I replaced my old raspberry and thought it might be an good idea to do the new implementation in a docker / Portainer environment. Just not as easy as I thought.
I did the installation with adjusted yaml files and i did it manually in Portainer. The installation worked every time fine. I can do a nslookup from my computer to the raspberry and pihole is doing its thing just fine. Wenn I do a nslookup on the raspberry the situation looks different. Just no connection to pihole. If i switch my router to the raspberry as the new DNS, Portainer goes haywire since it as no internet connection.
I tried quite a lot to make it work. Different ports, macvlan, bridge mode nothing seems works.
I used these IP's for the macvlan
By luck i stumbled over a forums entry (unrelated to my issue) where somebody combined the port 53 directly with the host IP.
I did that as well and it works now (in bridge mode). Heureka. I just don't understand why?
It seems to me very bodged. Just hope there is a proper way to implement it?
I would like to add unbound as well but I am not sure how to do it, since I had to perform a headstand to make it work for me.
What is here the right way to get that mess cleaned up and add unbound to the mix?
Is macvlan or bridge mode the right way to go?
Apparently I am too new to that whole docker game.
Hope somebody can help me out.
Thanks in advance.
There is no right or wrong.
Pi-hole runs using bridge, host or macvlan network modes.
This is just an user choice.
How did you created your macvlan? Compose file or in a separate step?
You don't need to publish ports using macvlan. The container will use the default ports (53, 80, 67).
Also, by design macvlan doesn't allow direct communication between the host and containers, but this can be easily fixed creating a "macvlan-shim network" to allow the communication.
Actually, Portainer just shows what docker is doing with the ports.
Ports are never changed when using macvlan.
Docker will always use the container's default ports (then Portainer sees only the default ports and shows nothing).
In Pi-hole's case, these will be the exposed ports:
I managed to get it to work. At least the macvlan-shim part with ipv4 addresses.
Pihole is working without bodging IP addresses and ports together.
Now somehow I have to add unbound and maybe afterwards I like to add ipv6 as well.
Will see. I have a lot to learn I noticed.
Thanks again.
EDIT:
Unfortunately now my wireguard did stop listening to to the other container. The connection to the host is there, just everything else after it is not reachable. Bummer. Back to he drawing board.