Resolve network IP addresses with docker

Help docker
,
1

My raspberry pi died so I am now installing from scratch on macOS with Docker Desktop.

I tried using the example docker compose file with network_mode: host but even after setting the FTLCONF_LOCAL_IPV4 to my macOS IP address I still cannot access the web interface.

If I try the docker default network and expose the TCP+UDP ports I am able to access the web interface and resolve DNS via the container, but the clients IP addresses are all on the docker network gateway, so I don't have visibility of the different clients connecting on my DNS (I have extra block lists for the devices that my kids use).

Could someone please point me in the right direction?

services:
  pihole:
    container_name: pihole
    hostname: pihole
    image: pihole/pihole:2024.07.0
    # network_mode: host
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 5380:5380/tcp
    environment:
      TZ: Pacific/Auckland
      WEBPASSWORD: 'password'
      FTLCONF_LOCAL_IPV4: 192.168.1.200
      VIRTUAL_HOST: pihole
      PIHOLE_DNS_: '1.1.1.1#53;8.8.8.8#53'
      WEB_PORT: 5380
      # # https://discourse.pi-hole.net/t/conditional-forwarding-not-providing-client-names-in-docker/64399/3
      # Still not resolving anything
      # REV_SERVER: true
      # REV_SERVER_TARGET: 192.168.1.1 
      # REV_SERVER_CIDR: 192.168.1.0/24
    volumes:
      - pihole-etc:/etc/pihole/
      - pihole-dsmasq:/etc/dnsmasq.d/
      # changing lighttpd conf to expose port 5380 instead of 80 so it doesn't conflict with traefik
      - ./portchange.conf:/etc/lighttpd/conf-enabled/20-portchange.conf
    cap_add:
      - NET_ADMIN
      - CAP_NET_BIND_SERVICE
      - CAP_NET_ADMIN
      - CAP_NET_RAW
      - CAP_CHOWN
    restart: unless-stopped

volumes:
  pihole-etc:
  pihole-dsmasq:


 ✗ docker version
Client:
 Version:           27.4.0
 API version:       1.47
 Go version:        go1.22.10
 Git commit:        bde2b89
 Built:             Sat Dec  7 10:35:43 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.37.2 (179585)
 Engine:
  Version:          27.4.0
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.10
  Git commit:       92a8393
  Built:            Sat Dec  7 10:38:33 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.7.21
  GitCommit:        472731909fa34bd7bc9c087e4c27943f9835f111
 runc:
  Version:          1.1.13
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
2

I'm not sure if this is still the case, but I remember Docker Desktop couldn't use host and macvlan network modes.

Let's start simplifying your compose file:

When you use the default network (bridge), you can simplify that using 5380:80 and removing the WEB_PORT variable and also removing the lighttpd volume, like that:

    ports:
      - 53:53/tcp
      - 53:53/udp
      - 5380:80/tcp

You also don't need to include port 53 (#53) for these servers. This is the default port.

3

Bridge mode, from what I can tell, causes all requests to show up in the log as coming from the pihole itself. In order to see the actual requesting IP (and therefore resolve to LAN device name), we have to use macvlan/host. But, for the life of me I've been unable to get macvlan + v6 to work.

4

No, it would show them to originate form Docker's internal gateway IP, as Docker may NAT traffic. However, that seems to be true only for specific Docker Desktop versions, in particular when running on Windows or MacOS.

5

This is a docker configuration and Pi-hole is not aware of what network mode you are using.

Macvlan should work in v6, just like v5.

How are you trying to use macvlan?
Did you create the macvlan before starting the container and are using it as external network? Or are you creating the network directly in the compose file?

7

Replied over here.