Setting up Pi-hole with Wi-Fi AP on Manjaro ARM
Published on
Note
Potentially Outdated Content
I recently found that search engines like DuckDuckGo sends traffic to this post, presumably from keywords like “manjaro pihole wifi” (I verified that the top result for this keyword is this post at the moment). This post was originally made in 2019, and hasn’t been maintained since then. The described procedure may require some adaptations to work properly. Take it with a grain of salt.
Since the beginning of this summer vacation, my old trusty Raspberry Pi 3 has been lying around doing nothing. Before that, it has been serving as a personal Wi-Fi hotspot in my dorm. Now that I have more free time, I’d like to change the system to my beloved distro Manjaro Linux and add ad-blocking functionality to the hotspot.
Installing Manjaro ARM
Installation of Manjaro on the Pi is pretty simple. Head to their download page, click on the ARMv8 tab and download either LXQT or minimal image for the Raspberry Pi 3. If you’re not afraid of terminal-only usage, I recommend the minimal one for simplicity. Use dd bs=4M if=Manjaro-ARM-minimal-rpi3-19.06.img of=/dev/sdX conv=fsync to write the image onto your micro SD card, then boot the device up. A text based setup tool will guide you to configure username, hostname and password.
Setting up Pi-hole
Since Manjaro, along with other Arch-based distros, is not officially supported by Pi-hole, the Archwiki comes to the rescue. Just install it from the AUR:
# Here I'm using yay as the AUR helper.
yay -S pi-hole-ftl pi-hole-server php-sqlite lighttpd php-cgiThe building process requires about 10+ minutes on the underpowered Raspberry Pi 3. Take a break during this time.
After the installation is done, stop the service systemd-resolved first then enable and start pihole-FTL using systemctl. Using a device under the same network to test the DNS server. It should be already blocking ads now.
The web interface
There’s a dedicated web interface for pi hole. It’s optional, but it’s a good tool to visualize the queries and log data. First we need to adjust settings of PHP. Find and uncomment these lines from /etc/php/php.ini:
extension=pdo_sqlite
extension=sockets
extension=sqlite3Copy the default lighttpd config file provided by Pi-hole to the right place:
sudo cp /usr/share/pihole/configs/lighttpd.example.conf /etc/lighttpd/lighttpd.confRestart the lighttpd service, and the web dashboard should be up and working now.
Setting up the AP
My ultimate goal is to use the Pi simultaneously as both ad-blocker and Wi-Fi access point, so we have to dig into this a little bit. Before i was using createap to save time configuring all the things to make AP work (since highschool), but the AUR helper told me that there’s a package conflict between create_ap and pi-hole-ftl. It turns out that since the 4th version of Pi-hole-FTL, they integrated a fork of dnsmasq1 in their project. Therefore, the solution is to install hostapd manually and make use of Pi-hole’s built-in DHCP server (which can be enabled from the web interface) to assign IPs.
Install hostapd from the repos:
sudo pacman -S hostapdPrevent wlan0 from being managed by the DHCP client:
echo denyinterfaces wlan0 | sudo tee -a /etc/dhcpd.confNext, we should assign a static IP to the wlan0 interface. To do this on distros with systemd, do the following:
# /etc/systemd/network/wlan0.network
[Match]
Name=wlan0
[Address]
Address=192.168.50.1/24
# This address has to match the one in pihole's DHCP settings page
[Network]
IPForward=ipv4Also enable IPv4 forwarding on the ethernet interface:
# /etc/systemd/network/eth0.network
[Match]
Name=eth0
[Network]
IPForward=ipv4
IPMasquerade=yesConfigure IPTables. This part is taken from this guide.
# Change IPTables rules
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
# Make them persistent after reboots
sudo bash -c "iptables-save > /etc/iptables.ipv4.nat"
echo "iptables-restore < /etc/iptables.ipv4.nat" | sudo tee /lib/dhcpcd/dhcpcd-hooks/70-ipv4-natMake a configuration file for hostapd:
# /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
auth_algs=1
ignore_broadcase_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
# Change these to your desired values.
# The password must contain more than 8 chars.
ssid=MyPiAP
wpa_passphrase=12345678Enable the hostapd service and reboot. We now have a ad-blocking Wi-Fi AP. It’s been roughly tested for 12 hours now and it’s running flawlessly.
Further details on what they’ve changed in their fork.↩︎