Pihole in Docker over OpenWrt : Cant ping the pihole IP

nisalatp · July 20, 2022, 2:02pm

I have been on following thread.

Thread is closed and apologies for opening a new thread.

No matter what I do, i cant ping into pihole container from LAN.

@ahasbini Any help please?

nisalatp · July 20, 2022, 2:10pm

This is my network, as at now everything on macvlan virtual interfaces, yes I'm running mwan3


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdad:7684:e688::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'iV_LAN'

config interface 'S4GL_4'
	option proto 'static'
	option netmask '255.255.255.0'
	option gateway '192.168.32.1'
	option device 'iS4G_L'
	option ipaddr '192.168.32.3'
	option metric '32'
	list dns '8.8.8.8'

config interface 'D4GU_4'
	option device 'iD4G_U'
	option proto 'static'
	option ipaddr '192.168.31.3'
	option gateway '192.168.31.1'
	option metric '31'
	option netmask '255.255.255.0'
	option broadcast '192.168.31.255'

config interface 'LAN'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.1'
	option device 'br-lan'

config device
	option type 'macvlan'
	option ifname 'eth0'
	option mode 'vepa'
	option name 'iS4G_L'
	option macaddr 'AA:BB:00:00:00:02'
	option acceptlocal '1'

config device
	option type 'macvlan'
	option ifname 'eth0'
	option mode 'vepa'
	option name 'iD4G_U'
	option macaddr 'AA:BB:00:00:00:01'
	option acceptlocal '1'

config device
	option name 'iV_LAN'
	option macaddr 'AA:FF:00:00:00:01'
	option acceptlocal '1'
	option type 'macvlan'
	option ifname 'eth0'
	option mode 'vepa'
	option mtu '1500'
	option promisc '1'

config interface 'docker'
	option device 'docker0'
	option proto 'none'
	option auto '0'

config device
	option type 'bridge'
	option name 'docker0'

config interface 'DNS'
	option device 'iDNS'
	option proto 'static'
	option ipaddr '192.168.1.2'
	option netmask '255.255.255.255'

config device
	option type 'macvlan'
	option ifname 'br-lan'
	option mode 'bridge'
	option name 'iDNS'
	option acceptlocal '1'

config route
	option interface 'DNS'
	option target '192.168.1.3/32'

This is my docker compose

version: "3.3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:2021.09
    hostname: pihole.lan
    environment:
      # TZ: 'set timezone'
      WEBPASSWORD: 'testpw'
    # Volumes store your data between container upgrades
    volumes:
      - './pihole/etc-pihole/:/etc/pihole/'
      - './pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
      - './pihole/var-log/:/var/log'
      - './pihole/etc-cont-init.d/10-fixroutes.sh:/etc/cont-init.d/10-fixroutes.sh'
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    networks:
      internal:
      lan:
        ipv4_address: 192.168.1.3

networks:
  internal:
  lan:
    name: lan
    driver: macvlan
    driver_opts:
      parent: iDNS
    ipam:
      config:
        - subnet: 192.168.1.0/24

nisalatp · July 20, 2022, 2:20pm

This is the result of

docker exec -it pihole ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
21: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:c0:a8:01:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.3/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
22: eth1@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth1
       valid_lft forever preferred_lft forever

nisalatp · July 20, 2022, 2:26pm

This is the ping and nslookup on both 192.168.1.2, 192.168.1.3

root@OpenWrt:~# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: seq=0 ttl=64 time=0.445 ms
64 bytes from 192.168.1.2: seq=1 ttl=64 time=0.262 ms
64 bytes from 192.168.1.2: seq=2 ttl=64 time=0.249 ms
^C
--- 192.168.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.249/0.318/0.445 ms
root@OpenWrt:~# ping 192.168.1.3
PING 192.168.1.3 (192.168.1.3): 56 data bytes
64 bytes from 192.168.1.3: seq=0 ttl=64 time=0.478 ms
64 bytes from 192.168.1.3: seq=1 ttl=64 time=0.277 ms
64 bytes from 192.168.1.3: seq=2 ttl=64 time=0.264 ms
^C
--- 192.168.1.3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.264/0.339/0.478 ms

root@OpenWrt:~# nslookup nasa.gov 192.168.1.2
Server:         192.168.1.2
Address:        192.168.1.2:53

Non-authoritative answer:
Name:   nasa.gov
Address: 52.0.14.116
Name:   nasa.gov
Address: 23.22.39.120

Non-authoritative answer:
Name:   nasa.gov
Address: 2600:1f18:1f:db00:807b:f1f4:d01b:30b1
Name:   nasa.gov
Address: 2600:1f18:1f:db01:11af:58af:ae11:f645


root@OpenWrt:~# nslookup nasa.gov 192.168.1.3
;; connection timed out; no servers could be reached

ahasbini · July 25, 2022, 3:37pm

Hi

What's the output of the following commands

cat /etc/os-release
docker exec -it pihole ping 8.8.8.8
docker exec -it pihole ip route
docker logs --tail 100 pihole

nisalatp · July 28, 2022, 8:40am

Hi,
Thank you for the reply. I have made changes to the network and therefor
192.168.1.2 --> 192.168.10.200
192.168.1.3 --> 192.168.10.203

cat /etc/os-release

NAME="OpenWrt"
VERSION="22.03.0-rc5"
ID="openwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="OpenWrt 22.03.0-rc5"
VERSION_ID="22.03.0-rc5"
HOME_URL="https://openwrt.org/"
BUG_URL="https://bugs.openwrt.org/"
SUPPORT_URL="https://forum.openwrt.org/"
BUILD_ID="r19523-bfd070e7fa"
OPENWRT_BOARD="x86/64"
OPENWRT_ARCH="x86_64"
OPENWRT_TAINTS=""
OPENWRT_DEVICE_MANUFACTURER="OpenWrt"
OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/"
OPENWRT_DEVICE_PRODUCT="Generic"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="OpenWrt 22.03.0-rc5 r19523-bfd070e7fa"

docker exec -it pihole ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.18.0.1 icmp_seq=1 Destination Port Unreachable
From 172.18.0.1 icmp_seq=2 Destination Port Unreachable
From 172.18.0.1 icmp_seq=3 Destination Port Unreachable
From 172.18.0.1 icmp_seq=4 Destination Port Unreachable
From 172.18.0.1 icmp_seq=5 Destination Port Unreachable
From 172.18.0.1 icmp_seq=6 Destination Port Unreachable

docker exec -it pihole ip route

172.18.0.0/16 dev eth1 proto kernel scope link src 172.18.0.2
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.203

docker logs --tail 100 pihole

fixing routes
done fixing routes
[cont-init.d] 10-fixroutes.sh: exited 0.
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific checks & setup for docker pihole/pihole
Failed to set capabilities on file `/usr/bin/pihole-FTL' (Operation not supported)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
Existing DNS servers detected in setupVars.conf. Leaving them alone
::: Pre existing WEBPASSWORD found
DNSMasq binding to default interface: eth0
Added ENV to php:
                        "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
                        "ServerIP" => "0.0.0.0",
                        "CORS_HOSTS" => "",
                        "VIRTUAL_HOST" => "0.0.0.0",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
::: Enabling Query Logging
  [i] Enabling logging...
  [✓] Logging has been enabled!
 ::: Docker start setup complete
  Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
  Current Pi-hole version is v5.4
  Current AdminLTE version is v5.6
  Current FTL version is v5.9
  Container tag is: pihole/pihole:2021.09-amd64-buster
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting crond
Starting pihole-FTL (no-daemon) as root
Starting lighttpd
[services.d] done.
Stopping pihole-FTL
Stopping lighttpd
Stopping cron
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-fixroutes.sh: executing...
fixing routes
done fixing routes
[cont-init.d] 10-fixroutes.sh: exited 0.
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific checks & setup for docker pihole/pihole
Failed to set capabilities on file `/usr/bin/pihole-FTL' (Operation not supported)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
Existing DNS servers detected in setupVars.conf. Leaving them alone
::: Pre existing WEBPASSWORD found
DNSMasq binding to default interface: eth0
Added ENV to php:
                        "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
                        "ServerIP" => "0.0.0.0",
                        "CORS_HOSTS" => "",
                        "VIRTUAL_HOST" => "0.0.0.0",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
::: Enabling Query Logging
  [i] Enabling logging...
  [✓] Logging has been enabled!
 ::: Docker start setup complete
  Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
  Current Pi-hole version is v5.4
  Current AdminLTE version is v5.6
  Current FTL version is v5.9
  Container tag is: pihole/pihole:2021.09-amd64-buster
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting lighttpd
Starting pihole-FTL (no-daemon) as root
Starting crond
[services.d] done