October 10, 20196 yr Just set up pihole on my Secure LAN. Its working great but I have 4 VLANs running on an EdgerouterX. All VLANs are segregated and VLAN10 can establish communication with any other VLAN (via firewall rules) I have a pihole on VLAN10 in an unRAID server. How can I let VLAN20 utilize the pihole as well? I've tried many firewall rule to no success. Is my only option to set up a pihole for every VLAN? Surely there is a better way. Edited October 12, 20196 yr by adminmat
October 10, 20196 yr If you want to keep network segregation, the best way is to set up a dedicated pi-hole server for each VLAN (network). Below an example of my setup
October 10, 20196 yr Author 36 minutes ago, bonienl said: If you want to keep network segregation, the best way is to set up a dedicated pi-hole server for each VLAN (network). Below an example of my setup But wouldn't I have the same problem because of my VLAN firewall rules? Being my client devices on the guest/family network would not be able to connect to the secure network (unRAID box/Pi-Hole) in order to access the Pi-Hole DNS server? Since the Pi-Hole server is on the Secure LAN? For example: My unRAID server is on the 192.168.10.0/24 subnet. Pi-Hole is on the 192.168.10.0/24 subnet. My guest/family network is 192.168.20.0/24. Or maybe i'm not understanding and you can totally set up different subnets on the unRAID server. I can set this all up using one physical ethernet interface on the unRAID server? Also, others are recommending just opening port 53 from VLAN to VLAN. Which I've tried unsuccessfully.
October 10, 20196 yr Author update: I'm not sure why but the network setting for pihole and unraid were all scrambled. I deleted and reinstalled pihole. It's working now but not across VLANS still. I'm considering scrapping all my EdgrouterX's firewall rules and starting over.
October 12, 20196 yr Author Ok update on this I finally got it working. I created a rule in the GUEST_TO_LAN ruleset to allow destination traffic to the pihole's IP address on port 53. But it was important to move this rule to the top of the ruleset to get it working properly. See my post here for more info. @bonienl, out of curiosity what router are you using? And another thing I found out today. Every time I rebooted my unRAID server the Pi-Hole docker would fail to open again. It was happening because the unRAID server was getting a new DNS of the Pi-Hole itself. So in unRAID's network settings I had to set the DNS to Static and list my Edgerouter IP as the DNS. Does this make sense? Is there another way? Edited October 12, 20196 yr by adminmat
Archived
This topic is now archived and is closed to further replies.