Enabling DHCP causes fsockopen error

When I enable DHCP on my pihole instance running in docker, the FTL service goes offline and causes the error below.

There was a problem applying your settings.
Debugging information:
PHP error (2): fsockopen(): unable to connect to 127.0.0.1:4711 (Connection refused) in /var/www/html/admin/scripts/pi-hole/php/FTL.php:47

My container is connected to a macvlan network, so containers appear to be full machines, and have no port collisions. I have tried exposing all ports and just the ports required (53 tcp and udp, 67 udp, 80 TCP, and 443 TCP. I get the error with both versions of the container.

DNS resolves, so long as DHCP is turned off.

Expected Behaviour:

I expected to enable DHCP without an error, so I can move DHCP from my router to my pihole.

Actual Behaviour:

When I try to enable DHCP, it fails.

Debug Token:

My debug link with DHCP enabled: https://tricorder.pi-hole.net/HRONRwLG/
My debug link with DHCP disabled: https://tricorder.pi-hole.net/5UbendXQ/

Please share your docker-compose or docker run scripts.

Your debug log shows your Pi-hole container to lack CAP_NET_ADMIN permission, which would be required for DHCP services:

*** [ DIAGNOSING ]: Pi-hole diagnosis messages
 count   last timestamp       type                  message                                                       blob1                 blob2                 blob3                 blob4                 blob5               
 ------  -------------------  --------------------  ------------------------------------------------------------  --------------------  --------------------  --------------------  --------------------  --------------------
 1       2023-01-09 10:43:29  DNSMASQ_CONFIG        process is missing required capability NET_ADMIN

The following is my docker compose file. I'll check on that CAP_NET_ADMIN permission now. Thanks for the catch!

 #pihole and cloudflared
networks:
  default:
      external: true
      name: 138corban

services:
  pihole:
    dns:
      - 173.245.59.149
      - 108.162.192.138
      - 1.1.1.1
      - 1.0.0.1

    domainname: 138corban.toyboxcreations.net
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
      - PROXY_LOCATION=pihole
      - VIRTUAL_PORT=80
      - PIHOLE_DNS_=${CLOUDFLARED_IPV4_ADDRESS}#5053;1.1.1.1

    hostname: pihole01
    image: pihole/pihole:latest
    networks:
        default:
          ipv4_address: ${PIHOLE_IPV4_ADDRESS}

    ports:
      - target: 53
        published: 53
        protocol: tcp
      - target: 53
        published: 53
        protocol: udp
      - target: 67
        published: 67
        protocol: udp
      - target: 80
        published: 80
        protocol: tcp
      - target: 443
        published: 443
        protocol: tcp

    restart: unless-stopped
    volumes:
      - type: bind
        source: /mnt/Data0/docker/pihole/etc-pihole
        target: /etc/pihole

      - type: bind
        source: /mnt/Data0/docker/pihole/pihole-updatelists
        target: /etc/pihole-updatelists

      - type: bind
        source: /mnt/Data0/docker/pihole/whitelist
        target: /etc/whitelist

      - type: bind
        source: /mnt/Data0/docker/pihole/etc-dnsmasq.d
        target: /etc/dnsmasq.d

  cloudflared:

    domainname: 138corban.toyboxcreations.net
    entrypoint: cloudflared tunnel --no-autoupdate run --token ${CLOUDFARED_TOKEN}

    environment:
      - TZ=Europe/New_York
      - TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query
      - TUNNEL_LOGLEVEL=debug
    hostname: cloudflared
    image: cloudflare/cloudflared:latest

    networks:
      default:
        ipv4_address: ${CLOUDFLARED_IPV4_ADDRESS}

    restart: unless-stopped


You could refer to our Quick start sample configuration for Docker: :wink:

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
(...)
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed

Adding that capability to the container was precisely it! Thank you!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.