I set up an RPi3 B+ as a router and access point using this guide. Currently things are working well. My Pi is connected directly to my cablemodem and traffic is routing fine.
I'd now like to set up Pi-hole on this same Pi, but its automated installer seems to want to build a bunch of configs from scratch. Currently I have dnsmasq running on 192.168.0.1 handing out IPs in my desired configured range, and also acting as my DNS server. AFAIK I basically need Pi-hole to respect that configuration but add its domain-blocking capabilities. But when the installer launches, it gives me a choice of interfaces, tries to use my ISP's DHCP-provided IP as its static IP, etc. It also wants to set a static gateway, which is already handled by dhcpcd via my ISP.
Is there any way to use Pi-hole in this setup? My router Pi is pretty under-utilized, so I'd rather not put this on another if I can avoid it. It looks like your DNS server is dnsmasq-compatible, so it seems like it should just be a matter of installing your own binaries plus configuration for DNS-blocking, but I haven't found any advanced installation docs yet.
Not only that, but you can (and I'd recommend) use it (Pi-hole) as your DHCP server too. Not only you'll have the ability to manage the DHCP server settings from it's interface but also you'll get to see individualized stats for all the assigned IPs.
For your settings during setup, you need to use the local static IP of the Pi-hole (the one asigned the the wlan0 interface in /etc/dhcpcd.conf). Not the ISP's IP.
In order for it to listen only to your LAN's request for DNS queries, you'd have to select the wlan0 interface (assuming you used standard naming) during setup when asked for listening interface..
Once the Pi-hole is up and running, you'd have to select Listen on all interfaces (the one hop away) option under Settings/DNS.
Before you install, make a backup and remove your files from /etc/dnsmasq.d/ in order for the Pi-hole settings to be processed by dnsmaq and not cause DHCP conflicts.
In the Settings/DHCP part, you can manage the DHCP server settings that actually manage the way dnsmasq works from a DHCP server perspective.
Got it, so unless I'm mistaken, the PH setup replaces my access point
setup guide?
What should I use as the default gateway, given this is configured by my
ISP via DHCP? Should it be the default gateway for local clients? (I.e.
192.168.0.1, the same Pi on which Pi-hole is running?)
What does the "listen on all interfaces" option do? To be clear, I don't
want the Pi listening on eth0, which routes to the cablemodem and is a
DHCP client.
No, It will replace only the dnsmasq part. Everything else stays the same.
Correct you'd want to have it listen to wlan0 (i corrected my initial post after reviewing the guide - some screenshots included). That particular option will prevent dnsmasq to respond to DNS queries from devices outside that wlan.
Ah yes, that's the tricky one .. theoretically, that gateway changes when your lease expires or if the ISP pushes a different DHCP range.
Usually the lease is renewed at expiration time and you'd retain the same IP with the same gateway.
Unless you force the ISP's CMTS to assign you a different IP by changing your MAC address (on your pi), you should be fairly stable with the gateway you currently have assigned to you.
(I've had the same DHCP-ISP provided IP for the past 9 months).
Not too sure if setting up the ISP provided gateway in the settings will work though ... In theory, it should ...
So I run the install script, select wlan0, set my IP to 192.168.0.1/16,
gateway to 192.168.0.1. All other options are defaulted. The
installation completes, I log into the admin interface and select the
one-hop-away option. When I reboot, I can see the SSID, but I can't seem
to get an IP. dmesg on my laptop shows a connection, but 30 seconds or
so later it dissociates and reconnects to another AP I've been using.
Really looks like DHCP isn't listening on wlan0 for some reason. In any
case, it never gets an IP, and the only logging I see is wifi radio-related.
Fortunately I have a DD of my original image, so I'm returning to that.
Any other thoughts on what might be going on here? Unfortunately it's
going to be difficult to get non-headless access to this thing. If it
fails again I can pull some logs off of the SD card if someone points me
to them. I'm restoring the original image now, and probably won't do
another round of this until tomorrow (I forgot to enable the
one-hop-away DNS setting on my first run, so this is my second
fail-restore cycle today.)
You could install the Pi-hole first, (that takes care of all the dnsmasq related steps from that guide, as long as you configure it as your DHCP server from the admin interface) and then follow the hostapd steps.
Doh, I totally didn't, thought it was already, though now that I use a
few more braincells I see why it wouldn't be. Doing too many things
at once here.
Yup, that did it. Then I was assigned an IP but DNS didn't work from
clients. Had to switch from all interfaces/one hop to wlan0. Now things
are working fine.
