This guide is only for Firewalla Red or Blue. Firewalla Gold users should run Pi-Hole in docker containers. Here is the beta guide for running Pi-Hole on Gold: https://help.firewalla.com/hc/en-us/articles/360051625034
Firewalla is a full Linux distribution, so it is possible to install many different services running alongside Firewalla. Here is a quick tutorial on bringing one of the open-source projects to Firewalla in less than 5 mins.
Disclaimers:
- This tutorial is only for Pros.
- This tutorial will only work with Firewalla version 1.965 or greater
- Please make sure you know how to reset firewalla, in case things blow up.
- Please only try this on the Firewalla Blue. The red may not have enough RAM.
- Pi-hole won't work with the following features of Firewalla on the same device. Firewalla's features always have a higher priority. These features include:
- Family Protect
- Adblock
- DNS over HTTPS
- You should not enable conditional forwarding in most cases or it might create DNS loop.
- Pi-Hole query database may eat up all left space on Firewalla disk if it is not managed well. Reference: https://docs.pi-hole.net/database/ftl/
/media/root-rw/overlay/etc/pihole/pihole-FTL.db
Warning: The conflict of DNS blocking between Pi-Hole and Firewalla
If you install Pi-Hole on Firewalla, Pi-hole will become the upstream DNS server of Firewalla. All DNS traffic will route through Firewalla first then to Pi-Hole, so that you will only be able to see localhost and Firewalla on the Pi-Hole portal.
Devices -> Firewalla -> Pi-Hole -> further upstream DNS servers
To get individual stats on devices, you will have to install Pi-Hole on a separate device and use it as DNS server in your router DHCP setting. But in this way, you will lose all the per-device DNS features (Family Protect, Ad-Block, Safe search, etc.) on Firewalla, because Firewalla will only see DNS traffic from Pi-Hole.
Devices -> Pi-Hole -> Firewalla -> further upstream DNS servers
How to run Pi-Hole on Firewalla in 5 mins
Step 1. Get Firewalla SSH password from Firewalla App (Settings-> Advanced -> Configurations -> SSH Console -> tap the password to reveal it).
Step 2. Login Firewalla by ssh, the user account is pi. Then install Pi-Hole with this command:
curl -sSL https://install.pi-hole.net | bash
Step 3. On Firewalla app, go Settings -> Advanced -> Network Settings. Change the DNS of primary network (if you are in simple mode) or overlay network (if you are in DHCP mode) to Firewalla's IP address in PRIMARY network.
Step 4. Reboot Firewalla ( Settings-> Advanced -> Reboot), and it's done.
*Notes:
- Firewalla may take longer to complete the reboot process when pi-hole is installed, so please be patient.
- If you enabled web interface when installing Pi-Hole, you can access by http://<firewalla_ip>. If you see Firewalla pairing page when accessing the site, it means the pairing service is running, just wait for 10 minutes and try again.
- Pi-hole will only show Firewalla as the device, not individual devices from your network.
Comments
33 comments
Hey Luis. Maybe my comment just above "comment APT-GET UPDATE " in the install script would help ?
For what it's worth.. I was not convinced by pihole in firewalla Blue and removed it.
I've been running pihole on my FW Blue for more than 1 year, works fine, bit hot but does the job. Ended up factory default my FW and loaded AdGuard Home on it, a lot lighter and better UI, also one liner install only.
source: https://github.com/AdguardTeam/AdGuardHome
I get the same error, any fix?
[✗] Update local cache of available packages
Error: Unable to update package cache. Please try "apt-get update"
Please sign in to leave a comment.