Home Deployment Guide

Deploy Pimeleon router in home network

Home Deployment Guide

Deploy Pimeleon router in your home network to provide advanced DNS filtering, ad-blocking, and network management for your family. This scenario guide covers typical home network setups with 10-50 devices.

Home Network Overview

Typical home requirements:

  • 10-50 connected devices
  • Internet speeds: 100-500 Mbps
  • Mix of wired and wireless devices
  • Family-friendly content filtering
  • Ad-blocking and privacy protection
  • Reliable 24/7 operation

What Pimeleon provides:

  • DNS-level ad blocking
  • Malware and tracking protection
  • Custom DNS filtering lists
  • DHCP server with reservations
  • WiFi access point (built-in)
  • Network monitoring and statistics

Budget Home Setup ($75-95)

For: 10-15 devices, up to 200 Mbps internet

  • Raspberry Pi 3B+ ($35)
  • SanDisk Ultra 32GB SD card ($10)
  • Official 2.5A power supply ($8)
  • Aluminum heatsink kit ($5)
  • Basic case ($8)
  • Ethernet cables ($5)

Performance: 200-300 Mbps routing, adequate for most home internet

Standard Home Setup ($110-140)

For: 20-50 devices, 500+ Mbps internet

  • Raspberry Pi 4 (2GB) ($45)
  • Samsung EVO+ 32GB SD card ($12)
  • Official 3A USB-C power supply ($8)
  • Case with integrated fan ($12)
  • Ethernet cables ($5)
  • Optional: USB Ethernet adapter ($18)

Performance: 900+ Mbps routing, excellent for fiber/cable internet

Deployment Options

Network topology:

Internet
    │
Your existing router (192.168.1.1)
    │
    └── Pimeleon router (192.168.1.10)
        └── Filtered devices (192.168.76.x)

Advantages:

  • Keep existing router
  • Easy to test and revert
  • No modem configuration changes
  • Family can choose filtered vs unfiltered network

Disadvantages:

  • Double NAT (minor issues with some games)
  • Two separate networks to manage

Setup time: 30-45 minutes

Option 2: Primary Gateway (Advanced Users)

Network topology:

Internet
    │
Modem (bridge mode)
    │
Pimeleon router (WAN + LAN + WiFi)
    │
    ├── Wired devices (192.168.76.x)
    └── WiFi devices (192.168.77.x)

Advantages:

  • Full control over network
  • Single gateway/NAT layer
  • Best performance
  • All devices filtered automatically

Disadvantages:

  • Requires modem configuration
  • Pimeleon becomes single point of failure
  • More complex initial setup

Setup time: 60-90 minutes

Step-by-Step Deployment

Phase 1: Hardware Assembly (15 minutes)

  1. Install cooling:
    • Pi 3B+: Passive heatsinks sufficient
    • Pi 4: Install case with fan
  2. Insert SD card:
    • Pre-flashed with Pimeleon image
    • Verify it clicks into place
  3. Connect display and keyboard:
    • For initial setup only
    • Can disconnect after configuration
  4. Connect to network:
    • Ethernet cable from existing router
    • Or directly from modem (primary gateway mode)
  5. Power on:
    • Red LED solid, green LED blinking
    • Wait 2-3 minutes for first boot

Phase 2: Initial Configuration (20 minutes)

  1. Login (console or SSH):
    # Default credentials
Username: pi
Password: raspberry
  2. Change password immediately:
    passwd
  3. Update system:
    sudo apt update && sudo apt upgrade -y
  4. Configure timezone:
    sudo timedatectl set-timezone America/New_York
# Or use: sudo raspi-config
  5. Set hostname:
    sudo hostnamectl set-hostname pimeleon-home

Phase 3: Network Configuration (30 minutes)

For Secondary Gateway Mode:

  1. Configure WAN interface (eth0):
    sudo nano /etc/dhcpcd.conf

# Add:
interface eth0
static ip_address=192.168.1.10/24
static routers=192.168.1.1
static domain_name_servers=1.1.1.1
  2. Configure LAN interface (wlan0 or eth1):
    # In same file:
interface wlan0
static ip_address=192.168.76.1/24
nohook wpa_supplicant
  3. Enable IP forwarding:
    sudo nano /etc/sysctl.conf

# Uncomment:
net.ipv4.ip_forward=1

sudo sysctl -p
  4. Configure NAT:
    sudo nft add rule ip nat postrouting oifname "eth0" masquerade
sudo nft add rule ip filter forward iifname "wlan0" oifname "eth0" accept
sudo nft add rule ip filter forward iifname "eth0" oifname "wlan0" ct state related,established accept
  5. Configure DHCP:
    sudo nano /etc/dhcp/dhcpd.conf

subnet 192.168.76.0 netmask 255.255.255.0 {
  range 192.168.76.100 192.168.76.200;
  option routers 192.168.76.1;
  option domain-name-servers 192.168.76.1;
}

sudo systemctl restart isc-dhcp-server

For Primary Gateway Mode:

Follow the Network Integration - Primary Gateway guide.

Phase 4: WiFi Configuration (15 minutes)

  1. Configure hostapd:
    sudo nano /etc/hostapd/hostapd.conf

interface=wlan0
driver=nl80211
ssid=YourHomeWiFi
hw_mode=g
channel=6
wpa=2
wpa_passphrase=YourSecurePassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
  2. Enable and start WiFi:
    sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd
  3. Verify WiFi is broadcasting:
    • Check from phone or laptop
    • Should see your SSID
    • Connect and test internet

Phase 5: DNS Filtering Configuration (15 minutes)

  1. Access admin interface interface:
    http://192.168.76.1/admin
or
http://pimeleon-home.local/admin
  2. Set admin password:
    pihole -a -p
  3. Configure DNS upstream servers:
    • Settings > DNS
    • Select: Cloudflare (1.1.1.1) and/or Google (8.8.8.8)
    • Or use DNS over HTTPS
  4. Enable blocklists:
    • The system comes with default blocklists
    • Add more from firebog.net
    • Update gravity: pihole -g
  5. Add local DNS records (optional):
    • Local DNS > DNS Records
    • Add: printer.local -> 192.168.76.20
    • Add: nas.local -> 192.168.76.30

Family-Friendly Configuration

Content Filtering

Enable family-safe DNS:

# Edit DNS settings
sudo nano /etc/pihole/setupVars.conf

# Change to:
PIHOLE_DNS_1=1.1.1.3  # Cloudflare Family (blocks malware + adult content)
PIHOLE_DNS_2=8.8.8.8  # Google Public DNS

pihole restartdns

Add additional blocklists:

  • Access admin interface > Group Management > Adlists
  • Add family-safe lists:
    • https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    • https://blocklistproject.github.io/Lists/porn.txt
    • https://blocklistproject.github.io/Lists/gambling.txt

Device Management

DHCP Reservations:

sudo nano /etc/dhcp/dhcpd.conf

# Add reservations:
host kidslaptop {
  hardware ethernet AA:BB:CC:DD:EE:FF;
  fixed-address 192.168.76.101;
}

host smarttv {
  hardware ethernet 11:22:33:44:55:66;
  fixed-address 192.168.76.150;
}

sudo systemctl restart isc-dhcp-server

Per-device filtering:

  • Admin interface > Group Management
  • Create groups: "Kids", "Adults", "IoT"
  • Assign devices to groups
  • Apply different blocklists to each group

Home Network Best Practices

Network Segmentation

Create separate networks:

  • Wired LAN (192.168.76.x): Trusted devices (PCs, NAS)
  • WiFi (192.168.77.x): Family devices (phones, tablets)
  • Guest WiFi: Optional separate SSID (if using USB WiFi)

VLAN for IoT (advanced):

  • Separate IoT devices (cameras, sensors, smart home)
  • Limited internet access
  • Can't reach main network

Security Hardening

Change SSH port:

sudo nano /etc/ssh/sshd_config

# Change:
Port 24442

sudo systemctl restart sshd

Disable password auth (after setting up SSH keys):

# Copy SSH key first:
ssh-copy-id pi@pimeleon-home.local

# Then disable password auth:
sudo nano /etc/ssh/sshd_config

# Set:
PasswordAuthentication no

sudo systemctl restart sshd

Enable automatic updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

Monitoring and Maintenance

Daily monitoring:

  • Check web dashboard for blocked queries
  • Monitor temperature: vcgencmd measure_temp
  • Verify internet connectivity

Weekly tasks:

  • Update blocklists: pihole -g
  • Review DNS query log for issues
  • Check for system updates

Monthly tasks:

  • Full system update: sudo apt update && sudo apt upgrade
  • Review firewall logs
  • Backup configuration
  • Clean DNS filter database: pihole flush

Common Home Network Scenarios

Smart Home Integration

Allow smart home devices:

  • Add whitelist entries for:
    • Amazon Alexa: s3.amazonaws.com, amazon.com
    • Google Home: googleapis.com, gstatic.com
    • Apple HomeKit: apple.com, icloud.com

Create IoT network:

  • Separate SSID or VLAN
  • Block internet except allowed services
  • Monitor traffic for unusual behavior

Gaming Consoles

Port forwarding (if needed):

# Example for Xbox Live
sudo nano /etc/shorewall/rules

# Add:
DNAT  net  loc:192.168.76.100  tcp  3074
DNAT  net  loc:192.168.76.100  udp  88,500,3074,3544,4500

UPnP (easier but less secure):

# Enable miniupnpd
sudo apt install miniupnpd
sudo systemctl enable miniupnpd

Streaming Services

Whitelist streaming domains:

  • Netflix: netflix.com, nflxvideo.net
  • Disney+: disney.com, disneyplus.com
  • YouTube: youtube.com, googlevideo.com
  • Hulu: hulu.com, hulustream.com

Add to whitelist:

pihole -w netflix.com nflxvideo.net

Troubleshooting Home Deployment

Slow Internet Speeds

Check bandwidth:

# Install speedtest
sudo apt install speedtest-cli

# Test speed
speedtest-cli

Common causes:

  • Pi 3B+ limited to 300 Mbps (USB 2.0)
  • Overloaded Pi (check htop)
  • DNS resolution slow (change upstream DNS)
  • Too many blocklists (streamline lists)

Smart Devices Not Working

Check blocked queries:

  • Admin interface > Query Log
  • Look for red (blocked) entries
  • Whitelist necessary domains

Common fixes:

  • Amazon Echo: Whitelist device-metrics-us.amazon.com
  • Smart TVs: Whitelist manufacturer domains
  • Mobile apps: Temporarily disable blocking, test app, check logs

Family Members Bypassing Filter

Block alternative DNS:

# Block Google DNS
sudo nft insert rule ip filter forward ip daddr 8.8.8.8 reject
sudo nft insert rule ip filter forward ip daddr 8.8.4.4 reject

# Block Cloudflare DNS
sudo nft insert rule ip filter forward ip daddr 1.1.1.1 reject

Force all DNS through router:

# Redirect all port 53 traffic to DNS filter
sudo nft add rule ip nat prerouting iifname "wlan0" udp dport 53 dnat to 192.168.76.1
sudo nft add rule ip nat prerouting iifname "wlan0" tcp dport 53 dnat to 192.168.76.1

Cost Summary

Deployment TypeHardware CostSetup TimeComplexity
Budget Home$75-951-2 hoursEasy
Standard Home$110-1402-3 hoursMedium
Advanced Home$150-2003-4 hoursMedium-Hard

Ongoing Costs

Zero ongoing costs - Pimeleon router is a one-time purchase:

  • No subscription fees
  • No monthly charges
  • No per-device licensing
  • Free software updates

Compare to commercial solutions:

  • Circle/Bark: $10-15/month
  • Norton Family: $50/year
  • Net Nanny: $40/year
  • Gryphon: $200 router + $10/month

ROI: Pimeleon pays for itself in 3-6 months.

Next Steps

After successful home deployment:

  1. Configure DNS Filtering - Customize blocklists
  2. Backup Configuration - Protect your setup

Your home network is now protected by Pimeleon router! Enjoy ad-free browsing, enhanced privacy, and peace of mind knowing your family's internet usage is filtered and monitored.

ON THIS PAGE
Home Network Overview
Recommended Hardware
Deployment Options
Step-by-Step Deployment
Family-Friendly Configuration
Home Network Best Practices
Common Home Network Scenarios
Troubleshooting Home Deployment
Cost Summary
Ongoing Costs
Next Steps
Related Documentation