New iMac unable to ping Pihole

If you are experiencing issues with a Pi-hole and Apple iMac verify that the built-in firewall is not blocking Pi-hole. I had recently upgraded my Pi-hole server to an RPI 4 and everything worked fine except my wife's new iMac. DHCP services from Pihole worked on everything but her iMac. My temporary workaround was to manually assign an IP address and point the DNS to my home router.

The problem was eventually found to be the built-in firewall in Mac OS. After disabling it, pings worked fine and DHCP / DNS worked perfectly. As a permanent fix, I ended up leaving the firewall disabled and installed Little Snitch which is a better security solution and doesn't have any issues with Pi-hole.

Interesting. As you already know, macOS actually provides two software firewalls: 1) A socket filter / application-layer firewall, called: ALF, and 2) a packet filter / network-layer firewall. Neither of these are enabled by default. The former is enabled/disable via System Preferences > Security & Privacy; whereas the latter, requires using commands in the Terminal app. Using Little Snitch would be a third-party implementation of the macOS's ALF firewall.

I mentioned "interesting" as DNS requests would not work at the application layer, so it shouldn't matter if the macOS' ALF firewall is enabled or not.

Curious by your post, I tried enabling both macOS FWs and neither affected my using Pi-hole for DNS request on my local network. Not sure why this was the case for you.

1 Like

I suspect one of your particular firewall settings was the problem. I have multiple Macs using Pi-hole, all with the MacOS firewall enabled, and none of the Macs have any problems using Pi-hole.

You should not have to disable the MacOS firewall for Pi-hole to be recognized as a DNS server.

1 Like

This occurred after migrating PiHole to a new Raspberry Pi. It's possible that the Mac firewall didn't refresh the MAC address. The arp table entries on the raspberry pi kept showing up as incomplete which tells me that the problem was down in the link layer. So if you can't ping the target then layer three won't function. Thinking that the ARP cache may have been corrupted, I tried rebooting both nodes to clear the cache but pings still wouldn't function. I have another iMac that functioned just fine and the only difference between the two was the use of the firewall. That's what led me to disabling it. Pings worked after that and the ARP tables showed the proper MAC to IP address entries. Current versions of Mac OS and Raspberry PI OS were in use during troubleshooting.