Hello
I just folow the instruction from
https://help.mikrotik.com/docs/display/ROS/Container
My subnet is 192.168.1.0/24
The Docker Pi-hole is 192.168.10.26
How i can ping/connect that 2 subnet / get access to 192.168.10.26
Re: Docker - pihole
i Change /bridge port veth 2 to bridge ( main bridge)
and
/interface veth veth2 to primary subnet 192.168.1.0 with gateway 192.168.1.1
and .... its look like its working i think
(on 192.168.1.26 got real raspi4 with pihole also)
and
/interface veth veth2 to primary subnet 192.168.1.0 with gateway 192.168.1.1
and .... its look like its working i think
(on 192.168.1.26 got real raspi4 with pihole also)
Re: Docker - pihole
My solution :
#Type all manual to terminal in mikrotik#
192.168.1.27/24 ( use your subnet .. for example start subnet 192.168.88.27 or what you got at the moment)
/interface/veth/add name=veth2 address=192.168.1.27/24 gateway=192.168.1.1
/interface/bridge/add name=dockers
/ip/address/add address=192.168.1.1/24 interface=dockers
/interface/bridge/port add bridge=dockers/bridge interface=veth2
/container/envs/add name=pihole_envs key=TZ value="Europe/Riga"
/container/envs/add name=pihole_envs key=WEBPASSWORD value="yourPassword"
/container/envs/add name=pihole_envs key=DNSMASQ_USER value="root"
#root = do not change#
#Yourpassword - change it#
#go to disk and check your pendrive/hdd/ssd disk number = do not install on internal memory of mikrotik!!#
/container/mounts/add name=etc_pihole src=disk4/etc dst=/etc/pihole
/container/mounts/add name=dnsmasq_pihole src=disk4/etc-dnsmasq.d dst=/etc/dnsmasq.d
/container/config/set registry-url=https://registry-1.docker.io tmpdir=disk4/pull
/container/add remote-image=pihole/pihole:latest interface=veth2 root-dir=disk4/pihole mounts=dnsmasq_pihole,etc_pihole envlist=pihole_envs
#To check status of progress write this#
/container/print
#To start Container :#
/container/start 0
# To check do container is run go to winbox Container/Container check "status" -should be running#
#aditional firewall rules if you already used port 80#
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.1.1 dst-port=800 protocol=tcp to-addresses=192.168.10.26 to-ports=80
#depend of your mikrotik model - check that on winbox : /system/resources Free memory (for example my model is RB3011UiAS) i got 850MiB free #
/container/config/set ram-high=400M
#before doo that.. go to winbox /containers/ select your veth . and STOP then go command then Click Start #
/container/set 0 start-on-boot=yes
Pihole in beggin like i see used Used memory: 5.94 MB
I got raspi4 with maaany extra package and its used
Used memory: 9.17 MB
Mikrotik :
Raspi4 pihole 2 year use ( after 10h of restart)
#Type all manual to terminal in mikrotik#
192.168.1.27/24 ( use your subnet .. for example start subnet 192.168.88.27 or what you got at the moment)
/interface/veth/add name=veth2 address=192.168.1.27/24 gateway=192.168.1.1
/interface/bridge/add name=dockers
/ip/address/add address=192.168.1.1/24 interface=dockers
/interface/bridge/port add bridge=dockers/bridge interface=veth2
/container/envs/add name=pihole_envs key=TZ value="Europe/Riga"
/container/envs/add name=pihole_envs key=WEBPASSWORD value="yourPassword"
/container/envs/add name=pihole_envs key=DNSMASQ_USER value="root"
#root = do not change#
#Yourpassword - change it#
#go to disk and check your pendrive/hdd/ssd disk number = do not install on internal memory of mikrotik!!#
/container/mounts/add name=etc_pihole src=disk4/etc dst=/etc/pihole
/container/mounts/add name=dnsmasq_pihole src=disk4/etc-dnsmasq.d dst=/etc/dnsmasq.d
/container/config/set registry-url=https://registry-1.docker.io tmpdir=disk4/pull
/container/add remote-image=pihole/pihole:latest interface=veth2 root-dir=disk4/pihole mounts=dnsmasq_pihole,etc_pihole envlist=pihole_envs
#To check status of progress write this#
/container/print
#To start Container :#
/container/start 0
# To check do container is run go to winbox Container/Container check "status" -should be running#
#aditional firewall rules if you already used port 80#
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.1.1 dst-port=800 protocol=tcp to-addresses=192.168.10.26 to-ports=80
#depend of your mikrotik model - check that on winbox : /system/resources Free memory (for example my model is RB3011UiAS) i got 850MiB free #
/container/config/set ram-high=400M
#before doo that.. go to winbox /containers/ select your veth . and STOP then go command then Click Start #
/container/set 0 start-on-boot=yes
Pihole in beggin like i see used Used memory: 5.94 MB
I got raspi4 with maaany extra package and its used
Used memory: 9.17 MB
Mikrotik :
Raspi4 pihole 2 year use ( after 10h of restart)
Re: Docker - pihole
nice, in which hardware you deploy that?
Re: Docker - pihole
"(for example my model is RB3011UiAS)" + Audience
like my signature
like my signature
Re: Docker - pihole
using only the 128MB of integrated storage ?
Re: Docker - pihole
According to my knowleadge...
its getting 4-5MB
its getting 4-5MB
Re: Docker - pihole
BUT
im wondering
Why mikrotik eat almost 100% CPU in speed test when DNS pihole Mikrotik is enabled.
after back to Raspi pihole still getting 100% cpu and max 450Mb download on speedtest.net
( My internet 1Gb)
Before easy reach 800-990Mb
hmmmm
its look like HW off??
Update :
HW ON...hmm
im wondering
Why mikrotik eat almost 100% CPU in speed test when DNS pihole Mikrotik is enabled.
after back to Raspi pihole still getting 100% cpu and max 450Mb download on speedtest.net
( My internet 1Gb)
Before easy reach 800-990Mb
hmmmm
its look like HW off??
Update :
HW ON...hmm
Re: Docker - pihole
enabling hardware offloading does not mean that it is active, it is like fasttrack, you can enable it but it does not mean that the traffic will be hitting it as there are other things that can effect this.
The best way to see if hardware offloading is actually online is by going to the bridge interface then looking at the ports tab, in there you should see a H next to each interface that is actively using hardware offloading: https://help.mikrotik.com/docs/display/ ... Offloading
I dont think that hardware offloading would of effected the traffic that much, if it broke before and after switching back even more so when you think that hardware offloading is not really used when going online since you will have to go to the cpu to route and nat the traffic.
Can you send through your configuration so we might be able to see what was going on? my guess will be that it is something to do with fasttrack but again thats just a guess.
The best way to see if hardware offloading is actually online is by going to the bridge interface then looking at the ports tab, in there you should see a H next to each interface that is actively using hardware offloading: https://help.mikrotik.com/docs/display/ ... Offloading
I dont think that hardware offloading would of effected the traffic that much, if it broke before and after switching back even more so when you think that hardware offloading is not really used when going online since you will have to go to the cpu to route and nat the traffic.
Can you send through your configuration so we might be able to see what was going on? my guess will be that it is something to do with fasttrack but again thats just a guess.
Re: Docker - pihole
I have another question. What needs to be done so that all hosts are visible in PiHole, e.g. phones, computers (their IP addresses), at the moment when logging in to PiHole I see only one "user" - the local address of Mikrotik. I would like to add that everything was done according to the Mikrotik manual.
Re: Docker - pihole
I have another question. What needs to be done so that all hosts are visible in PiHole, e.g. phones, computers (their IP addresses), at the moment when logging in to PiHole I see only one "user" - the local address of Mikrotik. I would like to add that everything was done according to the Mikrotik manual.
You do not have the required permissions to view the files attached to this post.
Re: Docker - pihole
Hi,Moderator: Why do you quote previous post? Use Post Replay not Quote button.
but if it will be working if I did all based on Mikrotik tutorial and I have different subnet than my MT? E.X - MT 172.16.0.1, PiHole 172.17.02?
Re: Docker - pihole
As far as I know, it should. I used a container at MT for pi-hole.
but if it will be working if I did all based on Mikrotik tutorial and I have different subnet than my MT? E.X - MT 172.16.0.1, PiHole 172.17.02?
You should know what is in MT documents is an example. That is not a complete walkthrough on how to use pi-hole.
The address should be the CIDR of your DHCP server. if you have 172.16.0.0/24 at your MT then it should be that.
Re: Docker - pihole
So in my case what I should write in PiHole console? My MT address/gateway or PiHole? BTW - maybe You can write some additional tips complementary MT manual?Moderator: Why do you quote previous post? Use Post Replay not Quote button.
Re: Docker - pihole
So in my case what I should write in PiHole console? My MT address/gateway or PiHole? BTW - maybe You can write some additional tips complementary MT manual?
- additional tips complementary MT manual
- set your DNS server at your DHCP server to 172.17.0.2 and also inside your pi-hole go to setting and in the first tab, you should see the same setting as screenshot blow.
You do not have the required permissions to view the files attached to this post.
Re: Docker - pihole
Hi, sorry, but I did all as You wrote and it not working. Maybe You have any more idea what I should do? Thx.Moderator: Why do you quote previous post? Use Post Replay not Quote button.
Re: Docker - pihole
@Andrew162,My solution :
Moderator: trim the quote.
how its look in Your case - Do You see in Pi-Hole all of Clients (thiers IPs), or only one Client (gateway of Pi-Hole)???
Re: Docker - pihole
To start using Pihole
Go to ip DHCP server
networks
Double click on your
and change DNS server to.. what you use for pihole
after off on wifi and off on lan.. its should start using pihole
After some update - tested on 7.6 beta6
updated code
Remember to edit password before you paste
Copy paste dont like from notepad
Use notepad C++
Go to ip DHCP server
networks
Double click on your
and change DNS server to.. what you use for pihole
after off on wifi and off on lan.. its should start using pihole
After some update - tested on 7.6 beta6
updated code
Code: Select all
/interface/veth/add name=veth1 address=192.168.1.30/24 gateway=192.168.1.1
/interface/bridge/port add bridge=bridge interface=veth1
/ip/firewall/nat/add chain=srcnat action=masquerade src-address=192.168.1.0/24
/container/envs/add name=pihole_envs key=TZ value="Europe/Riga"
/container/envs/add name=pihole_envs key=WEBPASSWORD value="YourPassword"
/container/envs/add name=pihole_envs key=DNSMASQ_USER value="root"
/container/mounts/add name=etc_pihole src=disk1/etc dst=/etc/pihole
/container/mounts/add name=dnsmasq_pihole src=disk1/etc-dnsmasq.d dst=/etc/dnsmasq.d
/container/config/set registry-url=https://registry-1.docker.io tmpdir=disk1/pull
/container/add remote-image=pihole/pihole:latest interface=veth1 root-dir=disk1/pihole mounts=dnsmasq_pihole,etc_pihole envlist=pihole_envs
/container/print
/container/start 0
#after start = wait 1 min#
/container/config/set ram-high=200MCopy paste dont like from notepad
Use notepad C++
Re: Docker - pihole
Hi,moderator note: do not quote whole preceding post. Use "Post Reply" button instead. Is it so hard task to find it?
why masquerade is for address 192.168.1.0/24? And did You see all of Client IP's in PiHole site?
Re: Docker - pihole
Im not sure what you mean by... do i can see ip clients in PiHole
All devices "react" and work with that Pihole if that what you are asking for
All devices "react" and work with that Pihole if that what you are asking for
-
-
majorlogic
just joined
- Posts: 16
- Joined:
Re: Docker - pihole
hello, can somebody help me with this? viewtopic.php?t=190031
Re: Docker - pihole
If you started own new topic of "docker+pihole" then wait for help in it.
Re: Docker - pihole
I did exactly but the pihole page not open I got this page
any help please
regards
any help please
regards
Re: Docker - pihole
I got the same Placeholder page
try admin ex: http://10.10.10.1:888/admin
try admin ex: http://10.10.10.1:888/admin
-
-
blackseaboy
just joined
- Posts: 1
- Joined:
Re: Docker - pihole
try to use a different build of pihole (not the "latest"), the 2022.09 has worked for me:I got the same Placeholder page
try admin ex: http://10.10.10.1:888/admin
/container/add remote-image=pihole/pihole:2022.09 interface=veth1 root-dir=disk2/pihole mounts=dnsmasq_pihole,etc_pihole envlist=pihole_envs
check the root dir, accodingly
Re: Docker - pihole
this could be due these changes https://pi-hole.net/blog/2023/01/15/pi- ... ge-content anyway cant run even previous versions
:latest should wok with adiing /admin to IP but got connection refued od all potrs except 80 and 80 return placeholder page
:latest should wok with adiing /admin to IP but got connection refued od all potrs except 80 and 80 return placeholder page
Re: Docker - pihole
Hi All,
I had a RPi4 Pihole for a couple year perfectly working and heard of the possibility to configure a Pihole container into my RB5009 so I decided to give it a try.
I'll avoid for now to fill this message with all the ROS configuration, maybe I could post it later if something punctual is needed.
I have ROS 7.13.1
Well, I configured the container following the guide and I give also a try to something different (as someone here already did).
A this point I have 2 pihole container (with the same internal configuration), both of them have issues but different ones.
To filter all the possible suggestions I want to remark that:
- both the containers can access the internet
- both are reached from the devices in the network
- pihole software works as intended (note: according to what provided by the router, see second container issue)
- I already tried multiple flushes of the network tables and restarts of the dns resolver
The first one, configured without using a specific docker bridge has a veth with an address on the same range of the router's dhcp (192.168.1.0/24).
It works smoothly as the RPi4 did, but randomly, when rebooting the router, the container can't start, nor automatically (is set to start on boot), nor manually, even when trying to start it from the terminal, hitting enter print a "space" and nothing appear in the log. When this happends I can't even ping the assigned ip, but looking at the interface or the bridge port there's nothing strange. It seems something related to the veth/bridge management, maybe on boot sometimes something come up before, sometime after the veth is started (I know that network people is reading this and screaming, but I'm not a "super guru network guy") and this make it not working
The second one, configured using the docker bridge (with an addres into the 192.168.5.0/24 range), works too, but with a frustrating behaviour. In the pihole web interface, under tools>network, all the devices (except itself) don't show anymore the mac address...and of course all the client rules uses the mac address to bind, so this way, binding to a specific group is broken and only default rules works. I should bind again all the clients using their IPs (not a huge problem because all of my devices have static leases in the DHCP, but still an issue) but this approach really sucks. Because the second one was a "late night try" I still didn't try to reboot to see if the "not starting" first container's issue happend with this too.
In this case it seems I miss to configure something to let the docker bridge be able to "know" the mac addresses of the clients from the main bridge, but, as I said, I'm not a "super guru network guy", and I don't know how to fix it.
can someone please help me?
thank you
I had a RPi4 Pihole for a couple year perfectly working and heard of the possibility to configure a Pihole container into my RB5009 so I decided to give it a try.
I'll avoid for now to fill this message with all the ROS configuration, maybe I could post it later if something punctual is needed.
I have ROS 7.13.1
Well, I configured the container following the guide and I give also a try to something different (as someone here already did).
A this point I have 2 pihole container (with the same internal configuration), both of them have issues but different ones.
To filter all the possible suggestions I want to remark that:
- both the containers can access the internet
- both are reached from the devices in the network
- pihole software works as intended (note: according to what provided by the router, see second container issue)
- I already tried multiple flushes of the network tables and restarts of the dns resolver
The first one, configured without using a specific docker bridge has a veth with an address on the same range of the router's dhcp (192.168.1.0/24).
It works smoothly as the RPi4 did, but randomly, when rebooting the router, the container can't start, nor automatically (is set to start on boot), nor manually, even when trying to start it from the terminal, hitting enter print a "space" and nothing appear in the log. When this happends I can't even ping the assigned ip, but looking at the interface or the bridge port there's nothing strange. It seems something related to the veth/bridge management, maybe on boot sometimes something come up before, sometime after the veth is started (I know that network people is reading this and screaming, but I'm not a "super guru network guy") and this make it not working
The second one, configured using the docker bridge (with an addres into the 192.168.5.0/24 range), works too, but with a frustrating behaviour. In the pihole web interface, under tools>network, all the devices (except itself) don't show anymore the mac address...and of course all the client rules uses the mac address to bind, so this way, binding to a specific group is broken and only default rules works. I should bind again all the clients using their IPs (not a huge problem because all of my devices have static leases in the DHCP, but still an issue) but this approach really sucks. Because the second one was a "late night try" I still didn't try to reboot to see if the "not starting" first container's issue happend with this too.
In this case it seems I miss to configure something to let the docker bridge be able to "know" the mac addresses of the clients from the main bridge, but, as I said, I'm not a "super guru network guy", and I don't know how to fix it.
can someone please help me?
thank you
Re: Docker - pihole
Well, apparently I accidentally discovered the reason why container weren't able to start after a reboot. It was an USB issue discussed here viewtopic.php?p=1050954#p1050954
I think I will go with the container in the same ip range of the DHCP, but I'm still bit curious about how to resolve the issue of the second container
I think I will go with the container in the same ip range of the DHCP, but I'm still bit curious about how to resolve the issue of the second container
Re: Docker - pihole
in the case where the veth was not on the docker bridge, did you add it to main bridge? do you have vlan on your network..did you have to change anything else on the bridge veth port(if you assigned it to main bridge) to get it to workHi All,
I had a RPi4 Pihole for a couple year perfectly working and heard of the possibility to configure a Pihole container into my RB5009 so I decided to give it a try.
I'll avoid for now to fill this message with all the ROS configuration, maybe I could post it later if something punctual is needed.
I have ROS 7.13.1
Well, I configured the container following the guide and I give also a try to something different (as someone here already did).
A this point I have 2 pihole container (with the same internal configuration), both of them have issues but different ones.
To filter all the possible suggestions I want to remark that:
- both the containers can access the internet
- both are reached from the devices in the network
- pihole software works as intended (note: according to what provided by the router, see second container issue)
- I already tried multiple flushes of the network tables and restarts of the dns resolver
The first one, configured without using a specific docker bridge has a veth with an address on the same range of the router's dhcp (192.168.1.0/24).
It works smoothly as the RPi4 did, but randomly, when rebooting the router, the container can't start, nor automatically (is set to start on boot), nor manually, even when trying to start it from the terminal, hitting enter print a "space" and nothing appear in the log. When this happends I can't even ping the assigned ip, but looking at the interface or the bridge port there's nothing strange. It seems something related to the veth/bridge management, maybe on boot sometimes something come up before, sometime after the veth is started (I know that network people is reading this and screaming, but I'm not a "super guru network guy") and this make it not working
The second one, configured using the docker bridge (with an addres into the 192.168.5.0/24 range), works too, but with a frustrating behaviour. In the pihole web interface, under tools>network, all the devices (except itself) don't show anymore the mac address...and of course all the client rules uses the mac address to bind, so this way, binding to a specific group is broken and only default rules works. I should bind again all the clients using their IPs (not a huge problem because all of my devices have static leases in the DHCP, but still an issue) but this approach really sucks. Because the second one was a "late night try" I still didn't try to reboot to see if the "not starting" first container's issue happend with this too.
In this case it seems I miss to configure something to let the docker bridge be able to "know" the mac addresses of the clients from the main bridge, but, as I said, I'm not a "super guru network guy", and I don't know how to fix it.
can someone please help me?
thank you
Re: Docker - pihole
yes, I addet it to the main bridge. I have no VLAN and no other specific configuration for the veth was needed (just copied the other bridge ports configuration).in the case where the veth was not on the docker bridge, did you add it to main bridge? do you have vlan on your network..did you have to change anything else on the bridge veth port(if you assigned it to main bridge) to get it to workHi All,
I had a RPi4 Pihole for a couple year perfectly working and heard of the possibility to configure a Pihole container into my RB5009 so I decided to give it a try.
I'll avoid for now to fill this message with all the ROS configuration, maybe I could post it later if something punctual is needed.
I have ROS 7.13.1
Well, I configured the container following the guide and I give also a try to something different (as someone here already did).
A this point I have 2 pihole container (with the same internal configuration), both of them have issues but different ones.
To filter all the possible suggestions I want to remark that:
- both the containers can access the internet
- both are reached from the devices in the network
- pihole software works as intended (note: according to what provided by the router, see second container issue)
- I already tried multiple flushes of the network tables and restarts of the dns resolver
The first one, configured without using a specific docker bridge has a veth with an address on the same range of the router's dhcp (192.168.1.0/24).
It works smoothly as the RPi4 did, but randomly, when rebooting the router, the container can't start, nor automatically (is set to start on boot), nor manually, even when trying to start it from the terminal, hitting enter print a "space" and nothing appear in the log. When this happends I can't even ping the assigned ip, but looking at the interface or the bridge port there's nothing strange. It seems something related to the veth/bridge management, maybe on boot sometimes something come up before, sometime after the veth is started (I know that network people is reading this and screaming, but I'm not a "super guru network guy") and this make it not working
The second one, configured using the docker bridge (with an addres into the 192.168.5.0/24 range), works too, but with a frustrating behaviour. In the pihole web interface, under tools>network, all the devices (except itself) don't show anymore the mac address...and of course all the client rules uses the mac address to bind, so this way, binding to a specific group is broken and only default rules works. I should bind again all the clients using their IPs (not a huge problem because all of my devices have static leases in the DHCP, but still an issue) but this approach really sucks. Because the second one was a "late night try" I still didn't try to reboot to see if the "not starting" first container's issue happend with this too.
In this case it seems I miss to configure something to let the docker bridge be able to "know" the mac addresses of the clients from the main bridge, but, as I said, I'm not a "super guru network guy", and I don't know how to fix it.
can someone please help me?
thank you
as a suggestion, I noticed strange behaviours adding a static entry for the veth on the ARP list (I then understood this is because after every reboot it changes the MAC), adding a static entry on the DNS for its IP and the same with the kid control too
Re: Docker - pihole
I noticed strange behaviours adding a static entry for the veth on the ARP list (I then understood this is because after every reboot it changes the MAC), adding a static entry on the DNS for its IP
If you want to keep static DHCP assignments of IPs for that switch, another option is to disable the auto-mac setting, then set admin-mac to the value it would have if veth1 wasn't there competing for "bridge MAC address".
Re: Docker - pihole
I've recently disabled auto-mac for other reasons, because I wanted to decide which of the ports' MAC had to be used, but when auto-mac was enabled the veth1's MAC was never the one chosen for the bridge. As far as I remember it was just the first lan port available.
If you want to keep static DHCP assignments of IPs for that switch, another option is to disable the auto-mac setting, then set admin-mac to the value it would have if veth1 wasn't there competing for "bridge MAC address".
I think this wouldn't solve the continuously changing veth1 MAC address, but to be honest it's not even a big problem, it's just my psychological problem
Re: Docker - pihole
Thanks it's works for me. I follow the YT guide from Mikrotik channel.I got the same Placeholder page
try admin ex: http://10.10.10.1:888/admin