I have a LAN with a segment on 192.168.1 / 24 with gateway 192.168.1.1 and pihole 192.168.1.9
All machines (about 15) are on this segment and most have static IP addresses.
One machine (an old laptop) is serving as a test-bed for LXC containers and this has an internal virtual bridge to a different address range (10.0.3.x), though the laptop itself has a IP of 192.168.1.221. A container on this laptop has address 10.0.3.169 and it is running as a webserver / database server, etc.
I have added a static route on pihole using ip add route 10.0.3.169 via 192.168.1.221 which allows pihole to reach the container. I have similarly added this static route to my NGINX reverse proxy server thus making the container's servers accessible to the web (with appropriate NGINX server blocks and port forwarding on the gateway). This all works fine.
My question: can pihole be configured to push this information out to all machines on the LAN, especially those on static leases? I would prefer not to have to add routes / edit host files on every machine.
Thanks.
Thanks. I thought that might be the case. My router is the ISP basic one and does not support static routing with its factory software. It's not a major problem, but it would be a nice-to-have feature to fix this problem with Pi-hole.
I guess what I would like to see is the Local DNS Records having an option for:
container.example.com 10.0.3.169 via 192.168.1.221
But this would involve Pi-hole listening for packets with 10.0.3.169 and then echoing them back onto the network with the destination re-written as 192.168.1.221; however this would at least double the traffic for packets intended for the container. Does this kind of NAT software exist for Pi?
Pi-hole is a DNS filter - it is not involved in routing at all.
Besides, as a DNS filter, it only ever sees DNS traffic.
You probably could turn your Pi-hole host machine into a router and force ALL network traffic through it, but that clearly is out of Pi-hole's scope (and it would seem vastly overdone for enforcing a single static route).
Also, if you would be able to switch your DHCP server from your router to Pi-hole (if your router supports it), you may be able to push a static route to your DHCP clients via DHCP, which should have your clients manipulate their respective client-side routing tables accordingly.
While that sounds easy enough at first glance, you should note that different OSs may honor that setting differently or even ignore it, resuling in different client behaviour.
Static routing is best applied at the router level.
But in your case, couldn't your clients just use the IP of your old laptop (192.168.1.221), and your laptop then routes traffic to the respective VM?
The router is not serving DHCP, Pi-hole is - but most clients are static IPs. I assumed they would not be getting leases because of the static addressing and therefore it was impossible to push routes this way. It seems I may be wrong.
What command do I run to push the route 10.0.3.169 via 192.168.1.221 ?
That is correct if each static IP would be configured on-device directly.
If you have configured fixed IP addresses via Pi-hole's DHCP server UI, then clients would receive that IP when requesting a DHCP lease through Pi-hole. For DHCP clients, it would be possible to push static routes.
But before you venture forth in that direction:
What is keeping you from trying out to just using your Laptop's regular IP, and let your laptop handle which traffic is going to which VM? It's what your laptop must provide anyway.
That would seem like the more obvious approach for your setup.
How do I do this from machine 192.168.1.2 which has no specific static route added?
If I enter 10.0.3.169 into my favourite tty software, it will not find a route to host because the address is on a different segment.
If I enter 192.168.1.221 I will end up logging into the debian 'server' that is the laptop host, not the container which it has internally bridged to 10.0.3.169.
What I want to enter is something like:
10.0.3.169 via 192.168.1.221
but this is obviously invalid.
I can achieve this by adding a static route to the hosts file on the Windows machine 192.168.1.2 as I have done with the NGINX reverse proxy, but the whole point of this exercise is not to have to do this to every machine.
How do I configure the laptop 192.168.1.221 to route requests like this (without using port mapping)?
Sorry for all the questions. I usually deal with quantum computers and they seem simple by comparison.
Just pick an alternate dedicated remote_port specific for your target VM.
You'd need to instruct your laptop OS and/or VM management tool to forward that remote_port to port 22/ssh of your target VM.
From a client, you'd then be able to connect to your VM, e.g. by running
ssh <username>@192.168.1.221 -p <remote_port>
As far as other ports are concerned, picking alternate ports may not be required, e.g. if the only web server on that laptop would be running in just one VM, you could still use port 80/HTTP. Only if another HTTP server on the same machine would enter the picture, you'd have to use a different port (e.g. 81) for that additional web server.
Note that these questions are not related to Pi-hole.
You may want to consider other forums specialising in VMs/networking as well to find better and/or more appropriate advice.
