Unable to get other devices to connect to pi-hole

Help Community Help
1

The issue I am facing: : Unable to get other devices to connect to pi-hole

Details about my system: Explained in diagram

What I have changed since installing Pi-hole: : Nothing

image
image1857×422 49.8 KB

My wifi or wired device in showing in pu-hole, all settings explained in the diagram.

image
image1243×868 49.8 KB

2

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

This thread may provide some insight:

3

Your debug token is: https://tricorder.pi-hole.net/E30IGAfl/

4

I have checked the link, configuration looks good. I am not sure why I dont see my wifi connected device in the client list ?

5

I like your setup, there's a lot going on. Your Pi-hole Network screencap shows that Pi-hole on the .30.0/24 subnet sees

  • the router's WAN side on .100 which is supporting the connected devices
  • itself on .24, correctly showing internally as pi.hole
  • the ..mon.. host on .25
  • its own loopback interface
  • the pfSense gateway on .1

From the network diagram it shows that the connected devices are on their own .20.0/24 "LAN" subnet but that they have been configured to use the .30.24 "WAN" Pi-hole address for DNS.

I believe that the connected devices won't be able to reach the Pi-hole directly from the LAN side and that they should be using the router at 192.168.20.1 as their DNS server. The router's WAN side is then using the Pi-hole and can talk with the .30.0/24 subnet which includes the Pi-hole for its DNS.

This would mean that all queries on the Pi-hole appear to come from the router's WAN address on 192.168.30.100 and, as above, that address is indeed present, and I suspect shows as the busiest host, since it contains all the queries of the connected devices on .20.0/24.

Your debug log shows that Pi-hole is working.

6

Please let me know if you think there might be a problem. ?

7

Run from a laptop or PC in your 192.168.20.0/24 subnet, what is the output of:

nslookup pi.hole

And you want to monitor Pi-hole's Query Log for the next two:

nslookup flurry.com

nslookup flurry.com 192.168.30.24

Those last two lookups will trigger two to four DNS requests each.
How do those register in Pi-hole's Query Log?

8

Find the response

image
image490×526 12.8 KB

Something is wrong, suppose it has to resolute locally it should not go to internet even I have created A record in DNS 192.168.30.24(pi.hole)

image
image1217×232 11.4 KB

image
image1245×139 6.76 KB

9

It seems your screenshots do only show one of the nslookups for flurry.com - presumably nslookup flurry.com, as the client IP from the screenshots reads 192.168.30.100 (i.e. your router).

What about the second nslookup?

10

Note : I have created DNS A record for the IP : 192.168.30.100(Which is WAN IP of my wifi router)in my Windows DNS Server(Which is my main Domain controller)
192.168.30.100 = PHANTOMWANIPINTR.technokrazy.com

That why in PI_hole client is showing as PHANTOMWANIPINTR.technokrazy.com router WAN FQDN as client

image
image935×1030 30.6 KB

image
image1212×284 13.7 KB

image
image1214×890 53.7 KB

Your debug token is: https://tricorder.pi-hole.net/qvUgITtj/

11

Devices from your 192.168.20.0/24 subnet are indeed not connected to your Pi-hole's link directly - they are connected to your router.

Yet this does not mean that they wouldn't use Pi-hole.
Your results show that clients from your 192.168.20.0/24 subnet are correctly using Pi-hole for DNS.

They also show that your router at 192.168.20.1 is aggregating all your 192.168.20.0/24 traffic and forwarding it to its 192.168.30.1 gateway as 192.168.30.100.

This is a valid setup, but as your 192.168.20.1 router is NATting traffic, you won't be able to attribute DNS requests from your 192.168.20.0/24 subnet to individual clients. Consequently, you won't be able to apply Pi-hole's client-specific filtering to those.

If this does not match your requirements, you'd have to reconfigure your 192.168.20.1 router to disengage NATting.
It would depend on your router's make and model whether and how it would support that.

12

Yes, you are right( you won't be able to attribute DNS requests from your 192.168.20.0/24 subnet to individual clients. Consequently, you won't be able to apply Pi-hole's client-specific filtering to those.)... how to resolve this issue.. I don't want to use same IP subnet like 192.168.30.X in my router where my PI-Hole resides.. I want to use separate my wifi IP subnet(192.168.20.x) how to see this wifi client in pi-hole as clients ?

Moreover my WAN IP is 192.168.30.100 it comes from my pfsense so I cant use same IP subnet in my router as LAN IP

13

What is the objective of this separation?

If it is just a logical split or numbering scheme, then you could possibly put the router into bridge mode (if it supports it) and use a slightly different netmask and address range. For example your servers on 192.168.30.x and your clients on 192.168.31.x with a /23 subnet mask.

Or if you have enough space in a single /24 for everything, then put them on eg 192.168.30.x and put servers below x=.20 and clients above it.

If the objective is some kind of security segregation, that same segregation is going to isolate them from the Pi-hole. There is undoubtedly a way to deal with that, and set up a way for Pi-hole to be reached from the client subnet, but I don't think a consumer level router, designed for "WAN" and "LAN" broadband, will have the capability to do it.

Another option might be to have the physical server also sit on the client network and arrange for only the Pi-hole VM to be located there. This would allow clients to reach it directly on the client network, but needs careful setup, possibly an additional network adapter and partially breaks the segregation.

1 Like
14

IS there any way I can use port forwarding the client traffic from my router subnet 192.168.20.X to 192.168.30.24(pi-hole)system to use DNS and to show in pi-hole as clients ?

15

I don't think so because port-forwarding would allow you to expose the services running on a .20.x client to a .30.x server. Whereas what you want is the other way around – a service running on your Pi-hole to be exposed to clients directly rather than via the router.

16

This is a networking issue rather than a Pi-hole one.
As mentioned before, any answer to that question is specific to your router.

You'd have to consult your router's documentation and support channels on whether and how to achieve that, potentially for both of your routers.

Putting your 192.168.30.100 (currently also at 192.168.20.1) router in bridge mode (if supported) as suggested by chrislph could work, but then you'd have the clients on the same subnet of your 192.168.30.1 router machine.
Using the suggested enlarged subnet, that latter router's DHCP server would have to support handing out IPs from the 192.168.31.0/24 subnet to clients connecting through your 192.168.30.100 bridge router while handing out 192.168.30.0/24 to others.

Another option leaving your current configuration intact would be to enable EDNS(0) Extended Client Subnet support on your 192.168.20.1/192.168.30.100 router, provided that would support it.

Again, you'd have to consult your router's documentation and support channels for further details.

17

Apologies for late reply !
I am checking with my router vendor to do it some thing..
Really much appreciated and thanks for all suggestions.

Thanks
Dinu

18

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.