Pi-hole only works on itself

rdx · October 19, 2022, 4:58pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

Expected pi-hole to work from anther system on LAN

Yes I haven't changed dhcp to assign pihole ip, as it is not working yet, checking with nslookup from a different system on LAN

This is fresh installation of Ubuntu and the first thing installed on it is pi-hole.
Stopped iptables service and even added ports 53 and 80 to INPUT

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:        22.04
Codename:       jammy

ip route show
default via 10.0.0.1 dev enp0s3 proto dhcp src 10.0.0.229 metric 100
10.0.0.0/24 dev enp0s3 proto kernel scope link src 10.0.0.229 metric 100
10.0.0.1 dev enp0s3 proto dhcp scope link src 10.0.0.229 metric 100
169.254.169.254 via 10.0.0.1 dev enp0s3 proto dhcp src 10.0.0.229 metric 100

ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 02:00:17:00:12:47 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.229/24 metric 100 brd 10.0.0.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::17ff:fe00:1247/64 scope link
       valid_lft forever preferred_lft forever


sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

sudo iptables -L INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited


service iptables status
○ iptables.service - netfilter persistent configuration
     Loaded: loaded (/lib/systemd/system/iptables.service; alias)
     Active: inactive (dead) since Wed 2022-10-19 16:06:38 UTC; 30min ago
       Docs: man:netfilter-persistent(8)
    Process: 12841 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=0/SUCCESS)
    Process: 12858 ExecStop=/usr/sbin/netfilter-persistent stop (code=exited, status=0/SUCCESS)
   Main PID: 12841 (code=exited, status=0/SUCCESS)
        CPU: 3ms

Oct 19 16:06:32 pi-ampere-rt1 systemd[1]: Starting netfilter persistent configuration...
Oct 19 16:06:32 pi-ampere-rt1 netfilter-persistent[12843]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Oct 19 16:06:32 pi-ampere-rt1 netfilter-persistent[12843]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Oct 19 16:06:32 pi-ampere-rt1 systemd[1]: Finished netfilter persistent configuration.
Oct 19 16:06:38 pi-ampere-rt1 systemd[1]: Stopping netfilter persistent configuration...
Oct 19 16:06:38 pi-ampere-rt1 netfilter-persistent[12858]: /usr/sbin/netfilter-persistent: 39: [: -gt: unexpected operator
Oct 19 16:06:38 pi-ampere-rt1 netfilter-persistent[12858]: Automatic flush disabled; use '/usr/sbin/netfilter-persistent flush'
Oct 19 16:06:38 pi-ampere-rt1 systemd[1]: iptables.service: Deactivated successfully.
Oct 19 16:06:38 pi-ampere-rt1 systemd[1]: Stopped netfilter persistent configuration.

sudo ufw status
Status: inactive

Actual Behaviour:

OS seems to listen on ports 53 and 80 but does not respond form another system on LAN. Only thing working is ssh or ping from another system on lan.

Nslookup from another system

ip route show
default via 10.0.0.1 dev ens3 proto dhcp metric 100
10.0.0.0/24 dev ens3 proto kernel scope link src 10.0.0.12 metric 100
169.254.0.0/16 dev ens3 proto dhcp scope link metric 100

 ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
    link/ether 02:00:17:00:82:3a brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.12/24 brd 10.0.0.255 scope global dynamic noprefixroute ens3
       valid_lft 53400sec preferred_lft 53400sec
    inet6 fe80::17ff:fe00:823a/64 scope link noprefixroute
       valid_lft forever preferred_lft forever


 nslookup
> server 10.0.0.229
Default server: 10.0.0.229
Address: 10.0.0.229#53
> yahoo.com
;; connection timed out; no servers could be reached
> server 10.0.0.229
Default server: 10.0.0.229
Address: 10.0.0.229#53
> google.com
;; connection timed out; no servers could be reached

Debug Token:

https://tricorder.pi-hole.net/fM9GJk5f/

jfb · October 19, 2022, 5:54pm

What device on your network is the DHCP server? The Pi-hole DHCP discovery found nothing:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   DHCP packets received on interface enp0s3: 0
   DHCP packets received on interface lo: 0

For the Pi, what is the basis for assigning an APIPA IP for the nameserver?

lrwxrwxrwx 1 root root 39 Aug 10 12:29 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
   nameserver 169.254.169.254

From the Pi terminal, what is the output of the following:

nslookup pi-hole.net 127.0.0.1

nslookup pi-hole.net 10.0.0.229

rdx · October 19, 2022, 10:35pm

not sure what helped, uninstalled ufw and iptables and a few reboots is what I can recall.
Also re-added ufw back after it was working

nslookup from pi was working though for both 127.0.0.1 and 10.0.229

system · November 9, 2022, 10:35pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.