Redirecting smart devices to pi-hole

Help Community Help
1

Set-up

Here is my situation:

  • one modem in bridge mode, connected to one router (gl.inet flint) with lan and guest wifi networks;
  • on lan network, laptops and phones;
  • on guest network, smartTV and smart radio;
  • the router is set to use pi-hole for dns on both lan and guest networks.

Expected Behaviour:

All devices, both on lan and guest, should use pi-hole for DNS and get filtered accordingly

Actual Behaviour:

At first, all devices work properly, but only the ones on lan appear in pi-hole, leading me to think that the smarttv and smart radio actually bypass pi-hole with hardcoded dns.

What I did

I used this and this to create rules to redirect all dns requests to the pi.

When i first opened the "firewall - port forwards" of the advanced settings panel (luci), I saw there were already two unnamed rules that forced dns to the router (and the router is set to use pi-hole for both lan and guest). When only those rules are used, we get the "actual behaviour".

I added a rule in line with the first guide. Since offenders are only on the guest network, I added a rule as follows (the last one, unchecked):

Screenshot 2024-02-26 alle 15.12.04
Screenshot 2024-02-26 alle 15.12.041964×1226 247 KB

It occured to me afterwards that the "!192.168.8.101" exception is moot, as the pi is not on the guest network (which is 192.168.9.XX), but it won't hurt.

I also added a NAT rules as follows:

Screenshot 2024-02-26 alle 15.10.41
Screenshot 2024-02-26 alle 15.10.411994×1052 181 KB

After testing, having the NAT rule or not seems to have an impact. However, activating the third port forward rule (instead of the second) breaks the connection: the radio won't start, and the TV mostly won't work. However, the TV gets picked up by the pi (the radio does not appear at all).

I also get a lot of those requests:

Screenshot 2024-02-26 alle 15.27.21
Screenshot 2024-02-26 alle 15.27.211976×1342 389 KB

First of all, there is one thing I am unsure about: in that third port forward rule, it is right to put "forward to lan" with the pi's address, right?

Secondly, well... how come everything breaks? I mean, I have a blocklist for the smarttv, so that might break things, but disabling it is not fixing the radio, so that doesn't seem like the problem -- while deactivating rule 3 and activating rule 2 fixes the radio instantly. Any ideas?

Thanks a lot!

PS: I come to realise this is more of a router issue and less of a pi-hole issue, but I have seen similar situations addressed in other posts of this forum, and I feel the answer might be useful to others too

2

This is a networking/firewall configuration issue, specific to a certain router model.

You should also consider your router's support and documentation channels (https://forum.gl-inet.com), as well as forums specialising in firewall configurations.

EDIT: If it's based on openWRT, visit their forum as well, e.g. Block and Redirect DNS to PiHole - Installing and Using OpenWrt - OpenWrt Forum.

3

That's very true, hence my "ps".

However, unless I am mistaken, GL.iNet routers are based on OpenWrt, so it's hopefully quite widespread and, based on other posts, people seem to have a good knowledge of this system on this forum.

4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.