Pi-hole is using the wrong interface

Help
1

I installed pi-hole and selected eth0 as my interface, so this should be the interface used.

I am using:
Raspberry Pi 4 Model B Rev 1.1
Raspbian GNU/Linux 10 (buster) lite
Installed openvpn
Installed wlan-bridge using hostapd
Installed kodi

But in my web-interface > Network it marks all clients red and in the interface section it shows "br0" for every client although i set up eth0 as the interface to use.
So my pi-hole is not working at all ;')

Debug Token:
https://tricorder.pi-hole.net/2csu99oeyi

Thank you for your help.

2

What is shown in the network table is what the kernel tells Pi-hole to use. Run ip neigh to check if the kernel says the devices are on eth0 or br0. Pi-hole is aware of your entire network. This is not limited to the interface you configured it to use (but this can be changed on the settings page).

3

ip neigh sais "192.168.1.146 dev br0" (laptop) and "192.168.1.1 dev br0" (router) so my kernel tells pi-hole to use br0?

How do I change this? And does my network-bridge still work if I do?

My Laptop and the pi are both connected over LAN at the same LAN-Splitter.

4

No. This is the interface on which the computer sees the device. It may or not mean that Pi-hole cannot reach them over eth0, that depends entirely on how you configured this bridge exactly. I have never installed such a bridge myself.

Unfortunately: Same answer as above. Did it work before you installed the other things like openvpn ?

Your problem may be too specific so nobody can tell you what went wrong, but you may want to do the following: Create a new SD card, install Pi-hole first, check if it works, then install the other items one by one, check Pi-hole each time. This will allow you to limit who is causing the problems.

Try to use br0 as interface, it doesn't hurt, why would you want to restrict Pi-hole to eth0 ? Maybe eth0 as interface doesn't work as usual with wlan-bridge being installed. Otherwise, the devices shouldn't show up on br0 in ip neigh

Also the the Listen on all interfaces, permit all origins option if this solves the problem. The "normal" Pi-hole installation does something very fancy: It detects if the devices are directly connected and permits DNS queries only in this case. This is to avoid becoming part of a DNS botnet when you forward port 53 from your router to your Pi-hole. Many users do this (mostly because they don't know any better) and hence this is a meaningful precaution.

I'm wondering if this bridge in between is interpreted as another hop. As the devices in your network are now two hops away (instead of one), Pi-hole cannot distinguish any more if they are from the Internet or your local network. Just an idea. Trying to help :wink:

Also, how did you configure your clients to use the Pi-hole as DNS server? Did you configure your routers DHCP server to hand out the Pi-hole as DNS server? Or did you chose the Pi-hole internal DHCP server?

Run

sudo nmap -e eth0 --script broadcast-dhcp-discover

and also

sudo nmap -e br0 --script broadcast-dhcp-discover

and maybe also

sudo nmap -e wlan0 --script broadcast-dhcp-discover

and post the output here.

5
Your debug log shows your IPv6 configuration is not working: neither the router's link-local nor Pi-hole's ULA address seems to be operative: 
*** [ DIAGNOSING ]: Networking
[✓] IPv6 address(es) bound to the eth0 interface:
   fe80::dea6:32ff:fe48:24f8 does not match the IP found in /etc/pihole/setupVars.conf

[i] Default IPv6 gateway: fe80::3a35:fbff:fe36:ba6b
   * Pinging fe80::3a35:fbff:fe36:ba6b...
[✗] Gateway did not respond.

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve latermdnystd.co via Pi-hole (fddd:<redacted>)

More important, Pi-hole and your router/gateway are on different networks:

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
   10.7.0.4/24 matches the IP found in /etc/pihole/setupVars.conf

[i] Default IPv4 gateway: 192.168.1.1
   * Pinging 192.168.1.1...
[✗] Gateway did not respond.

The 10.0.0.0/8 address range is often employed by VPNs.

If you are running a VPN software somewhere on your network, you'd have to configure your VPN to make proper use of Pi-hole. In that case, your VPN documentation should have details on how to achieve this.

If you are not using a VPN, it may be your router employing VLANs or some other network configuration issue. In that case, you'd have to provide more details about your network configuration in order to allow some more specific advice.

6

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.