Fórum Root.cz

Hlavní témata => Server => Téma založeno: SilverHead 03. 10. 2024, 19:38:13

Název: Pihole in Docker container with network_mode
Přispěvatel: SilverHead 03. 10. 2024, 19:38:13

hi guys,
omlouvam se za anglictinu ale nez bych se vymacknul cesky...


I run Fedora 40 on Raspberry Pi 4 with Docker(not Podman). I'd like to use Pihole as my DHCP and DNS.

I deploy with Docker compose. As per suggestion I use network_mode host instead of port expose. None of the ports binded to Pihole are opened outside of raspberry pi.

Let's focus on a basic example with webgui:

honza@silverhead-pi:-# ss -tlnp | grep 80

LISTEN 0 1024 192.168.1.4:80 0.0.0.0:*
LISTEN 0 1024 127.0.0.1:80 0.0.0.0:*
LISTEN 0 1024 [::]:80 [::]:*

honza@silverhead-pi:nmap -p 80 192.168.1.4
PORT STATE SERVICE 80/tcp open http

nmap from another device:

nmap -Pn -p 80 192.168.1.4
PORT STATE SERVICE 80/tcp closed http

Please note:
1) Connection to an independent Cockpit service port tcp/9090 from another device via network works like a charm.
2) Connection to port tcp/80 from another device via network works if I use default docker networking and port publish - aka it's not router firewall problem.


Here is my docker compose file:

name: pihole

services:

  pihole:

container_name: pihole

hostname: pihole

image: pihole/pihole:latest

network_mode: host

environment:

TZ: 'Europe/Stockholm'

WEBPASSWORD: 'kaBziz-foskik-5raste'

DNS1: '1.1.1.1'

DNS2: '1.0.0.1'

WEB_BIND_ADDR: '192.168.1.4'

cap_add:
NET_ADMIN
restart: unless-stopped

I doublechecked:

1) iptables and ip6tables input chain is in mode ACCEPT. I added a specific rule for tcp/80 on 192.168.1.4 - I see incoming requests
2) I dissabled selinux enforce just to make sure
3) there is zero activity in lighttpd logs in container - I checked /var/log/lighttpd/*
4) I can see incoming packets with manually installed tshark on port 80 inside the container
5) lighttpd forward configuration contains 192.168.1.4 IP
6) IPv6 behaves in similar way

expected result: access to webgui of pihole
What am I missing? it has to be something simple stupid :'( :-X

thank you

Název: Re:Pihole in docker container with network_mode host doesn't work
Přispěvatel: congo 03. 10. 2024, 20:38:48

odhliadnuc od ineho :
"As per suggestion"
koho suggestion ?

Název: Re:Pihole in docker container with network_mode host doesn't work
Přispěvatel: SilverHead 03. 10. 2024, 20:45:01

https://github.com/pi-hole/docker-pi-hole/tree/master
section Quick start states:
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"

Název: Re:Pihole in Docker container with network_mode
Přispěvatel: SilverHead 04. 10. 2024, 18:15:02

solution: https://www.reddit.com/r/pihole/comments/1fvdicu/pihole_in_docker_container_with_network_mode_host/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button