DHCP with docker-compose and bridge networking

Heya,

Thank you very much for this! Exactly what I need!

I'm having some issues trying to get this to work - I've hopefully followed all the instructions, but I've got the following message on my Windows box "An error occurred while renewing interface Ethernet 2 : unable to contact your DHCP server. Request has timed out."

Seem I'm having issues with the DHCP part.

version: "3"
services:
pihole:
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
restart: unless-stopped
cap_add:
- NET_ADMIN
dns:
- 127.0.0.1
- 192.168.0.3
hostname: PiHole
environment:
ServerIP: 192.168.0.2
DNS1: 192.168.0.3
DNS2: 192.168.0.3
VIRTUAL_HOST: pi.hole
DNSMASQ_LISTENING: all
volumes:
- 'pihole:/etc/pihole/'
- 'dnsmasq:/etc/dnsmasq.d/'
depends_on:
- dhcprelay
networks:
pihole:
ipv4_address: '172.22.0.100'
docker-macvlan: {}

dhcprelay:
build: ./dhcprelay
restart: always
network_mode: host
command: ["-id", "eno2", "-iu", "br-23c79ae556ef", "172.22.0.100"]
cap_add:
- NET_ADMIN

networks:
pihole:
ipam:
config:
- subnet: 172.22.0.0/16
docker-macvlan:
external: true

volumes:
pihole:
dnsmasq:

[docker-macvlan] - local macvlan false false default 192.168.0.0/27 192.168.0.1
[pihole_backend] - pihole local bridge true false default 172.22.0.0/16

Host docker is running on: 192.168.0.254

I'm unsure where I'm screwing up (possibly with the backend part or different values from frontproxy_proxy-tier?)

Thanks for any help!

@modem7 Your dhcp-helper command looks a bit weird to me. What are you trying to accomplish with those arguments?

Hi, Thank you very much for this amazing post. I have a small question, I followed all the instructions, I don't see any errors per se' my setup should be working but I can't seem to access my pi-hole from the "ServerIP" which is in my case is 192.168.0.14 (where my mini-server is living). The logs from the pi-hole seems all to be fine following are last few lines from the logs:

[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Starting crond
Starting pihole-FTL (no-daemon) as root
Starting lighttpd

I really can't seem to understand what is happening. I think it is either stuck somewhere or did something wrong. The one thing I can think of is the "frontproxy_proxy-tier" network, docker complain the network did not exists, and I simply created it.

Also I ssh'd into the pi-hole container:

root@809820f86916:/# pihole status
[✓] DNS service is running
[✓] Pi-hole blocking is Enabled

Any clue to where I should even start looking?

1 Like

Hi,

Thanks a lot for this small tuto and explanation.
I'm having the network bridge problem. PiHole shows only one IP address in the Client column, which in my case is 172.18.0.1. Of course I'd love to have the real IP address of each client.

Then I followed the method to try to fix it.
I'm not getting any errors and everything seams to work but it didn't solve my problem, I still have only this IP visible.

My router doesn't support dhcp relay.
I don't need to use dhcp in pihole as I'm using dhcp from my router.

My only goal is to solve the client email showing wrong.
Can someone help me on this? did I do something wrong in following the tuto ?

here is my docker-compose file:

version: "3"
services:
  pihole:
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "8080:80"
    restart: unless-stopped
    cap_add:
        - NET_ADMIN
    dns:
      - 127.0.0.1
      - 1.1.1.1
    environment:
      ServerIP: 192.168.1.153
      DNS1: 1.1.1.1
      DNS2: 1.0.0.1
      VIRTUAL_HOST: pi.hole
      DNSMASQ_LISTENING: all
    volumes:
      - '/Users/dan/etc-pihole/:/etc/pihole/'
      - '/Users/dan/etc-dnsmasq.d/:/etc/dnsmasq.d/'
    depends_on:
      - dhcphelper
    networks:
      backend:
        ipv4_address: '172.33.0.100'
      frontproxy_proxy-tier: {}

  dhcphelper:
    build: ./dhcp-helper
    restart: unless-stopped
    network_mode: "host"
    command: -s 172.33.0.100
    cap_add:
      - NET_ADMIN

networks:
  backend:
    ipam:
      config:
        - subnet: 172.33.0.0/16
  frontproxy_proxy-tier:
    external: true

Thanks for your help.

Hello, I was wondering if someone could help me. I am using this slightly modified docker-compose file:

version: "3"
services:
  pihole:
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    restart: unless-stopped
    cap_add:
        - NET_ADMIN
    dns:
      - 127.0.0.1
      - 172.20.0.3#53
    environment:
      ServerIP: 172.20.0.2
      DNS1: 172.20.0.3#53
      DNSMASQ_LISTENING: all
    depends_on:
      - dhcphelper
    networks:
      backend:
        ipv4_address: '172.20.0.2'
      frontproxy_proxy-tier: {}

  dhcphelper:
    build: ./dhcp-helper
    restart: unless-stopped
    network_mode: "host"
    command: -s 172.20.0.2
    cap_add:
      - NET_ADMIN

networks:
  backend:
    ipam:
      config:
        - subnet: 172.20.0.0/16
  frontproxy_proxy-tier:
    external: true

When I first ran docker-compose up -d, it prompted that the network frontproxy_proxy-tier was not present. The prompt suggested using docker network create frontproxy_proxy-tier. Is that what I'm supposed to do?

Also, what should I put in the "Ranges of IP addresses to be given out" and "Router (gateway) IP address" in the Pihole GUI? Should this be the network range 192.168.0.2-192.168.0.255 with my router being 192.168.0.1?

Additional information:
my router: 192.168.0.1
Pihole: 192.168.0.2 (docker network 172.20.0.2)

Thanks!

From my understanding (I could be completely wrong), having the dhcphelper container in host network mode and bridging it to the pihole container would be enough to make this setup work, right? (At least I've tried it like this and it works fine)

I say this because I don't understand the purpose of the frontproxy_proxy-tier network. It is external, which the docs state it means the following (that's why @ggl-wolfy receives that error):

This network has been created outside of Compose. docker-compose up does not attempt to create it, and raises an error if it doesn’t exist.

@DerFetzer: Is the frontproxy_proxy-tier network something specific to your setup but unnecessary in general?

Also, @ggl-wolfy: I think your configuration is OK, at least I've done something similar and it works.

Cheers :slight_smile:

This is the network of the reverse proxy.

@ggl-wolfy If you are not using a reverse proxy you have to forward port 80 of the pihole container to the host and can remove the external network. ServerIP has to be set to your external IP address (192.168.0.2).

Yes, the range is what you want the DHCP server to hand out IP addresses from. You could leave out some IP addresses when you want to use a range independently from Pi-hole.

1 Like

Thank you both for all your help.

@DerFetzer Sorry to bother you, but I still have some problems with the setup.

Thanks for the explanation regarding the network. I am indeed using a reverse proxy by linking Pihole from another container within the same network using http://pihole:80. So I have removed frontproxy_proxy-tier. That's ok?

I have now set Server IP to 192.168.0.2, and the network range and gateway as mentioned above.

A dev suggested (don't remember where) using 99-dhcp-debugging.conf which contained the line log-dhcp for troubleshooting, and I got the following when going through pihole.log:
no address range available for DHCP request via eth0

ifconfig on my raspberry pi:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.2  netmask 255.255.255.0  broadcast 192.168.0.255

If you could provide me with some advice? Thank you.

Though 192.168.0.255 is a valid address, maybe dnsmasq has a problem with it. You could try 192.168.0.254 instead.
How does your 02-pihole-dhcp.conf look like?

.255 is a network's broadcast address.
Just as .0, it should not be assigned to a device.

Thanks. I made the change and I still receive the same error. Here's 02-pihole-dhcp.conf:

###############################################################################
#  DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE.  #
#            ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE             #
###############################################################################
dhcp-authoritative
dhcp-range=192.168.0.2,192.168.0.254,24h
dhcp-option=option:router,192.168.0.1
dhcp-leasefile=/etc/pihole/dhcp.leases

I also have dhcp-option=option:dns-server,192.168.0.2 in 07-dhcp-options.conf as described in the above guide.

Oh, perfect, thanks!

Maybe it's time to dockerize my reverse proxy, I have it running in the host OS as of now :stuck_out_tongue:

Thanks so much for this. Made this account just to thank you. I have been trying to sort the DHCP server on my pihole for ages and this really helped. Simple when you know what your doing. only thing that threw me was that the docker-file must actually be called "Dockerfile" (case sensitive)

A post was split to a new topic: SLAAC and Docker with dockered Pi-hole as DHCP server

Just wanted to say thank you! This was an exceptionally helpful article.

Since the dhcphelper container's network is configured to run in "host" mode, can it even see bridged network? ie. -s 172.31.0.100 should be invisible to the dhcp-helper docker right?

A post was split to a new topic: Can't get DHCP server to work in dockered Pi-hole

A post was split to a new topic: Docker Pi-hole DHCP conflicts with Virgin router DHCP