Admin webpage inaccessible to other devices on the network

xunevox · October 16, 2022, 4:04pm

The issue:

I recently installed Pi-hole with unbound on an old pc running Debian 11. I can get to http://pi.hole/admin perfectly fine with it but other devices on my network are having problems accessing it even if I use my Pi-hole's address (attached img). The devices other than the localhost listed in my Pi-hole's network tab are also highlighted/shaded in red; "Device(s) does not use Pi-hole". I can successfully ping and access Pi-hole using an SSH terminal with its IP & hostname so I'm not sure what's preventing me access.

During setup, I've configured my router to use Pi-hole as my primary DNS using its Pi-hole setup guide. Not sure if that would be an issue but I'm adding that here just in case. The only other thing I've done on my router was reserve my Pi-hole's IP which was preconfigured with nano /etc/network/interfaces.

Troubleshooting:

I found several posts with users having similar issues but none of the troubleshooting steps from those fixed the problem. On top of rebooting my router, Pi-hole, & other network devices, I've uninstalled Pi-hole then lighttpd using sudo apt remove --purge lighttpd and went through the Pi-hole installation process again. After lighttpd was reinstalled, I also grabbed the suggested + recommended packages for it using sudo apt-get install rrdtool apache2-utils lighttpd-doc lighttpd-modules-ldap lighttpd-modules-mysql

Attached are my results with sudo systemctl status --full --no-pager lighttpd.service

Summary

● lighttpd.service - Lighttpd Daemon
     Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2022-10-16 08:30:48 CDT; 1h 16min ago
    Process: 918 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
   Main PID: 1010 (lighttpd)
      Tasks: 6 (limit: 2311)
     Memory: 19.0M
        CPU: 1.289s
     CGroup: /system.slice/lighttpd.service
             ├─1010 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
             ├─1020 /usr/bin/php-cgi
             ├─1034 /usr/bin/php-cgi
             ├─1035 /usr/bin/php-cgi
             ├─1036 /usr/bin/php-cgi
             └─1037 /usr/bin/php-cgi

Anyone have an idea on what's happening?

Debug Token:

https://tricorder.pi-hole.net/d5JLxH0F/

jfb · October 16, 2022, 8:09pm

The clients are likely not using Pi-hole for DNS. Only Pi-hole can resolve the domain name pi.hole to the Pi-hole IP.

This is why you can reach the Pi-hole by IP, but not by domain name.

From a client that you believe should be connected to the Pi-Hole for DNS, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of

nslookup pi.hole

nslookup flurry.com

xunevox · October 17, 2022, 2:15am

Both commands on my windows10 machine resulted in this:

 DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.2
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

IPv4 settings were reconfigured to use Pi-hole as the preferred DNS with similar results

deHakkelaar · October 17, 2022, 7:57pm

Sounds as if a firewall is active on the Pi-hole host.
Can check with below (I dont have any rules):

pi@ph5b:~ $ sudo nft list tables
pi@ph5b:~ $

Required ports below:

xunevox · October 18, 2022, 7:52pm

Applied the rules for IP tables, executed the ufw commands, and- lo and behold:

Ta-Da!.mp3

Celebratory screenshot of the admin page running on another machine
Guess I overlooked this since most guides don't cover firewall rules during installation. Was under the assumption something else was up. Thanks a bunch!

deHakkelaar · October 18, 2022, 8:24pm

You dont need to run both the iptables and ufw commands from the docs.
Either use iptables or ufw but not both!

Like most all Linux firewalls, the iptables, nft and ufw commands manipulate the netfilter Linux kernel module:

pi@ph5b:~ $ lsmod
[..]
nf_tables             200704  0
[..]
ip_tables              28672  0

pi@ph5b:~ $ modinfo nf_tables
filename:       /lib/modules/5.10.92+/kernel/net/netfilter/nf_tables.ko
alias:          nfnetlink-subsys-10
author:         Patrick McHardy <kaber@trash.net>
license:        GPL
srcversion:     88909CB365A49A17A4E5873
depends:        nfnetlink
intree:         Y
name:           nf_tables
vermagic:       5.10.92+ mod_unload modversions ARMv6 p2v8

pi@ph5b:~ $ modinfo ip_tables
filename:       /lib/modules/5.10.92+/kernel/net/ipv4/netfilter/ip_tables.ko
alias:          ipt_icmp
description:    IPv4 packet filter
author:         Netfilter Core Team <coreteam@netfilter.org>
license:        GPL
srcversion:     746D0FEB4FFADDBD962E6BA
depends:        x_tables
intree:         Y
name:           ip_tables
vermagic:       5.10.92+ mod_unload modversions ARMv6 p2v8

system · November 8, 2022, 8:24pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.