So, before I made my FWG purchase I did a lot of Googling around trying to ensure I'd be able to continue using AGH. I switched from PiHole to AGH simply because it's far, far better at blocking specific services, such as YouTube. I'm sure somebody will come back and say PiHole is better if I just do X, Y, and Z, but that's not what this post is about.
There seems to be some conflicting guidance on just how to set up a third-party DNS adblocker with Firewalla. Some guides say disable the DNS Booster, some say you have to put the adblock device in a separate network segment, etc. Well, I'm not sure if it's because the Firewalla software was updated in the meantime, some specific ability of the FWG, or what, but I apparently didn't have to do that. I'm posting this not as a guide, but just as a record of what worked for me.
1) Running FWG in router mode. I have two old routers set in AP mode providing wifi at either end of the house. I have one "main" LAN set up. IPv6 is enabled through prefix delegation.
2) Booted up a Raspberry Pi, let it get an address from DHCP and then reserved it. Installed AdGuard Home and pointed that at my NextDNS.io DoH address.
3) Set the DNS address on my main LAN segment to point to the reserved AGH IP. Didn't disable DNS Booster.
4) Immediately entries began appearing in the AGH log, however they were coming from the FWG directly. Rebooting the AP's and the FWG one at a time made them click over to showing their actual IP's.
5) After ten minutes or so, AGH began resolving these IP's to the name assigned by the FWG, via ARP cache.
Everything seems to be fine. Monitoring in FWG seems to work, network flows show everything they used to. Entries show up properly in AGH, and ditto for NextDNS.io. I might be missing some protection from the FWG, but with DNS Booster still on I thought that would be mitigated some.
Anybody think I messed up? Please let me know if this worked for you as well.
Please sign in to leave a comment.