Unknown clients making requests

Expected Behaviour:

To only see my connected devices in the clients UI in the Pihole admin page.

Actual Behaviour:

I’m seeing not only mine but foreign IPs making requests, I have only 1 pc using Pihole so usually it just shows 2-3 clients ( my pc, the pi, localhost ). But when I checked a few moments ago I saw 6 ( 2 unknown ips and 1 website like url )

Debug Token:

Debug log removed for privacy reasons*


[✓] ** FINISHED DEBUGGING! **

Looks like you have your Pi-hole / DNS server open to the internet and you are being used in an amplification attack.

Do not open your port 53 to be accessible by the internet, this will cause many issues.

My router is at default settings, didn’t think any ports would be open as is.

Should I config this in pihole? or just shut the ports manually in my router

Go to GRC Shields Up and scan your router ports to see which are open. Then close them all.

https://www.grc.com/x/ne.dll?bh0bkyd2

Thank you, I’ll get right on that

Ok so I did some testing.
Pihole disabled:
All ports on stealth / closed no vulnerabilities
Pihole enabled:
Port 80 and 53 are wide open ( as well as a port I specified for my raspberry pi ssh )

So my question is, where is the Pihole config file to set the ports to only be accessible locally?
I found this among my searches:
“If you’re only running pihole locally, you can reconfigure pihole to listen locally rather than externally.”
src: https://www.reddit.com/r/pihole/comments/5q4x5g/why_am_i_seeing_random_clients_not_in_my_ip_range/

How is your Pi located on your network? Like all the other clients, behind the router (i.e. connected to the router on the LAN side of the router)? Not in a DMZ?

Yes, a simple LAN connection, DMZ is definitely disabled as well as all other port opening / forwarding.

They are all closed until I turn the pi ( with pihole ) on, I previously had it running on WlAN but decided it would be better on LAN. Only noticed the new clients about an hour after switching to LAN

If there are no ports open on the router and the Pi is behind the router, then no Pi ports should be open to the internet.

When you enable and disable Pi-Hole, are you disconnecting it from the LAN network or toggling the setting in the web admin GUI?

Please send us the token generated by

pihole -d

or do it through the Web interface:

Shutting down the Pi entirely, I’ll test it with disabling Pihole through the CLI for some extra info

Should I post the logs from pihole -d here? or do you want me to get them to you in a different way?

Edit: With the command “pihole disable” and checking ports once more the problem persists, port 53 and 80 are still open… Perhaps its not a pihole thing but rather the pi itself…?
Edit: Still want the debug info?

I found the problem… turns out your hunch was right, I had enabled and disabled DMZ on the pi’s ip while testing a few things but it seems like the disable didn’t save for some reason, a double check proved to be a life saver.

Thanks for the time! cheers, and whew… what a relief!!

Good that it’s fixed. When Pi-Hole installs, ports 53 and 80 are opened so the LAN clients can connect to Pi-Hole. When the Pi ends up on a DMZ, these ports are open to both your LAN and the entire internet.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.