Configuration problem when using rpi as wifi range extender / shared connection


#1

I am trying to get pi-hole configured on a rpi running Parrot OS that is being used as a range extender connected to a public AP.

It is currently configured to forward ipv4 from Wlan0 to eth0 providing internet access to my internal network.
The internet is currently accessible from the internal network and Ads are being blocked as expected when running pi-hole on eth0.

My problem is that i am unable to access the pi-hole interace from either the rpi or PC1.
The services dnsmaq and lighttpd fail to start which is why im confused adblocking is working on the internal network.

here is a diagram of my current setup.

can someone confirm i have my addressing configured correctly?

Regarding the service errors:

with dnsmasq i get “failed to create listening socket for 10.42.0.1: address already in use”
with lightpd i get “start request repeated to quickly”

My Token is attached below. Any ideas?

EDIT: Added Subnets to diagram

Expected Behaviour:

Ad blocking and able to access interface from both rpi and desktop

Actual Behaviour:

  • Ads are blocked but unable to access interace/GUI
  • Pi-Hole services throwing errors for dnsmasq & lighttpd

Debug Token:

yyrm2892cp


#2

Subnets aren’t displayed in the drawing.
Does the Pi-hole box have a route to the 10.192.64.1 gateway if not on same subnet ?

traceroute 10.192.64.1

Whats listening now ?

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'

EDIT: The drawing is confusing me a bit.
Are the “Rpi” and “Pi-Hole Service” symbols one and the same box ?
If so, why does it have two IP adresses 10.42.0.1 & 10.42.0.2 in the same subnet ?


#3

@deHakkelaar Yes pi-hole is running on the rpi, the rpi is just forwarding the traffic from wlan0 to eth0.

Im currently a student so still learning. I have update the diagram with subnets for you.

im not sure i have the pihole address configured correctly.

I wasnt sure wether to have an ip assigned to it on the /20 or /24 subnet. I was trying to avoid having an ip assigned to the server that caused a conflict with the DHCP ips assigned by the AP.

pi-hole is currently sinkholing ads before they reach my internal network however, if i browse from the pii, adds are let through. I assume this is because i configure pi-hole to run on eth0. should i be running it on Wlan0 instead?

traceroute 10.192.64.1
traceroute to 10.192.64.1 (10.192.64.1), 30 hops max, 60 byte packets
 1  10.192.64.1 (10.192.64.1)  1.942 ms  1.826 ms  1.767 ms

#sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      764/gsad
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1669/dnsmasq
tcp        0      0 10.42.0.1:53            0.0.0.0:*               LISTEN      1105/dnsmasq
udp    14592      0 127.0.0.1:53            0.0.0.0:*                           1669/dnsmasq
udp    14720      0 10.42.0.1:53            0.0.0.0:*                           1105/dnsmasq
udp    42368      0 0.0.0.0:67              0.0.0.0:*                           1105/dnsmasq

EDIT: I have also tried running pihole on wlan0. still get ads block on internal network but dnsmasq still failed
Tried changing listening address from local, eth0 and wlan0 but still same problem.
When configuring pihole for wlan0 i used the dhcp assigned address from the AP and the AP defautl gateway. ie ip 10.192.x.x/20 gw 10.192.64.1

also no matter what I cannot kill the dnsmaq service and the addresses it is listening on.

┌─[✗]─[root@parrot]─[/etc]
└──╼ #dnsmasq --interface=wlan0
Reading profile /etc/firejail/dnsmasq.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Parent pid 2772, child pid 2773
The new log directory is /proc/2773/root/var/log
Child process initialized in 120.58 ms

dnsmasq: failed to create listening socket for 127.0.0.1: Address already in use

Parent is shutting down, bye...



┌─[✗]─[root@parrot]─[/etc]
└──╼ #dnsmasq --interface=eth0
Reading profile /etc/firejail/dnsmasq.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Parent pid 2671, child pid 2672
The new log directory is /proc/2672/root/var/log
Child process initialized in 109.09 ms

dnsmasq: failed to create listening socket for 10.42.0.1: Address already in use

Parent is shutting down, bye...
┌─[✗]─[root@parrot]─[/etc]
└──╼ #

Debug Token 2: 1vd4u2bokp


#4

Initially you want dnsmasq to listen on all IP addresses 0.0.0.0 instead of only on localhost 127.0.0.1 and 10.42.0.1.
Like so (mine is also doing DHCP on port 67 UDP):

pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      472/pihole-FTL
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      710/lighttpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      27880/dnsmasq
tcp6       0      0 :::80                   :::*                    LISTEN      710/lighttpd
tcp6       0      0 :::53                   :::*                    LISTEN      27880/dnsmasq
udp        0      0 0.0.0.0:53              0.0.0.0:*                           27880/dnsmasq
udp        0      0 0.0.0.0:67              0.0.0.0:*                           27880/dnsmasq
udp6       0      0 :::53                   :::*                                27880/dnsmasq

Sounds like that Parot OS is already starting its own dnsmasq instance in a jail probably for DNS caching.
Need to figure out how to stop and disable that instance to allow Pi-hole to start its own dnsmasq instance.
Or configure the instance running in the jail with the necessary settings for Pi-hole though this could cause issues as the config files are not at the location Pi-hole is expecting (cant use the web GUI to change settings).
Here are my dnsmasq settings for comparison (older version of Pi-hole though):

pi@noads:~ $ grep -v '^#\|^$' -R /etc/dnsmasq*
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:server=10.0.0.1
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:interface=eth0

Whats output for below one ?

sudo ps -aux | grep '^USER\|[d]nsmasq'

Here is mine:

pi@noads:~ $ sudo ps -aux | grep '^USER\|[d]nsmasq'
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
dnsmasq  27880  0.0  6.3  16632 11668 ?        S    Mar15  35:52 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service

If you know the PID from above command, you can kill the instance with:

sudo kill -9 <PID>

And check if dnsmasq is not listening anymore with the netstat or ps -aux command.
And try start dnsmasq like the default Pi-hole installation is expecting (not in a jail):

sudo service dnsmasq start

And check with:

sudo service dnsmasq status

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'

sudo ps -aux | grep '^USER\|[d]nsmasq'

On a client PC (Linux, Windows or Mac), you can check if she is blocking/redirecting a naughty domain to Pi-hole’s own IP address with the nslookup command:

nslookup doubleclick.com <PIHOLE_IP_ADDRESS>

It should resemble below with 10.0.0.2 being my Pi-hole:

pi@arcade:~ $ nslookup doubleclick.com 10.0.0.2
Server:         10.0.0.2
Address:        10.0.0.2#53

Name:   doubleclick.com
Address: 10.0.0.2

Probably the reason lighttpd isn’t able to start is because another daemon called “gsad” has taken the socket (port 80 TCP + IP) on the loopback interface already.
For diagnosing, you could try stop “gsad” with:

sudo service gsad stop

Or kill it if you know the PID (ps -aux).
Start up lighttpd:

sudo service lighttpd restart

Check again with the netstat command.
And try access the admin page in a browser.

Or run a supported distro :wink:


#5

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.