ryecoaaron Thank you very much for testing. I´ll start from the scratch at the weekend and will see if it will work here, too.
Beiträge von toppi
-
-
Hi,
have you had the opportunity to take a look?
-
The server has been installed yesterday from scratch.
All plugins are the newest versions.
-
Hi,
I´ve created a LXC-Container and during setup I added a bridge interface with a static MAC-Address:
Code
Alles anzeigen<domain type='lxc' id='254103'> <name>pihole</name> <uuid>3f3f9160-1025-4572-b5ac-8bc223c1e383</uuid> <memory unit='KiB'>1048576</memory> <currentMemory unit='KiB'>1048576</currentMemory> <vcpu placement='static'>1</vcpu> <resource> <partition>/machine</partition> </resource> <os> <type arch='x86_64'>exe</type> <init>/sbin/init</init> </os> <features> <privnet/> </features> <cpu> <topology sockets='1' dies='1' cores='1' threads='1'/> </cpu> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/lib/libvirt/libvirt_lxc</emulator> <filesystem type='mount' accessmode='mapped'> <source dir='/SSD1/pool/lxc/pihole'/> <target dir='/'/> </filesystem> <interface type='bridge'> <mac address='00:16:3e:8f:2d:a9'/> <source bridge='br0'/> <target dev='vnet7'/> <guest dev='eth0'/> </interface> <console type='pty' tty='/dev/pts/4'> <source path='/dev/pts/4'/> <target type='lxc' port='0'/> <alias name='console0'/> </console> </devices> </domain>But after each reboot, the MAC-Address changes but the right one is still in the .xml of the container^^
Code
Alles anzeigenroot@LXCNAME:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 55: eth0@if56: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether ba:0d:a8:ea:d1:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.1.39/24 metric 1024 brd 192.168.1.255 scope global dynamic eth0 valid_lft 86397sec preferred_lft 86397sec inet6 fe80::b80d:a8ff:feea:d1b1/64 scope link valid_lft forever preferred_lft foreverAM I doing something wrong?
-
Hey!
Thank you. I´ve set it up in the lxc way now which works like a charm and was done in 5 Minutes. Additionally it gives me an IPv6 adress
However...I think something is wrong with my OMV. If I connect through my Unify Router using the wireguard plugin I can reach every ressource in my network except OMV.
Since yesterday I get DUP!´s when I ping my OMV from other machines. I have investigated so many hours but I can not see whtas wrong.
I´m also considrering moving to Proxmox and virtualise OMV there.
-
Hi,
I was able to find out the reason, but I still don't understand why this is happening:
If I start a VM in KVM plugin also using br0 as network interface, I can't no longer access a docker container using macvlan which also uses br0.
If I stop the KVM VM I can immediately access the pihole docker container.
Any hints?
-
I´m completly out of ideas. I tried another container (adguard) with the same result. Outbound traffic ist working, ingress not.
I don´t think that it is related to my network, because it does not work on OMV itself.
Can someone see any errors here:
Coderoot@intrepid:~# ip route get 192.168.178.252 192.168.178.252 dev br0 src 192.168.178.2 uid 0 cacheCoderoot@intrepid:~# traceroute 192.168.178.252 traceroute to 192.168.178.252 (192.168.178.252), 30 hops max, 60 byte packets 1 intrepid.home.lan (192.168.178.2) 3052.725 ms !H 3052.691 ms !H 3052.683 ms !HDoesn´t it take much too long?
Coderoot@intrepid:~# arp Address HWtype HWaddress Flags Mask Iface unifi.home.lan ether 76:ac:b9:5f:23:36 C br0 192.168.178.252 (unvollständig) br0 192.168.178.81 ether cc:5e:f8:15:0f:3d C br0Might this be the problem? Missing ARP entry?
Code
Alles anzeigen[ { "Name": "dockernet", "Id": "f8d45da46f86fa6924d1f98698a688f5f3e4bcd0c21b3115823c4314f68544b5", "Created": "2024-04-17T15:50:35.38669868+02:00", "Scope": "local", "Driver": "macvlan", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.178.0/24", "IPRange": "192.168.178.248/29", "Gateway": "192.168.178.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "543beaf502ea7144142d7dd69bef54f9f3063735f5d9cfa36ce4d8518fc0e1aa": { "Name": "pihole", "EndpointID": "2f9d4f84dee283813b692fb15ed4d3a9f997e874e07b63fa30d76eeb07d525ef", "MacAddress": "02:42:c0:a8:b2:fc", "IPv4Address": "192.168.178.252/24", "IPv6Address": "" } }, "Options": { "parent": "br0" }, "Labels": {} } ]Is it correct, that ingress is "false"?
-
sorry if is not relevant, but you can't access to a macvlan from other bridge network, you can access from a pc on the same lan, but not ressolve by swag for example, because swag is on bridge mode and pihole on macvlan.
I'm trying to access from other pc's in the same network. One Linux notebook and a Windows pc.
-
However, I have not yet received an answer to one question. Do other dockers work? If so, this may also be a specific Docker problem. If no, then the search continues in the VLAN.
I only use pihole with macvlan. All my other docker containers without macvlan are running fine.
-
But when I created the macvlan in my default lan, nothing from unifi comes in place to prevent network access.
So my OMV has the IP 192.168.178.2 and I created the macvlan in that network. Pihole had 192.168.178.252 and it worked for ages....
-
Yes. It's a Unifi switch. And again, I can reach any network from the container. But I can not access the container.
Code
Alles anzeigenroot@intrepid:~# docker exec -it pihole bash root@pihole:/# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 83: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:0a:fc brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.10.252/24 brd 192.168.10.255 scope global eth0 valid_lft forever preferred_lft forever inet6 2a02:8071:6090:5a60:42:c0ff:fea8:afc/64 scope global dynamic mngtmpaddr valid_lft 78245sec preferred_lft 35045sec inet6 fe80::42:c0ff:fea8:afc/64 scope link valid_lft forever preferred_lft forever root@pihole:/# ping heise.de PING heise.de(redirector.heise.de (2a02:2e0:3fe:1001:302::)) 56 data bytes 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): icmp_seq=1 ttl=55 time=22.9 ms 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): icmp_seq=2 ttl=55 time=25.9 ms 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): icmp_seq=3 ttl=55 time=25.5 ms -
Exact the same problem.
I've created the new vlan, created the macvlan for it in OMV and assigned it to the pihole container. Same behavior.
I`m using a bridge in OMV to allow a Windows VM to access the localhost. Perhaps something has changed there?
-
I'll give it a try now
-
I will give it a try. But then I would need additional FW-rules in the Unfi FW to allow communication, right?
-
Thank you so much!
But the docker network is in my default lan. I have no special vlan for my docker containers.
-
Strange.
I have now created the macvlan manually and referred to it in the pihole yaml. Container comes up, correct IP assigned but again, I can't access pihole or even ping it. But no problem to ping the e.g. the host IP from the container.
-
Hi Berti,
currently trying to create the macvlan manually. No. I have a Unifi Dream Machine PRO. And the setup worked until a week or so.
-
Hi,
since a few days I have a strange problem with my pihole configuration. It worked without any issues, but now I can't access pihole anymore.
It starts without problems and gets the correct IP (192.168.178.252) assigned, but no external access is possible, but I can ping any address from within the container:
Code
Alles anzeigenroot@intrepid:~# docker exec -it pihole bash root@pihole:/# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 63: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:b2:fc brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.178.252/24 brd 192.168.178.255 scope global eth0 valid_lft forever preferred_lft forever inet6 2a02:8071:6090:5a60:42:c0ff:fea8:b2fc/64 scope global dynamic mngtmpaddr valid_lft 83763sec preferred_lft 40563sec inet6 fe80::42:c0ff:fea8:b2fc/64 scope link valid_lft forever preferred_lft foreverAnd here is my yaml:
Code
Alles anzeigenservices: pihole: container_name: pihole image: pihole/pihole:latest hostname: pihole cap_add: - NET_ADMIN networks: homepi: ipv4_address: 192.168.178.252 # the IP of the pihole container ports: - 443:443/tcp - 53/tcp - 53/udp - 80/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80 # - 5335:5335/tcp # Uncomment to enable unbound access on local server - 22/tcp # Uncomment to enable SSH environment: - FTLCONF_LOCAL_IPV4=192.168.178.252 - TZ=Europe/Berlin - WEBPASSWORD=******** - REV_SERVER=true - REV_SERVER_DOMAIN=lan - REV_SERVER_TARGET=192.168.178.1 - REV_SERVER_CIDR=192.168.0.0/16 - HOSTNAME=pihole - DOMAIN_NAME=pihole.home.lan - PIHOLE_DNS_=1.1.1.1;1.0.0.1 - DNSSEC="true" - DNSMASQ_LISTENING=single volumes: - /SSD/dockerdata/pihole:/etc/pihole:rw - /SSD/dockerdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d:rw restart: unless-stopped networks: homepi: # Name of network driver: macvlan # Use the macvlan network driver driver_opts: parent: br0 # Name of the Network Interface (check in OMV GUI in Network >> Interfaces >> Name ipam: config: - subnet: 192.168.178.0/24 # Specify subnet gateway: 192.168.178.1 # Gateway address / address of router ip_range: 192.168.178.248/29 # 192.168.178.252 and 192.168.178.253Any ideas?
-
Have you tried changing the ports and switch them back directly in the console dialogue?
-
It somehow reminds me of the great fli4l project I used so much some years ago
