Docker - pihole

Andrew162 · September 10, 2022, 9:02pm

Hello
I just folow the instruction from
https://help.mikrotik.com/docs/display/ROS/Container

My subnet is 192.168.1.0/24
The Docker Pi-hole is 192.168.10.26

How i can ping/connect that 2 subnet / get access to 192.168.10.26

Andrew162 · September 10, 2022, 9:41pm

i Change /bridge port veth 2 to bridge ( main bridge)
and
/interface veth veth2 to primary subnet 192.168.1.0 with gateway 192.168.1.1
and … its look like its working i think

(on 192.168.1.26 got real raspi4 with pihole also)

Andrew162 · September 10, 2022, 9:55pm

My solution :

#Type all manual to terminal in mikrotik#
192.168.1.27/24 ( use your subnet .. for example start subnet 192.168.88.27 or what you got at the moment)
/interface/veth/add name=veth2 address=192.168.1.27/24 gateway=192.168.1.1

/interface/bridge/add name=dockers
/ip/address/add address=192.168.1.1/24 interface=dockers
/interface/bridge/port add bridge=dockers/bridge interface=veth2

/container/envs/add name=pihole_envs key=TZ value=“Europe/Riga”
/container/envs/add name=pihole_envs key=WEBPASSWORD value=“yourPassword”
/container/envs/add name=pihole_envs key=DNSMASQ_USER value=“root”

#root = do not change#
#Yourpassword - change it#

#go to disk and check your pendrive/hdd/ssd disk number = do not install on internal memory of mikrotik!!#

/container/mounts/add name=etc_pihole src=disk4/etc dst=/etc/pihole
/container/mounts/add name=dnsmasq_pihole src=disk4/etc-dnsmasq.d dst=/etc/dnsmasq.d

/container/config/set registry-url=https://registry-1.docker.io tmpdir=disk4/pull

/container/add remote-image=pihole/pihole:latest interface=veth2 root-dir=disk4/pihole mounts=dnsmasq_pihole,etc_pihole envlist=pihole_envs

#To check status of progress write this#
/container/print

#To start Container :#
/container/start 0

To check do container is run go to winbox Container/Container check “status” -should be running#

#aditional firewall rules if you already used port 80#
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.1.1 dst-port=800 protocol=tcp to-addresses=192.168.10.26 to-ports=80

#depend of your mikrotik model - check that on winbox : /system/resources Free memory (for example my model is RB3011UiAS) i got 850MiB free #
/container/config/set ram-high=400M

#before doo that.. go to winbox /containers/ select your veth . and STOP then go command then Click Start #
/container/set 0 start-on-boot=yes

Pihole in beggin like i see used Used memory: 5.94 MB

I got raspi4 with maaany extra package and its used
Used memory: 9.17 MB

Mikrotik :

Raspi4 pihole 2 year use ( after 10h of restart)

chechito · September 10, 2022, 11:23pm

nice, in which hardware you deploy that?

Andrew162 · September 10, 2022, 11:29pm

“(for example my model is RB3011UiAS)” + Audience
like my signature

chechito · September 10, 2022, 11:44pm

using only the 128MB of integrated storage ?

Andrew162 · September 11, 2022, 2:49am

According to my knowleadge…
its getting 4-5MB

Andrew162 · September 11, 2022, 3:09am

BUT

im wondering
Why mikrotik eat almost 100% CPU in speed test when DNS pihole Mikrotik is enabled.
after back to Raspi pihole still getting 100% cpu and max 450Mb download on speedtest.net
( My internet 1Gb)
Before easy reach 800-990Mb
hmmmm
its look like HW off??

Update :

HW ON…hmm

AidanAus · September 12, 2022, 6:53am

enabling hardware offloading does not mean that it is active, it is like fasttrack, you can enable it but it does not mean that the traffic will be hitting it as there are other things that can effect this.
The best way to see if hardware offloading is actually online is by going to the bridge interface then looking at the ports tab, in there you should see a H next to each interface that is actively using hardware offloading: https://help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-BridgeHardwareOffloading

I dont think that hardware offloading would of effected the traffic that much, if it broke before and after switching back even more so when you think that hardware offloading is not really used when going online since you will have to go to the cpu to route and nat the traffic.
Can you send through your configuration so we might be able to see what was going on? my guess will be that it is something to do with fasttrack but again thats just a guess.

Jarek9008 · September 13, 2022, 9:55am

I have another question. What needs to be done so that all hosts are visible in PiHole, e.g. phones, computers (their IP addresses), at the moment when logging in to PiHole I see only one “user” - the local address of Mikrotik. I would like to add that everything was done according to the Mikrotik manual.

own3r1138 · September 13, 2022, 11:18am

Jarek9008 · September 13, 2022, 1:07pm

Hi,

but if it will be working if I did all based on Mikrotik tutorial and I have different subnet than my MT? E.X - MT 172.16.0.1, PiHole 172.17.02?

own3r1138 · September 13, 2022, 1:32pm

As far as I know, it should. I used a container at MT for pi-hole.
You should know what is in MT documents is an example. That is not a complete walkthrough on how to use pi-hole.
The address should be the CIDR of your DHCP server. if you have 172.16.0.0/24 at your MT then it should be that.

Jarek9008 · September 13, 2022, 1:40pm

So in my case what I should write in PiHole console? My MT address/gateway or PiHole? BTW - maybe You can write some additional tips complementary MT manual?

own3r1138 · September 13, 2022, 2:26pm

additional tips complementary MT manual

https://docs.pi-hole.net/

set your DNS server at your DHCP server to 172.17.0.2 and also inside your pi-hole go to setting and in the first tab, you should see the same setting as screenshot blow.

Jarek9008 · September 13, 2022, 8:27pm

Hi, sorry, but I did all as You wrote and it not working. Maybe You have any more idea what I should do? Thx.

Jarek9008 · September 14, 2022, 9:20am

@Andrew162,

how its look in Your case - Do You see in Pi-Hole all of Clients (thiers IPs), or only one Client (gateway of Pi-Hole)???

Andrew162 · September 16, 2022, 11:02pm

To start using Pihole
Go to ip DHCP server
networks
Double click on your
and change DNS server to.. what you use for pihole
after off on wifi and off on lan.. its should start using pihole

After some update - tested on 7.6 beta6
updated code

/interface/veth/add name=veth1 address=192.168.1.30/24 gateway=192.168.1.1


/interface/bridge/port add bridge=bridge interface=veth1
/ip/firewall/nat/add chain=srcnat action=masquerade src-address=192.168.1.0/24
/container/envs/add name=pihole_envs key=TZ value="Europe/Riga"
/container/envs/add name=pihole_envs key=WEBPASSWORD value="YourPassword"
/container/envs/add name=pihole_envs key=DNSMASQ_USER value="root"
/container/mounts/add name=etc_pihole src=disk1/etc dst=/etc/pihole
/container/mounts/add name=dnsmasq_pihole src=disk1/etc-dnsmasq.d dst=/etc/dnsmasq.d
/container/config/set registry-url=https://registry-1.docker.io tmpdir=disk1/pull
/container/add remote-image=pihole/pihole:latest interface=veth1 root-dir=disk1/pihole mounts=dnsmasq_pihole,etc_pihole envlist=pihole_envs
/container/print

/container/start 0

#after start = wait 1 min#
/container/config/set ram-high=200M

Remember to edit password before you paste
Copy paste dont like from notepad
Use notepad C++

Jarek9008 · September 20, 2022, 1:52pm

Hi,

why masquerade is for address 192.168.1.0/24? And did You see all of Client IP’s in PiHole site?

Andrew162 · September 23, 2022, 9:22pm

Im not sure what you mean by… do i can see ip clients in PiHole
All devices “react” and work with that Pihole if that what you are asking for