hi guys,
omlouvam se za anglictinu ale nez bych se vymacknul cesky...
I run Fedora 40 on Raspberry Pi 4 with Docker(not Podman). I'd like to use Pihole as my DHCP and DNS.
I deploy with Docker compose. As per suggestion I use network_mode host instead of port expose. None of the ports binded to Pihole are opened outside of raspberry pi.
Let's focus on a basic example with webgui:
honza@silverhead-pi:-# ss -tlnp | grep 80
LISTEN 0 1024 192.168.1.4:80 0.0.0.0:*
LISTEN 0 1024 127.0.0.1:80 0.0.0.0:*
LISTEN 0 1024 [::]:80 [::]:*
honza@silverhead-pi:nmap -p 80 192.168.1.4
PORT STATE SERVICE 80/tcp open http
nmap from another device:
nmap -Pn -p 80 192.168.1.4
PORT STATE SERVICE 80/tcp closed http
Please note:
1) Connection to an independent Cockpit service port tcp/9090 from another device via network works like a charm.
2) Connection to port tcp/80 from another device via network works if I use default docker networking and port publish - aka it's not router firewall problem.
Here is my docker compose file:
name: pihole
services:
pihole:
container_name: pihole
hostname: pihole
image: pihole/pihole:latest
network_mode: host
environment:
TZ: 'Europe/Stockholm'
WEBPASSWORD: 'kaBziz-foskik-5raste'
DNS1: '1.1.1.1'
DNS2: '1.0.0.1'
WEB_BIND_ADDR: '192.168.1.4'
cap_add:
NET_ADMIN
restart: unless-stopped
I doublechecked:
1) iptables and ip6tables input chain is in mode ACCEPT. I added a specific rule for tcp/80 on 192.168.1.4 - I see incoming requests
2) I dissabled selinux enforce just to make sure
3) there is zero activity in lighttpd logs in container - I checked /var/log/lighttpd/*
4) I can see incoming packets with manually installed tshark on port 80 inside the container
5) lighttpd forward configuration contains 192.168.1.4 IP
6) IPv6 behaves in similar way
expected result: access to webgui of pihole
What am I missing? it has to be something simple stupid
thank you
3 Odpovědí
980 Zhlédnutí