Pihole as DHCP server in Docker using macvlan network

tiritibambix · September 5, 2022, 9:28pm

Hi !

I'm trying to set my pihole as my DHCP server.

I use a RaspberryPi running Debian 64bits. I'm using Docker and Portainer to run PiHole.

I'm struggling a bit as I don't know much about network and I'm not a native English speaker, so please, bare with me.

I created a macvlan network like this

docker network create --driver=macvlan
     --gateway=192.168.1.254
     --subnet=192.168.1.0/24
     --ip-range=192.168.1.101/32
     -o parent=eth0 vlanPihole

Here's my stack :

version: '3.3'
services:
    pihole:
        container_name: pi-hole
        hostname: PiholeRPi4
        restart: always
        volumes:
            - /srv/path/Files/Pihole/etc-pihole/:/etc/pihole/
            - /srv/path/Files/Pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/
        dns:
            - 1.1.1.1
            - 1.0.0.1
        environment:
            - DNS1=1.1.1.1
            - DNS2=1.0.0.1
            - ServerIP=192.168.1.101
            - DNSMASQ_LISTENING=all
            - WEBPASSWORD=wowmuchpasswordsuchsecret
            - TZ=Europe/Paris
            - mac-address="02:42:c0:a8:02:d7"
        network_mode: vlanPihole
        image: 'pihole/pihole:latest'

I can access my pihole at http://192.168.1.101/admin/

I set pihole as DHCP server like this:
Range from 192.168.1.101 to 192.168.1.201
Gateway is my ISP modem : 192.168.1.254

I reboot my Raspberry and my ISP modem.

My problem is that I don't get knew IPs for most of my devices (maybe I should reboot them ?), but mostly I get new IPs for my other devices in the 192.168.0.x subnet and not 192.168.1.x as I asked for in my config. It messes up everything of course.

Here's an ugly diagram of my network if that helps. I'm not sure my router and switch can be a problem.
I SSH and work from my computer in "office 1".

Can someone please help me ?

DanSchaper · September 6, 2022, 1:06am

That would give you a single IP 192.168.1.101 in the lease pool. What does docker network inspect vlanPihole show you?

That doesn't look right either. Are you following a guide to set this up?

Bucking_Horn · September 6, 2022, 3:21pm

Your compose file seems to be missing a networks section, but let's find out about your intentions first.

You are not creating a VLAN here.
You are creating a MACVLAN network within your Docker instance.

Is your motivation for trying this to configure a real VLAN instead, so you could isolate certain clients from the rest of your network?

Or do you intend to run Pi-hole as DHCP server, and therefore decided to use a MACVLAN approach?

PromoFaux · September 6, 2022, 3:27pm

Just as an example, mine is defined to use a macvlan network I setup called home, like so:

version: '3.3'
services:

  pihole:
    container_name: pihole
    hostname: pihole-docker
    depends_on:
      - unbound
    image: pihole/pihole:${PIHOLE_TAG}
    #image: promofaux/adam-pihole
    environment:
      TZ: europe/London
      FTLCONF_REPLY_ADDR4: 192.168.1.253
      REV_SERVER: 'true'
      REV_SERVER_DOMAIN: lan.arpa
      REV_SERVER_TARGET: 192.168.0.1
      REV_SERVER_CIDR: 192.168.0.0/16
      SKIPGRAVITYONBOOT: 1
      PIHOLE_DNS_: 8.8.8.8;8.8.4.4
      WEBPASSWORD:
      DNSMASQ_USER: 'root'
    volumes:
      - pihole_etc_pihole:/etc/pihole/
      - pihole_etc_dnsmasqd:/etc/dnsmasq.d/
      #- /volume1/copy/tmpVol/:/run/uncaught-logs/
    cap_add:
      - NET_ADMIN
    mac_address: d0:ca:ab:cd:ef:fe
    dns:
     - 8.8.8.8
    networks:
      home:
        ipv4_address: 192.168.1.253
    restart: always

networks:
  home:
    external: true

volumes:
  pihole_etc_pihole:
    external: true
  pihole_etc_dnsmasqd:
    external: true

The network was set up with:

docker network create -d macvlan  --subnet=192.168.0.0/23  --gateway=192.168.0.1 -o parent=eth0 home

tiritibambix · September 6, 2022, 3:29pm

Yes, that's the whole point

[
    {
        "Name": "vlanPihole",
        "Id": "ec961f01ea3f7484d0283f2a3805ef378bc7fe1d70fdced5916bda5b2daec690",
        "Created": "2022-09-05T15:41:20.10348546+02:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.1.0/24",
                    "IPRange": "192.168.1.101/32",
                    "Gateway": "192.168.1.254"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "21361e17defe1a2819526917aab6a55c49867b7f8d715bbde12b09bc66904f57": {
                "Name": "pi-hole",
                "EndpointID": "052eb4d7c6a9f653c5d095cce0e582c26077d1a10e786ec29019291602817df6",
                "MacAddress": "02:42:c0:a8:01:65",
                "IPv4Address": "192.168.1.101/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "eth0"
        },
        "Labels": {}
    }
]

Not one guide, but several. I've been reading from here and there and tried to gather something working. This includes this

tiritibambix · September 6, 2022, 3:30pm

Exactly this

tiritibambix · September 6, 2022, 3:30pm

Thanks a lot. I'm going to try and adapt this to my config and let you know

Bucking_Horn · September 6, 2022, 3:39pm

Your Pi-hole's subnet is different from the one your router is using.
What's the motivation for that?

What's the machine at 192.168.1.254 that you've configured to be used as a gateway? Does that connect to your router on your 192.168.0.0/24 network, or is that a separate router providing its own internet connection?

tiritibambix · September 6, 2022, 3:44pm

There's no motivation for that. That's the issue. I want everyone in the same subnet.

192.168.1.254 is my ISP modem. It connects to my router that connects to my switch that connects my Raspberry. Please, have a look at my ugly diagram. It displays all the setup and current IPs for my main devices.
Never have I ever asked for something to be in 192.168.0.0/24 network.

Bucking_Horn · September 6, 2022, 3:59pm

That link errors out for me.
In this forum, you may paste images directly.

You mention

Where do those reside?

tiritibambix · September 6, 2022, 4:06pm

My computer and some android devices get IPs in the 192.168.0.0/24 network. I don't know nor understand why ?! And at the same time, the other devices stay in the IP range attributed by my ISP modem (meaning 192.168.1.1 to 192.168.1.100 and not 192.168.1.101 to 192.168.1.201 as configured in pihole DHCP) while DHCP IS disabled on my ISP modem.

Bucking_Horn · September 6, 2022, 4:22pm

(That picture isn't ugly at all. )

What IP range did you configure for Pi-hole's DHCP server?

Which machine is handling DHCP in your network up to now?
The following may help answering that question:

pihole-FTL dhcp-discover

Note that a DHCP client may pick any DHCP server answering its broadcast to acquire a DHCP lease (so Pi-hole as well as an existing DHCP server).
Furthermore, a client with an existing lease would continue to talk to the DHCP server it acquired its lease through. If that's your current DHCP server and it's still active, that client may never ask your Pi-hole for a lease - unless you disconnect it from the network, e.g. by powercycling it.

If you do intend to keep that existing DHCP server running in addition to Pi-hole, you'd want to make sure that your DHCP servers IP ranges do not overlap, and you may want to use static leases / DHCP lease reservation for all of its intended clients.

tiritibambix · September 6, 2022, 4:28pm

This:

My pihole, and I did disable DHCP on my ISP modem.

I'm going to try this all over again and powercycle everything in my house.

Bucking_Horn · September 6, 2022, 4:30pm

Try to find out about other DHCP servers first.

If clients are using addresses from 192.168.0.0/24, that would strongly suggest another active DHCP server.

Candidates would be your modem, router and switch (if that happens to be a smart/managed one).

DanSchaper · September 6, 2022, 5:04pm

You want the DHCP server to only give out one IP address? (And it's the IP address of the DHCP server?)

tiritibambix · September 6, 2022, 5:12pm

There's a misunderstanding. I just want ONE IP address in my macvlan network. This IP address being the one for Pihole.

DanSchaper · September 6, 2022, 5:14pm

But you've declared the macvlan network to span the whole 192.168.1.0/24 subnet.

Edit:

            "Config": [
                {
                    "Subnet": "192.168.1.0/24",
                    "IPRange": "192.168.1.101/32",
                    "Gateway": "192.168.1.254"
                }

tiritibambix · September 6, 2022, 5:19pm

I'm sorry for how uneducated I am on this subject.

I want an IP range of one IP (/32) starting at 192.168.1.101 resulting in a single IP on the 192.168.1.x subnet