pi-hole should report all ips requesting from dns
only 192.168.1.0 network devices are being displayed in the 'network overview' when it shows in the dashboard mutiple devices from the 192.168.20.o (IoT network)
https://tricorder.pi-hole.net/nu082evlvw
Any help would be appreciated as I have no idea why this is happening. Much appreciated!
@danktankk This may be "normal" behaviour for the Network Overview tab.
FWIW, I see the same issue with my UniFi network for devices NOT on the same VLAN as the Pi-hole. Yet, with the appropriate LAN_IN FW rules set none of the clients on the other VLANs are having any issues using the Pi-hole.
On the other hand, these clients do show up in the Query Log by their IP address.
I have nothing set up in the FW for my USG currently and dont seem to be having any issues at all. Is there any firewall settings that might fix this?
In the dashboard when I mouse over "clients (over time)," Pihole does see the networks, it just, for whatever reason, does not display them properly/at all in the network overview. Very odd to me.
Thank you for the reply!
Not that I'm aware of ... at least not yet. Like you, Pi-hole is working for each of my VLANs. I can live with these VLAN clients not showing up on the Network tab for now.
We implemented the network tab without any active investigation into your network to keep complexity and added traffic low. Pi-hole will still list all clients it knows from the received queries, however, there is no way to extract their MAC addresses* when they are not physically on the same wire. With this, I mean that they can communicate directly. This isn't the case for clients in your VLANs as all packets go through a gateway (e.g. your router) and direct communication between the devices is not possible.
We interact with the kernel's neighbor cache to get the information for the network table. You can read the content of this cache using
ip neigh show
on your Pi-hole. If you manage to inject your other VLAN's devices in there (I don't think it is possible), Pi-hole would import them as well.
*) The MAC address is the unique identifier for the network table.
Ok,
Well at least I know that it isnt something that I did wrong somewhere. It would be nice to physically see all networks using pihole, but not a deal breaker obviously as it still works for everything except for the guest network for unifi.
The guest network doesnt play nice with pihole or anything else sitting outside of its network.
Thank you.
As you know UniFi identifies the Guest network differently than Corporate ones, which include a number of specific FW rules. I'm a bit surprised that you didn't need to create LAN_IN rules for your other VLANs to access the Pi-hole. I had to on my network as my Pi-hole was on the untagged VLAN 0.
I didn't need to create a rule for the Guest network as it already has a rule to allow DNS requests to VLAN 0.
I could not even connect to the guest network when I had it set to use pihole, muchless browse. Obviously my FW has the same predefined rule that yours does. I did verify that as well.
I do have mDNS enabled, maybe that is why i didnt have to do anything regarding the other networks just "working" without the need to add any additional FW rules.
This is also enabled on LAN IN... Might be from mDNS - I dont know for sure.
Regarding the guest network, did you assign the pihole IP in 'pre-authorization access' by chance? I tried that as well, also with no luck. In the guest network, I pointed the guest network to the pihole ip. No love there either. lol
How exactly do you have your guest network setup with pihole so that I might use that to get it working here.
Thanks for the help as well!
Yes, I believe those additional rules are created by the Controller when you enabled mDNS. One quick check would be to disable it and see if these rules are removed. FWIW, mDNS is enabled on my UniFi network.
Yes, I added the IP address of my Pi-hole.
My guest network is pretty simple as I'm just using it for guests on my home network and only have it enabled when required. In addition, I eventually removed using the Pi-hole for this network as I didn't really see a need for it and just used the CloudFlare servers. Regardless, as configured, my guest network used a simple portal where a guest would need to enter a password after agreeing to the terms of use. If they connected by wireless, they were provided with a password-free Wi-Fi connection which then led them to the portal sign-in. Nothing really special. They basically only have limited (throttled) Internet access, no access to the other VLANs. I also enabled some DPI categories for the Guest network to block certain kinds of traffic, i.e, Database, Games, P2P, Private Protocol, Remote Access Terminals, & Bypass Proxies and Tunnels.
So when you did use pihole for the guest network, all you did was add the pihole IP to ‘pre-authorization access’
and then the pihole IP in the network settings?
Did you do anything else as far as pihole is concerned? Doing this did not work for me for some reason. Maybe the post-auth restrictions kill it. Not sure.
Yes, those were pretty much my settings. You can certainly try removing the IP address range which your Pi-hole is on from the Post-Authorizations Restrictions as well, but I didn't need to. Worth a try.
Thank you @Tesserax,
Ill give it a shot to see if this could be a temporary solution.
If anyone else might also know how to get the guest network set up to utilize pihole while still keeping it as locked down as possible, please let me know.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
