I have a router at 192.168.1.1 (actually a Firewalla Gold Plus) that is running PiHole in a Docker container. The PiHole admin page is at 172.16.0.2. Let's say my internet address is 340.228.261.112 and I want to use external port 9980 that eventually gets forwarded to 172.16.0.2:80 to use the iPhone app or web access to the portal.
I would like to access the PiHole admin page when not connected to my local network?
Basically, I have four Docker PiHole systems I want to access from the PiHole app wherever I am.
I am just stumped how to forward networking in and out of the PiHole Docker container.
Thanks in advance to the smart people who will help me
That's a router configuration issue, not a Pi-hole one.
Furthermore, you should note that you'd expose your machines for public access if you open those ports in your router.
In general, the recommended approach to access a remote Pi-hole securely would be via virtual private network (VPN).
For further suggestions, have a read of the Guides|VPN section of Pi-hole's documentation.
Your Firewalla Gold Plus comes with built-in VPN server and client, so you could configure your Firewalla as server and your iPhone as client and access your pihole admin anywhere via a secure VPN as recommended.
You are 100% right. And that’s how I access them now one of the time.
The problem is, I want to take advantage of the pihole app’s ability to show multiple piholes at a single time. Having to connect to each Firewalla Is time consuming and inefficient, especially from a remote management perspective.
So what I need, is an ability to port forward to my client’s piholes and be able to monitor them all at once, without having to go through a VPN.
I’m pretty flabbergasted that no one has done this before or knows how to do it.
Thanks and that’s how I’m doing it now. Exposing my Pi-hole to (protected) public access is exactly what I am trying to do. Pretty baffling that no one know how to do this in a docker-installed pihole environment.
My use case won’t be a security risk as I have already set up time-based, IP and Mac filtering.
Does anyone know how to port forward into the docker container?
It’s always frustrating to see question responses where the person providing the answer tries to tell OP they are doing things all wrong.
Why then does the PiHole app allow for configuration of many piholes?
This is the Pi-hole forum.
We are quite experienced in analysing and fixing DNS issues, and we are also known to go to great lengths to help out even with only loosely related configuration issues.
However, I feel reluctant to provide any further help if you start abusing us for trying to help you.
Your issue isn't with Pi-hole.
There is no such official Pi-hole app controlling multiple Pi-holes, neither created nor endorsed by the Pi-hole team.
If you would be using some third party app, you should go to their support channels and abuse them for helping you.
Is that so?
I guess not, as with a VPN, there would be no public exposure of your private network.
I'm flabbergasted that you didn't take my advice:
Your port-forwarding issue is not related to Pi-hole nor Docker.
You just need to configure your router.
Take a note of the IP address of the host running your Docker as well as of all the ports you want to target on that machine, then head to your router and configure the respective port forwards.
It would depend on your router how to achieve that, so I'd suggest to consult your router's documentation and support for further details.
But any solution requiring a VPN is not going work for my usecase. This is why I’m struggling to figure out a port forwarding solution to be able to get from the Internet to the docker-based pihole.
While my test right now is just with four instances, I have 42 client Firewallas in small and medium businesses and protecting high net worth clients that I need to monitor. Using a VPN is just unmanageable in such an environment.
I do stand corrected that I thought the iPhone app I was using was official now that I look at it I see it’s built by rocketscience.
I do have Port forwarding from the router to the box, running the pihole, docker image. No problem.
The challenge, is how to get the traffic from that server into the docker image. I assumed, based upon your reply, incorrectly, that there might’ve been some thoughts here about how to do that.
Docker images specifically have an isolated network segment that can’t be generally accessed from the host nor the router. That’s part of the problem.
I’m a little baffled by why you think I was abusing any of the people who responded to me? I was just replying that the use of a VPN does not fit for the use case I’m trying to address. My comment was also around trying to tell me about risks I am well aware of and we’re not part of my question.
Unfortunately, posts do not convey tone or emotion, and I think you are reading me very wrong.
I’m just trying to figure out very specific technical issue. My challenge is while I am professionally a career deep technologist and the university professor on technical and cyber security topics I lack skills and familiarity with docker.
I will hunt for my solution elsewhere. But thank you very much, otherwise, for your replies and help.
How exactly did you configure the port forward in your router?
I'd need to see a bit of details to guess some advice.
That should be no problem, as Docker takes care of that.
It would expose the external ports of a container as configured, listen on them and forward any traffic to the container's associated internal port.
Rereading your initial post:
This raises my suspicion that you may be trying to use Docker internal IPs in your router's port forward, which of course your router would be at a loss of serving.
If that's the case, that should instead be:
Providing an answer here in case anyone ends up here with the same situation.
The DOCKER-COMPOSE.YAML file needs to have ...
ports:
- "81:80/tcp" # Port forward from host port 81 to container port 80
... this will port forward port 81 on the host to port 80 in the container.
In our case, we port forwarded port 9980 from the internet to port 81 on the host of the docker container running PiHole. The command above then forward port 81 to port 80 in the container so that Internet access to the PiHole portal is possible.
Here is our complete docker-compose.yaml (we are also running unbound along with PiHole in the single container).
