Linux Lab 2 - Web Filter
In this lab we will build a PiHole server to filter our newly created Internet connection. The PiHole server will do a form of DNS filtering where it will be responsible for looking up IP addresses for hosts on the Internet. We will still be using Windows Server to resolve our internal names, but forward requests to the PiHole server for Internet lookups.
Creating the PiHole Virtual Machine
The PiHole software was designed to run on a raspberry pi and filter out ads on your home network. We're going to install it on an Ubuntu Server and use it for our DNS lookups. Before we can do that we need to create an Ubuntu Server. We're going to do that now. We'll want Server01 and Router running during this lab.
Create a new virtual machine called PiHole and set the type to Linux and the version to Ubuntu (64-bit).
Give the virtual machine 1024MB, or 512MB if you don't have enough RAM. Click Continue.
Set the virtual disk to 50 GB. Click Create.
Open the settings of the newly created virtual machine. If you need to adjust the Scale Factor do so on the Display tab. 3D acceleration is not needed.
On the Network tab set the network card to Internal Network and promiscuous mode to Allow All.
Insert the Ubuntu Server 20.04.3.iso disk into the disk drive.
Before starting the PiHole server make sure Server01 and Router are running. Once they're running start the PiHole Server.
This is our first time installing Ubuntu Server. We'll step through the process adding this server to our existing network. Server01 and Server02 are using the first two available addresses on our network so we'll give this server the third address, 192.168.10.3.
The first thing you'll be asked is what language do you want to use, we're going to choose English then press enter.
Since Server01 is on handing out IP addresses the installer should have received an IP address. Also, since the router is running, the installer should have access to the Internet, so it should let you know there's a newer version of the installer. Use the arrow keys to go up and choose to update to the new installer.
The installer will update, it won't take too long.
After it's done it will continue by asking you about your keyboard, hit enter to accept the defaults.
The server will be set to DHCP by default, but since this is a server we want to statically assign the IP address. Use the arrow keys to go up and select the ethernet port and hit enter. Go down to Edit IPv4 and hit enter.
It will show we're set to Automatic (DHCP), hit enter to bring up the menu, then go down to Manual and hit enter.
This will give you a place to enter the IP information manually. Enter the following information. When you're done arrow down to Save and hit enter.
Name Servers: 192.168.10.1
Search Domains: gotohull.com
The installer will show the address assigned to the ethernet adapter, use the arrow keys to make sure Done is selected and hit enter.
We don't need a proxy server so hit enter to skip this screen.
The installer is preparing to install the operating software from an online mirror of the data. The default mirror location is fine, hit enter to continue.
We're going to use the entire hard drive for the installation so use the arrow keys to go down to Done and hit enter.
You see a summary of what partitions the installer will create. Hit enter.
You'll be warned that the data on the drive will be destroyed. This is a new, empty virtual disk so we're good to go, arrow down to Continue and hit enter.
Next we'll create an account on the server. We're going to create an account named ghadmin, the gh stands for Goto Hull. Use the following information then use the arrow keys to go down to Done and hit enter.
Your Name: Goto Hull Administrator
Server Name: pihole
We're going to use Secure Shell (SSH) to manage the server from our Windows server so select the option to install OpenSSH Server by hitting the space bar. Then use the arrow keys to select Done and hit enter.
We don't want to install any additional snaps at this time. Use the arrow keys to go down to Done and hit enter.
After the install hit enter to reboot the server.
It will remove the install disk from the drive automatically. When it stops on this message hit enter to reboot.
After it reboots you'll be at the log in screen. We're not going to log in here, instead we're going to remote into the server from Windows.
Create DNS Record
Our new server has an IP address of 192.168.10.3 and a hostname of PiHole. Our clients are configured to look at Server01 for DNS, so we need to create a host (A) record for the newly created server. This way when our clients look up the IP of pihole.gotohull.com they will get the IP 192.168.10.3.
On Server01 open DNS from the Tools drop down in Server Manager.
In DNS we'll see three host (A) records for our three Windows servers. They're added automatically, the Linux server is not, so we need to add it ourselves.
Click the Action dropdown and choose New Host (A orAAAA)
Fill out the new host window with the following information.
IP Address: 192.168.10.3
Uncheck Create associated pointer (PTR) record.
We won't be making a PTR record because we don't have a reverse lookup zone created to store it. If we don't uncheck the box it will attempt to create the record and result in a failed message, but will still create the needed host (A) record. Click Add Host when done.
You should receive a message saying the host record was created, click Ok.
Now we have a pihole host (A) record.
Now that we have the DNS record created for the PiHole server we're going to use to establish a Secure SHell (SSH) connection to it and install PiHole.
At this point the Server01, PiHole and Router virtual machines are all running. On Server01 open PowerShell and type ssh ghadmin@pihole and hit enter. We've provided the username you want to use and the server you intend to connect to. This is our first time connecting to the server so you'll be asked if you're sure you want to connect. Type yes and hit enter. This will add the fingerprint to our known hosts file so in the future it will trust the server.
Before we update the server, we're going to update the server. In the screenshot below I type in the clear command and hit enter to erase everything on the screen. type in the following commands and hit enter. You be prompted for a password, type in P@ssw0rd and hit enter.
sudo apt update; sudo apt -y upgrade; sudo apt -y autoremove; sudo reboot
This will take some time to run, how long depending on the Internet connection. Let's break down the command, first off, this isn't one command, it's 4 commands chained together using the semicolon character.
sudo apt update - As the super user connect to the internet and update the list of sources. This list of sources will contain information about new versions of software that's available.
sudo apt -y upgrade - As the super user use the newly updated sources to figure out what software can be updated, then upgrade anything that needs it. Before the install starts it will show you what's going to be upgraded then ask if you're sure. The -y will answer yes to that question so the install proceeds without user intervention.
sudo apt -y autoremove - As the super user this will remove any software that's not needed anymore. As other programs are upgraded there dependancies may change. When this happens you may end up with unneeded software on your server that can be removed. This command will remove that software. Also if the kernel is upgraded this will remove the old kernel.
sudo reboot - This will restart the server as the super user.
After the server restarts you can SSH into it again. ssh ghadmin@pihole This time it won't ask you if you trust the server since it's been added to known hosts. It should show the 0 updates can be installed.
We have a working, updated server, it's time to install PiHole. We're going to grab the install script from the Internet and send it to the Bourne Again SHell (BASH) for processing. bash is the name of the command interpreter we're using. Type the following command to start the install then press enter.
curl -sSL https://install.pi-hole.net | bash
The curl command will connect to the URL and grab the data stored there. The pipe | character will send the output of the curl command to the bash shell for processing. The content in the url is a bash shell script that will install PiHole. The options used with the curl command each change the way the curl command works in the following way.
s - Perform the command silently, normally it would show a progress bar, but we don't want to see it.
S - This will show errors if there's a problem. Since we're running in silent mode we need the -S to let us know if an error occurs.
L - This will follow a redirection if the URL is set to point to another address. The URL we're using redirects to a github address, so we need this option.
You'll be asked to enter the password for the ghadmin account, type P@ssw0rd and hit enter.
The installer will start, hit enter at the welcome screen.
Hit enter at the donate screen.
On the screen where it tells you that you need a static address make sure Yes is highlighted using the arrow keys then hit enter. Our server does have a static IP address and a DNS entry.
This DNS server will need to reach out to an online DNS server to perform lookups, you can choose what DNS servers you want to use here. We'll choose Google for our purposes, with Google selected tab to Ok and hit enter.
The PiHole server uses lists to decide what to block, by default there's only one list available to you. You can add your own later. In this case we'll use the default list by hitting the spacebar and tab to Ok and hit enter.
We do want install the web admin interface, tab to Ok and hit enter.
We do want the installer to install the web server software for us, so tab down to Ok and hit enter.
We do want to log queries so we can check the log later in the lab, so tab down to Ok and hit enter.
Depending on the needs of your organization you can choose what information's captures in the log. We're going to show everything, tab to Ok and hit enter.
After the installation's complete you'll get a message telling you the address of the admin interface, and the admin password. There's no need to make note of this password, we're going to change it before we need it. Press enter.
The script is complete and PiHole is installed. In the output is shows you the web interface password and the command to change it, it also gives you the address to the admin console.
We're going to change the admin console password by typing in the command pihole -a -p and hit enter. You'll be asked to provide the password for ghadmin, type P@ssw0rd and hit enter. Type in P@ssw0rd for the new password and confirm password hitting enter after each, that will set the admin console password. You can type exit and hit enter twice to close PowerShell.
Open a web browser, in my case I'm using Microsoft Edge, and browse to the URL http://pihole.gotohull.com/admin. This is the admin console for the PiHole. We were able to use the name of the server since we setup the DNS record earlier.
Configuring the PiHole Server
We're going to use the PiHole server to block access to www.cis131.com. In order for it to work we'll need to tell the Windows Server to forward all request to the PiHole server.
The first thing we're going to do is log into the web interface. Click the login link on the left side and enter P@ssw0rd for the password, then click Log In.
We're going to add a domain to the blacklist by clicking on Blacklist on the left side, then type in www.cis131.com and hit Add to Blacklist.
We'll see the domain added to the blacklist.
Now let's configure Server01 to forward all DNS requests to the PiHole server, open DNS on Server01.
Right click on Server01 and choose Properties.
Select the Root Hints tab. By default the server will use root hints to lookup addresses if it's not configured to forward to another server. We're going to remove these. Select the top one and keep hitting Remove until they're all gone.
All the root hints have been removed.
No click the Forwarders tab and click the Edit button.
Add 192.168.10.3 as a forwarding address then click Ok.
This server is both a DNS server and a DNS client. www.cis131.com may be cached in both so we're going to clear the DNS cache. We already have the DNS server open so we'll do that first, make sure the server is selected then click the Action dropdown and click Clear Cache. You can close DNS after this.
To flush the DNS client open PowerShell and type ipconfig /flushdns and hit enter. You can close PowerShell after this.
Open a web browser and try to browse to www.cis131.com, when you do the page shouldn't load. This is because the DNS lookup was denied.
We can verify that by opening the PiHole admin console and clicking Query Log on the left side. If we scroll through the list we should see www.cis131.com blocked. Congratulations, you've setup a web filter.
Shutdown the PiHole server by connecting to it using SSH and type in sudo shutdown -h now. This will case the server to halt (not reboot) now. Enter the password and hit enter.
Shut down all servers and take a snapshot of each named Linux Lab 2 Complete.