Problems with apt-get update, apt-get upgrade and Plex library

Hi everyone
I have a problem with pi-hole.

P-Hole is installed on OpenMediavault (7.0-29, Sandworm), (Docker composed).

When Pi-Hole is active (by changing the DNS server on Route with that of Pi-Hole) I can't update OpenMediavault and its plugins.
Also I can't update Plex metadata. If I disabled pihole everything works.
Everything else works perfectly (the whole network is protected).

I can't understand what I'm wrong.
Can you help me?

Thank you very much

Can anyone help me?

All the traffic of OpenMediavault and other installed containers are blocked by Pi-Hole. Which settings should I change on the container configuration file (or on settings)?

Sorry but I can't use Pi-Hole with these problems.

Thanks in advance.

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

In addition to the Debug Token, please also post your compose file.

Hi guys,
Thanks in advance for your support.

Here my debug token:
https://tricorder.pi-hole.net/c2xvuBOT/

Here my compose file:

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pihole
    networks:
      pih_network:
        ipv4_address: 192.168.0.100   #**Change, use pihole address
    environment:
      TZ: 'Europe/Rome'     #**Change to your timezone
      WEBPASSWORD: 'XXXXXXXXXXXXXXXXX'   #**Password for pihole, used on container creation.
    #dns:              #**Inizio aggiunta per risoluzione DNS
      #- 127.0.0.1     #**Fine aggiunta per risoluzione DNS
    ports:
      - "443:443/tcp"
      - "53:53/tcp"
#- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "53:53/udp"
      - "80:80/tcp"
    restart: "unless-stopped"
    volumes:
      - "/Data/pihole/etc/pihole:/etc/pihole"
      - "/Data/pihole/etc/dnsmasq.d:/etc/dnsmasq.d"
#cap_add:
#- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
networks:
  pih_network:
    driver: macvlan
    driver_opts:
      parent: end0 #**Change this to your interface
    ipam:
      config:
        - subnet: 192.168.0.0/24     #**Your network subnet
          gateway: 192.168.0.1       #**Your network gateway
          ip_range: 192.168.0.0/25  #**ip for pihole container

What's the result of the following commands:

nslookup pi.hole 192.168.0.100

nslookup raw.githubusercontent.com 192.168.0.100

Thanks firnthe reply,

in both cases:

nslookup pi.hole 192.168.0.100
pi@shield:~ $ nslookup pi.hole 192.168.0.100
;; communications error to 192.168.0.100#53: timed out
;; communications error to 192.168.0.100#53: timed out
;; communications error to 192.168.0.100#53: timed out
;; no servers could be reached

pi@shield:~ $ nslookup raw.githubusercontent.com 192.168.0.100
;; communications error to 192.168.0.100#53: timed out
;; communications error to 192.168.0.100#53: timed out
;; communications error to 192.168.0.100#53: timed out
;; no servers could be reached

but at the moment pihole is not the dns server, because the updates would not work

Where are you running these commands?

On the host (OpenMediavault server) or on another machine in your network?

I connect via putty. currently the DNS server is the router

You didn't confirm (or deny), but will I assume you are connecting to the host (OpenMediavault server).

If that's the case, your issue is probably related to your macvlan network.

Macvlan networks are not able to directly communicate with the host OS.
This isolation is by design, but you can use a "shim" network interface to allow this communication.

Note:

I noticed you are creating your macvlan network directly in the compose file.

You can use a different approach:

• first create the network using docker network create -d macvlan <options> command;
• add persistence for these settings.
• then you can use it on the compose file as external network.

This way, you only create the network once and the network will be available when you restart your machine.

HI
I apologize for my late answer.

I tried to follow the links, but I do not succeed (I will try again!), It is recently that I approached these things, so it takes time: (

A question, is it possible to use another method to be able to get to the same result?
Eg: Another Docker setting composed?

Thank you for your help

As this seems OMV/Docker/network related, you may want to also consult OMV's support, e.g. see their How to Create a VLAN (Pi-hole, Adguard, ...)

Before you try to apply that advice, I'd be curious:

Does pinging that IP produce similar output?

ping 192.168.0.100

None that I'm aware.

Hi and thanks
These are the results
Ping to OpenMediavault (192.168.0.10) --> Okay
Ping to Pi-Hole (192.168.0.100) --> don't work

Screenshot 2024-03-06 201422701×610 32 KB

As I said before, communication between the host and container using a macvlan network is not possible, but using the network "shim" will allow this communication.

1 . You need to create your macvlan.

Use the command below to create the macvlan:

docker network create -d macvlan \
    --subnet=192.168.0.0/24 \
    --gateway=192.168.0.1 \
    --ip-range 192.168.0.0/25 \
    -o parent=eth0 \
    --aux-address="myserver=192.168.0.126" \
    macvlan0

Make sure you add an auxiliary address to your macvlan config.

2. Use this network in your compose file

To create your container, just use the macvlan0 in your compose file, as external network:

networks:
  macvlan0:
    external: true

Now, your container works, but there is no docker to host communication (and vice-versa).

3. Allow docker to host communication

Create a "shim" network to allow the communication:

# Some tutorials recommend this step. I'm not sure if this is needed for everyone, but here it is anyway. 
sudo ip link set eth0 promisc on 

# This will create a virtual link called "macvlan-shim" (you can use a different name)
sudo ip link add macvlan-shim link eth0 type macvlan mode bridge 

# Assign an IP and range to the new network link.
# IMPORTANT: use the same value used for "aux-address".
sudo ip addr add 192.168.0.126/25 dev macvlan-shim   

# Bring your new interface up
sudo ip link set macvlan-shim up

At this point your container and host will be allowed to communicate, but this will be lost on every boot.

You can read on the articles I linked above, how to persist these settings.

That looks just as what OMV's own documentation suggests:

EDIT:
Note that those steps would only be required if you want same host DNS requests to reach your Pi-hole.

They are not blocked by Pi-hole, but VLAN isolation prevents any traffic to be routed to your container (as demonstrated by your failing nslookups and pings).

If your containers do not need their DNS traffic to be filtered by Pi-hole, you could also consider to configure OMV's OS to not use Pi-hole for DNS.
That would also avoid potential issues with OMV's own DNS requests, e.g. after a reboot, when Docker would not yet have started, but OMV would already try to resolve domains.

Note that Pi-hole does not touch its host machine's DNS configuration.
It's even beneficial to use an alternate (public) DNS server, as that would allow the host OS to resolve DNS if Pi-hole woud be inoperational (e.g. for OS updates and Pi-hole's repair scripts).

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.