Pi-Hole VLAN advice using 05-custom.conf or define VLAN interfaces

Kopernikus · October 5, 2020, 6:31pm

iptables -nL gives me same result as you
and netstat -nltup gives me:

Active Internet connections Proto Recv-Q Send-Q Local Address tcp 0 0 127.0.0.1:4711 tcp 0 0 127.0.0.1:5353 tcp 0 0 0.0.0.0:80 tcp 0 0 0.0.0.0:53 tcp 0 0 0.0.0.0:22 tcp 0 0 0.0.0.0:443 tcp6 0 0 ::1:4711 tcp6 0 0 :::80 tcp6 0 0 :::53 tcp6 0 0 :::22 udp 0 0 127.0.0.1:5353 udp 0 0 0.0.0.0:5353 udp 0 0 0.0.0.0:46375 udp 0 0 0.0.0.0:53 udp 0 0 0.0.0.0:68 udp6 0 0 :::5353 udp6 0 0 :::40792 udp6 0 0 :::53 (only servers)
Foreign Address State PID/Program name
0.0.0.0:* LISTEN 995/pihole-FTL
0.0.0.0:* LISTEN 911/unbound
0.0.0.0:* LISTEN 924/lighttpd
0.0.0.0:* LISTEN 995/pihole-FTL
0.0.0.0:* LISTEN 872/sshd
0.0.0.0:* LISTEN 924/lighttpd
:::* LISTEN 995/pihole-FTL
:::* LISTEN 924/lighttpd
:::* LISTEN 995/pihole-FTL
:::* LISTEN 872/sshd
0.0.0.0:* 911/unbound
0.0.0.0:* 444/avahi-daemon: r
0.0.0.0:* 444/avahi-daemon: r
0.0.0.0:* 995/pihole-FTL
0.0.0.0:* 811/dhcpcd
:::* 444/avahi-daemon: r
:::* 444/avahi-daemon: r
:::* 995/pihole-FTL

This is what I get if I do a Wireshark when trying to connect to the pihole admin:

deHakkelaar · October 5, 2020, 6:33pm

The sshd daemon is listening on all IP's 0.0.0.0 from above.
If nslookup works but ssh not, yeah I suspect firewall or some safety related setting(s) on the router/switch.

Kopernikus · October 5, 2020, 6:35pm

Also think it's firewall related, but even when all firewall block rules are disabled it doesn't work.
Maybe have to enable logging in my firewall to see if I can can see what's happening.

deHakkelaar · October 5, 2020, 6:36pm

Was that Wireshark run on the Pi-hole host or somethng else ?

Ow. ps. try enclose code output with the </> button before posting here.
Is cleaner to read.

Kopernikus · October 5, 2020, 6:38pm

No on the windows pc initiating the connection to the Pihole

deHakkelaar · October 5, 2020, 6:40pm

Could try a tcpdump on the Pi-hole host itself instead to see if any traffic arrives.
Hold on, need to find right syntax.

deHakkelaar · October 5, 2020, 6:46pm

sudo apt install tcpdump

Replace <SOURCE_IP> with the PC ip below and browse to the GUI:

sudo tcpdump -lnqtX -i eth0 src <SOURCE_IP> and tcp port 80

Ow do mind above grabs from eth0 !
Should grab the aliased interfaces as well I think.
If not, try for example -i eth0.20 argument instead.

Kopernikus · October 5, 2020, 6:48pm

It's receiving the traffic:

listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 10.10.10.10.50746 > 10.10.50.41.80: tcp 0
        0x0000:  4500 0034 87d0 4000 7f06 23ad 0a0a 0a0a  E..4..@...#.....
        0x0010:  0a0a 3229 c63a 0050 242a 229e 0000 0000  ..2).:.P$*".....
        0x0020:  8002 faf0 1686 0000 0204 05b4 0103 0308  ................
        0x0030:  0101 0402                                ....
IP 10.10.10.10.50747 > 10.10.50.41.80: tcp 0
        0x0000:  4500 0034 87d1 4000 7f06 23ac 0a0a 0a0a  E..4..@...#.....
        0x0010:  0a0a 3229 c63b 0050 a57a 559c 0000 0000  ..2).;.P.zU.....
        0x0020:  8002 faf0 6236 0000 0204 05b4 0103 0308  ....b6..........
        0x0030:  0101 0402                                ....

deHakkelaar · October 5, 2020, 6:50pm

And do the logs show activety when tailing live ?

sudo tail -f /var/log/lighttpd/{access,error}.log

deHakkelaar · October 5, 2020, 6:51pm

Ow ps:

Kopernikus · October 5, 2020, 6:51pm

==> /var/log/lighttpd/error.log <==
2020-10-05 16:41:53: (server.c.1464) server started (lighttpd/1.4.53)
2020-10-05 16:41:53: (server.c.1493) WARNING: unknown config-key: alias.url (ignored)
2020-10-05 18:17:21: (server.c.1464) server started (lighttpd/1.4.53)
2020-10-05 18:17:21: (server.c.1493) WARNING: unknown config-key: alias.url (ignored)
2020-10-05 19:30:45: (server.c.2059) server stopped by UID = 0 PID = 1
2020-10-05 19:31:01: (server.c.1464) server started (lighttpd/1.4.53)
2020-10-05 19:31:01: (server.c.1493) WARNING: unknown config-key: alias.url (ignored)
2020-10-05 19:49:17: (server.c.2059) server stopped by UID = 0 PID = 1
2020-10-05 19:50:14: (server.c.1464) server started (lighttpd/1.4.53)
2020-10-05 19:50:14: (server.c.1493) WARNING: unknown config-key: alias.url (ignored)

No other errors show when trying to connect.

deHakkelaar · October 5, 2020, 6:53pm

Is that while at same time try access the Pi-hole web GUI ?

deHakkelaar · October 5, 2020, 6:53pm

No errors.
Just warnings

Kopernikus · October 5, 2020, 6:54pm

No, not at the sametime, nothing gets added when trying to access.
But with the tcpdump we have seen that the packet arrives, or am I wrong?

Also why if I disable the alias ip's it responding and why is it responding to the alias IP but not on eth0.
I could set the port no native lan and tag the vlans but I's rather have no devices on native.

deHakkelaar · October 5, 2020, 6:55pm

Scratching my head

Kopernikus · October 5, 2020, 6:59pm

TCP dump on the eth1.10 (when connecting to 10.10.10.41 instead of 10.10.50.41

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.10, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 10.10.10.10.50805 > 10.10.10.41.80: tcp 0
        0x0000:  4500 0034 4aea 4000 8006 8793 0a0a 0a0a  E..4J.@.........
        0x0010:  0a0a 0a29 c675 0050 31a3 1416 0000 0000  ...).u.P1.......
        0x0020:  8002 faf0 3f5a 0000 0204 05b4 0103 0308  ....?Z..........
        0x0030:  0101 0402                                ....
IP 10.10.10.10.50806 > 10.10.10.41.80: tcp 0
        0x0000:  4500 0034 4aeb 4000 8006 8792 0a0a 0a0a  E..4J.@.........
        0x0010:  0a0a 0a29 c676 0050 2361 98d4 0000 0000  ...).v.P#a......
        0x0020:  8002 faf0 c8dc 0000 0204 05b4 0103 0308  ................
        0x0030:  0101 0402                                ....
IP 10.10.10.10.50805 > 10.10.10.41.80: tcp 0
        0x0000:  4500 0028 4aec 4000 8006 879d 0a0a 0a0a  E..(J.@.........
        0x0010:  0a0a 0a29 c675 0050 31a3 1417 4915 b207  ...).u.P1...I...
        0x0020:  5010 2014 5fdd 0000 0000 0000 0000       P..._.........
IP 10.10.10.10.50806 > 10.10.10.41.80: tcp 0
        0x0000:  4500 0028 4aed 4000 8006 879c 0a0a 0a0a  E..(J.@.........
        0x0010:  0a0a 0a29 c676 0050 2361 98d5 05cb 22b2  ...).v.P#a....".
        0x0020:  5010 2014 bbff 0000 0000 0000 0000       P.............

deHakkelaar · October 5, 2020, 7:01pm

curl -Iv http://10.10.50.41/admin/

?

Kopernikus · October 5, 2020, 7:03pm

curl -Iv http://10.10.50.41/admin/
* Expire in 0 ms for 6 (transfer 0x1cca880)
*   Trying 10.10.50.41...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x1cca880)
* Connected to 10.10.50.41 (10.10.50.41) port 80 (#0)
> HEAD /admin/ HTTP/1.1
> Host: 10.10.50.41
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Set-Cookie: PHPSESSID=8hh53r2jkmuhiqs9d7h9b4aiq1; path=/
Set-Cookie: PHPSESSID=8hh53r2jkmuhiqs9d7h9b4aiq1; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
Pragma: no-cache
< Content-type: text/html; charset=UTF-8
Content-type: text/html; charset=UTF-8
< X-Pi-hole: The Pi-hole Web interface is working!
X-Pi-hole: The Pi-hole Web interface is working!
< X-Frame-Options: DENY
X-Frame-Options: DENY
< Date: Mon, 05 Oct 2020 19:02:07 GMT
Date: Mon, 05 Oct 2020 19:02:07 GMT
< Server: lighttpd/1.4.53
Server: lighttpd/1.4.53

<
* Connection #0 to host 10.10.50.41 left intact

Command run on the pihole or do I need to run it somewhere else?

deHakkelaar · October 5, 2020, 7:08pm

On Pi-hole.

Above looks OK.
And when tailing live:

sudo tail -f /var/log/lighttpd/access.log

And do the curl in another session, does anything gets logged ?
Ow. ps. if have another machine/client that can curl, that would be nice too.

Kopernikus · October 5, 2020, 7:14pm

Tailing live nothing gets added when trying to connect
Did a curl on my first pihole (who has no aliasses configured):

curl -Iv http://10.10.50.41/admin/
* Expire in 0 ms for 6 (transfer 0x13b880)
*   Trying 10.10.50.41...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x13b880)
* Connected to 10.10.50.41 (10.10.50.41) port 80 (#0)
> HEAD /admin/ HTTP/1.1
> Host: 10.10.50.41
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Set-Cookie: PHPSESSID=4i66me7be4gcsrgc28kng6peij; path=/
Set-Cookie: PHPSESSID=4i66me7be4gcsrgc28kng6peij; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
Pragma: no-cache
< Content-type: text/html; charset=UTF-8
Content-type: text/html; charset=UTF-8
< X-Pi-hole: The Pi-hole Web interface is working!
X-Pi-hole: The Pi-hole Web interface is working!
< X-Frame-Options: DENY
X-Frame-Options: DENY
< Date: Mon, 05 Oct 2020 19:11:49 GMT
Date: Mon, 05 Oct 2020 19:11:49 GMT
< Server: lighttpd/1.4.53
Server: lighttpd/1.4.53

<
* Connection #0 to host 10.10.50.41 left intact

When doing the curl from the other Pihole, this gets added to to the live tail:

1601925142|10.10.50.41|HEAD /admin/ HTTP/1.1|200|0