ms

^C

--- google.com ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3009ms

rtt min/avg/max/mdev = 122.148/123.235/124.974/1.078 ms

pi11@pi11:~$ nslookup example.com

Server:         192.168.200.10

Address:        192.168.200.10#53

Non-authoritative answer:

Name:   example.com

Address: 93.184.216.34

Create new user

adduser pi11    # Change username to new user name

Follow the prompts, add password and if you wan, Some fields can left blank

Use the usermod command to add the user to the sudo group.

usermod -aG sudo pi11

Let's see if it worked by logging on to the new account

su - pi11

I Would test if sudo is working properly before proceeding

Delete old user

I am doing this while I'm still in the pi11 user

This command deletes the user and the home folder for it.

sudo deluser --remove-home test

If you do not want to delete the users folder use this command

(deluser test)

Edit the samba config file for the new user

It's still on the old user who does not exist anymore.

sudo nano /etc/samba/smb.conf

[Home_pi11]    #  I add this so I don't get confused with my other Pihole, It's just a display name call it whatever.

   path = /home/pi11

   force group = users

   create mask = 0660

   directory mask = 0771

   browsable =yes

   writable = yes

   guest ok = yes

Change the permissions in terminal

sudo chown -R root:users /home/pi11

sudo chmod -R ug+rwx,o+rx-w /home/pi11

Restart the samba service and test it after on another machine

sudo systemctl restart smbd.service

sudo systemctl restart nmbd.service

I reboot the computer to see if it still works

sudo reboot

Change computer host name

sudo nano /etc/hostname

Delete current hostname and add pi11

pi11

Add the hostname to the hosts file

sudo nano /etc/hosts

127.0.0.1       localhost

127.0.1.1       pi11

# The following lines are desirable for IPv6 capable hosts

::1     localhost ip6-localhost ip6-loopback

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

Reboot the VM

sudo reboot

Finally ready to install Pihole

At the time of this writing (Jan 2018) The easiest way to install Pihole is:

curl -sSL https://install.pi-hole.net | bash

I made a video of the install.

The commands I used during the video

To get the big list

wget -qO - https://v.firebog.net/hosts/lists.php?type=tick | sudo tee -a /etc/pihole/adlists.list

To update the new list

pihole -g

The URL I used to open Pihole in my browser

http://192.168.200.11

Sources

[1]

https://github.com/pi-hole/pi-hole

https://www.reddit.com/r/pihole/

https://discourse.pi-hole.net/

[2]

From <http://ubuntuhandbook.org/index.php/2016/06/change-hostname-ubuntu-16-04-without-restart/>

From <https://www.digitalocean.com/community/tutorials/how-to-add-and-delete-users-on-an-ubuntu-14-04-vps>

From <https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart>

Unstable WiFi Lede Openwrt -- deauthenticated due to local deauth request, disassociated due to inactivity, (Reason: 3=DEAUTH_LEAVING)

For the last couple of weeks or month I have been having problems controlling the computer I use as my media center, I use Kodi as the software for this I could use my wireless keyboard to control it but I much prefer using my Android phone using Kore that connects to Kodi using WiFi.

The problem was almost every time I wanted to use Kore I would have to go into Androids WiF settings and reconnect to the router, This got old quite fast and I decided to investigate the reason and hopefully a cure.

My router TP-Link TL-WDR4300 v1 and is running LEDE Reboot 17.01.4 and one of the way's to detect or trouble shoot problems is to SSH into the router and type or paste logread into the terminal.

A few of the lines in the output suggested that there was indeed some type of problem:

uci set wireless.@wifi-iface[0].disassoc_low_ack=0
uci set wireless.@wifi-iface[1].disassoc_low_ack=0

uci set wireless.@wifi-iface[0].max_inactivity=900

uci set wireless.@wifi-iface[1].max_inactivity=900

uci set wireless.@wifi-iface[0].skip_inactivity_poll=1

uci set wireless.@wifi-iface[1].skip_inactivity_poll=1

uci set wireless.@wifi-iface[0].wpa_group_rekey=0
uci set wireless.@wifi-iface[1].wpa_group_rekey=0

uci commit wireless

wifi

My VMware template Ubuntu 16.04.3 LTS

This is a fresh install using VMware Workstation

I wrote this for myself so I would not lose it, I kept it short and to the point

Source of ìso file:

http://releases.ubuntu.com/16.04/

Full version information at end of this document

Enable SSH and configure it

During the install process I installed SSH so I just had to configure it.

Edit the file

sudo nano /etc/sshd_config

Find this line and either edit or add this (I have seen PermitRootLogin  look similar but different)

#PermitRootLogin without-password

#StrictModes yes

PermitRootLogin yes                            #Change this line to add "yes" Comment out others

sudo reboot

Connect with SSH (because copy paste rules) and Update everything

sudo apt update && sudo apt -y upgrade && sudo apt -y dist-upgrade && sudo apt -y autoremove

sudo reboot

Install Open VMware tools

Make sure VMware tools is installed, It was installed by default but I just had to check

sudo apt -y install open-vm-tools

Get Samba working

I don't feel like playing around so I'm just going to install crap whether I need it or not.

sudo apt -y install libsmbclient libwbclient0 python-dnspython python-samba python3-smbc samba samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules smbclient

Make a backup of the config file for when you screw up and have to start over

sudo cp /etc/samba/smb.conf /etc/samba/smb.bak

I'm going to share the /home/ folder, I do not create one because it's already there by default

(mkdir -p /home)

sudo chown -R root:users /home

sudo chmod -R ug+rwx,o+rx-w /home

Edit the file

sudo nano /etc/samba/smb.conf

Change these lines

# Change this to the workgroup/NT-domain name your Samba server will part of

   workgroup = WORKGROUP    # unless your workgroup is the same

# Windows Internet Name Serving Support Section:

# WINS Support - Tells the NMBD component of Samba to enable its WINS Server

#   wins support = no    # change to yes , and get rid of the pound sing "#"

# This will prevent nmbd to search for NetBIOS names through DNS.

   dns proxy = no    # I changed this to yes

# The specific set of interfaces / networks to bind to

# This can be either the interface name or an IP address/netmask;

# interface names are normally preferred

;   interfaces = 127.0.0.0/8 ens33

  interfaces = 192.168.200.0/24 ens33    # Add your network adapter and subnet

Add this at the end

[Home]

   path = /home

   force group = users

   create mask = 0660

   directory mask = 0771

   browsable =yes

   writable = yes

   guest ok = yes

Restart the smb service

sudo systemctl restart smbd.service

sudo systemctl restart nmbd.service

 I reboot the VM and check if it is sharing on another machine. If everything works (surprisingly it did) I will clone it to have a base to create other VM's 

 

Version information

test@ubuntu:~$ uname -a

Linux ubuntu 4.4.0-109-generic #132-Ubuntu SMP Tue Jan 9 19:52:07 UTC 2018 i686 i686 i686 GNU/Linux

test@ubuntu:~$ lsb_release -a

No LSB modules are available.

Distributor ID: Ubuntu

Description:    Ubuntu 16.04.3 LTS

Release:        16.04

Codename:       xenial

test@ubuntu:~$ cat /etc/*release

DISTRIB_ID=Ubuntu

DISTRIB_RELEASE=16.04

DISTRIB_CODENAME=xenial

DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"

NAME="Ubuntu"

VERSION="16.04.3 LTS (Xenial Xerus)"

ID=ubuntu

ID_LIKE=debian

PRETTY_NAME="Ubuntu 16.04.3 LTS"

VERSION_ID="16.04"

HOME_URL="http://www.ubuntu.com/"

SUPPORT_URL="http://help.ubuntu.com/"

BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"

VERSION_CODENAME=xenial

UBUNTU_CODENAME=xenial

test@ubuntu:~$ cat /proc/version

Linux version 4.4.0-109-generic (buildd@lgw01-amd64-035) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.5) ) #132-Ubuntu SMP Tue Jan 9 19:52:07 UTC 2018

test@ubuntu:~$ file /lib/systemd/systemd

/lib/systemd/systemd: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e192bb554b80dbcdd7ca58802f4b2c41432b5ac9, stripped

Testing out my shiny new DNS iptables on Lede OpenWRT

On my router TP-Link TL-WDR4300 v1 I use LEDE Reboot 17.01.4 for the firmware, I also run two Ubuntu 16.04.3 LTS servers both as my DNS and DHCP using Pi-Hole.

While reading the Pi-Hole forums at Reddit this one question peaked my interest
 https://www.reddit.com/r/pihole/comments/7o0ev3/how_to_force_dns_as_pihole_ddwrt/.

The Question " How to "force" DNS as Pihole. (dd-wrt) " was something I wanted to do on my network and since DD-Wrt is similar to Lede I figured it should work for me.

The easiest way I know to make iptables persistent in Lede is to use the luci interface by going to
Network > Firewall > Custom Rules

I pasted this into luci

#keep network on pi-hole
iptables -t nat -I PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 192.168.200.10-192.168.200.11:53
iptables -t nat -I PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.200.10-192.168.200.11:53
#punch DNS hole for pi-hole
iptables -t nat -I PREROUTING -i br-lan -p tcp -s 192.168.200.10 --dport 53 -j ACCEPT
iptables -t nat -I PREROUTING -i br-lan -p udp -s 192.168.200.10 --dport 53 -j ACCEPT
iptables -t nat -I PREROUTING -i br-lan -p tcp -s 192.168.200.11 --dport 53 -j ACCEPT
iptables -t nat -I PREROUTING -i br-lan -p udp -s 192.168.200.11 --dport 53 -j ACCEPT

Then pressed "Restart Firewall", I also rebooted the router but I don't think that was necessary.

Checking if it works

 The easiest way I know of to keep an eye on both Pi-Holes at the same time when using Windows is to use a program called DNSQuerySniffer made by Nir Sofer it's free and it works, It's recommended to install the WinPcap capture driver to make it work properly but if you have WireShark installed you more than likely have WinPcap installed already.

Here is a small capture, Looks like it's working.
Note: This cap was taken with the iptables rule below 

Here is around the same time frame as DNSQuerySniffer in the Pi-Hole interface's

192.168.200.10

192.168.200.11

The only problem with these iptables is that if the DNS server 192.168.200.10 goes down the command "nslookup" will not work, It just times out but other than that it works and I have connectivity to the internet.