Pi-hole in Docker on macOS has only one client

lexpostma · June 5, 2022, 1:35pm

I'm having the same issue as mentioned here Top client shows only one IP (which I don't even recognize) · Issue #135 · pi-hole/docker-pi-hole · GitHub
Where there's only a few clients in Pi-hole, while there should be many.

Running Pi-hole v5.10 (Docker tag 2022.05) in Docker 4.9 on macOS 12. Mac has fixed IP 192.168.96.6. And there's on one client in Pi-hole with 172.X.0.1 where X seems to change after a reboot. Also running Pi-hole in a Raspberry Pi at 192.168.96.5 without any issues. My router is set up with DHCP DNS Servers defined to both the Mac and RPi IP addresses. Blocking ads works perfectly, but the clients on Mac are weird.

My docker-compose.yml:

version: "3"

# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "192.168.96.6:80:80"
      - "192.168.96.6:53:53/tcp"
      - "192.168.96.6:53:53/udp"
      - "192.168.96.6:443:443"
    environment:
      SERVERIP: '192.168.96.6'
      FTLCONF_REPLY_ADDR4: '192.168.96.6'
      FTLCONF_BLOCK_ICLOUD_PR: 'false'
      TZ: 'Europe/Amsterdam'
      WEBPASSWORD: 'XX'
      PIHOLE_DNS_: '1.1.1.1;1.0.0.1'
      # FTLCONF_CHECK_DISK: '0'
    # Volumes store your data between container upgrades
    volumes:
      - '~/Docker/pihole/:/etc/pihole/'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    dns:
      - '127.0.0.1'
      - '1.1.1.1'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped # Recommended but not required (DHCP needs NET_ADMIN)

I want to keep using my router for DHCP, not the Pi-hole. What should I change to get individual clients, like I do get on the Raspberry Pi?

Netsnipe · February 16, 2023, 11:41am

I ran into a similar issue to what you experienced. Your pi-hole needs to have its own NIC on your LAN subnet for reporting to work. Your pihole is reporting all clients under a single IP address because every query is coming into your container over your Docker host's network bridge which essentially acts as a NAT. Try creating a separate macvlan for your pi-hole container to reside on.

version: '3'

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    networks:
      vlan:
        ipv4_address: 192.168.96.6
    dns:
      - 127.0.0.1
      - 1.1.1.1
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      TZ: 'Europe/Amsterdam'
      WEBPASSWORD: "XX"
      FTLCONF_LOCAL_IPV4: 192.168.96.2
      FTLCONF_BLOCK_ICLOUD_PR: 'false'
    # Volumes store your data between container upgrades
    volumes:
      - '/volume1/docker/pihole/etc-pihole:/etc/pihole'
      - '/volume1/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

networks:
  vlan:
    enable_ipv6: true
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.168.96.0/24
          gateway: 192.168.96.1
          ip_range: 192.168.96.0/25 # this must not overlap with your DHCP range
        - subnet: 2001:db8:3333::/64
          gateway: 2001:db8:3333::1

lexpostma · March 18, 2023, 9:25pm

Thank you Netsnipe, that's very kind of you to share. Forgive my newbie understanding, but how do I reach the Pi-hole interface with your compose? Because currently the IP address is 192.168.96.6 so when I go to 192.168.96.6/admin in the browser, it opens the Pi-hole UI. Should it be 192.168.96.2/admin? That didn't work... Is the IP of the Mac mini the same? Should I be able to reach the UI from another computer on the same local network?

What does "ip_range: 192.168.96.0/25 # this must not overlap with your DHCP range" mean? My UniFi LAN is setup as 192.168.96.0/24. Do they overlap? Do I need to change something on the router?

marcelstoer · June 12, 2023, 5:54am

I don't understand all the settings in this configuration yet. Hence, I'm not yet sure about all the implications. The questions or concerns raised by the OP make me hesitant.

From what I understand this behavior is cause by the fact that Docker doesn't run "natively" on Mac & Windows but has to go through its Linux VM.

rdwebdesign · June 12, 2023, 7:02am

macvlan network mode won't work in this case (MacOS).

The macvlan networking driver only works on Linux hosts, and is not supported on Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server.