Securing My DietPIhole

Hey folks.

Got Pi hole setup on Rpi this weekend and works great so far. next step for me is to set it up so that I can point my mobile devices towards it when Im out of the house. Could anyone point me on the right direction to get this going? I have a static ip address at home, (business class) and I do have a couple of other servers running that I access from WAN. Im wondering if I need to set up some sort of a proxy, or just forward a port.

also, is dietpi capable of working with iptables? I use SSH from wan quite often. I do have vpn, but sometimes its a little slow. I like to just black list everything except the IP addresses I access it from (basically work)


Simply forwarding UDP port 53 to the Pi should work fine. In case you want to see the blocking page (thus use a webserver on the Pi), TCP port 80 and/or 443 would be required too.

But as stated in the link above, using a VPN is a more secure solution. On DietPi you can as well test WireGuard, which should have large performance benefits over OpenVPN. And of course it can be configured to only tunnel DNS requests (and/or local network accesses) while leaving all other traffic outside the VPN.

iptables of course works on DietPi, same as on default Debian. When installing any VPN or Hotspot via DietPi-Software it is installed automatically to allow IP forwarding/NAT and such.