If you use ReadyNAS OS 6 you can install Pi-hole in Docker container:
docker run --name my-new-pi-hole \
-e ServerIP=191.168.1.28 \
-e DNS1=192.168.1.4 \
-e WEBPASSWORD=secret \
-d \
-p 8080:80 -p 53:53 -p 53:53/udp \
diginc/pi-hole
you don't have to run
docker pull diginc/pi-hole
it will be done automatic (or rather automagic).
As You can see I've set up several parameters:
- run is command to docker to run container
- --name my-new-pi-hole is name of container (optional)
- -e means Environment Variable - it is to pass some options to container
- ServerIP - it is IP that Pi-hole should use (mandatory)
- DNS1 - IP of your DNS server (optional) - if you not provide it will use google's DNS
- WEBPASSWORD (useful) - you will need it to login to administration portal
- -d - tells to docker that this container should work in background
- -p - is port redirection from your docker machine to port in container
- 8080:80 (useful) - is redirection of 8080 port of your docker machine to port 80 in container
- 53:53 (optional)- is redirection of 53 port of your docker machine to port 53 in container (not necessary in my case)
- 53:53/udp (very useful) - is the same for UDP port - this is what we need to work
- diginc/pi-hole - is of course name of image to run
Now you can use command
docker ps
to get some information about your container
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 891aeb2c127b diginc/pi-hole "/s6-init" 7 seconds ago Up 2 seconds (health: starting) 0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, 0.0.0.0:8080->80/tcp my-new-pi-hole
as you can see status is health: starting, after some time it will change to healthy.
Now you can login to (192.168.1.28 is address of may docker machine) http://192.168.1.28:8080/admin/ to check that no one has used your server (Total queries 0).
Let's check if it works:
root@mynas:~# host jaqb.gda.pl 192.168.1.28 Using domain server: Name: 192.168.1.28 Address: 192.168.1.28#53 Aliases: jaqb.gda.pl has address 185.204.216.106 jaqb.gda.pl mail is handled by 0 mail.jaqb.gda.pl.
Yes!
Now it's enough to change default DNS in your LAN to your docker machine (in my case 192.168.1.28).
If your proxy server (squid and/or dansguardian) is not on your gateway you can also set it up to be transparent.
In my examples gateway ha address 192.168.1.1, and squid server has address 192.168.1.28 and listen on 8080 port.
There is configuration using iptables directly:
iptables -t nat -I PREROUTING -i eth0 -s ! 192.168.1.28 -p tcp --dport 80 -j DNAT --to 192.168.1.28:8880 iptables -t nat -I POSTROUTING -o eth0 -s 192.168.1.0/24 -d 192.168.1.28 -j SNAT --to 192.168.1.1 iptables -I FORWARD -s 192.168.1.0/24 -d 168.13.28 -i eth0 -o eth0 -p tcp --dport 8880 -j ACCEPT
and this is the same in Gargoyle /etc/config/firewall file (you can edit it or use uci add firewall commands):
config redirect
option name 'P12 to Squid DNAT'
option src 'lan'
option proto 'tcp'
option dest_port '8080'
option src_dport '80'
option src_dip '! 192.168.1.1'
option dest_ip '192.168.1.28'
option src_ip '! 192.168.1.28'
config redirect
option name 'P12 to Squid SNAT'
option dest 'lan'
option proto 'tcp'
option src_dip '192.168.1.1'
option dest_ip '192.168.1.28'
option src_ip '192.168.1.0/24'
option target 'SNAT'
config rule
option name 'P12 to Squid'
option dest 'lan'
option dest_port '8080'
option proto 'tcp'
option src_ip '192.168.1.0/24'
option dest_ip '192.168.1.28'
option target 'ACCEPT'
after editing /etc/config/firewall file you have to restart firewall:
/etc/init.d/firewall restart
Add comment