Tutorial: Running Pi-Hole on Firewalla Blue in 5 mins

Follow

Comments

26 comments

  • Avatar
    Rastislav Švarba

    I'm not sure how to correctly set it up, what needs to be set up on firewalla.

    Pihole + pihole-FTL is running, it shows connections, but just by localhost and firewalla. No other devices.

    I need to set on my computer to use DNS (IP of firewalla) to go through pihole. I've tried with Ad-Block and DNS boost on/off. Without any effect. But I didn't restart firewalla between config changes.

     

    It's been working for a while, when I set on firewalla app -> network settings to use primary DNS IP of firewalla itself.

    0
    Comment actions Permalink
  • Avatar
    Rastislav Švarba

    Looks working again. Now I have it set up this way in firewalla app:

    • Primary DNS to IP of router (xxx.yyy.zzz.1)
    • Turn OFF Family protect
    • Turn ON AdBlock
    • Turn ON DNS Boost
    0
    Comment actions Permalink
  • Avatar
    Jeremy

    "I need to set on my computer to use DNS (IP of firewalla) to go through pihole."

    "It's been working for a while, when I set on firewalla app -> network settings to use primary DNS IP of firewalla itself."

    This is all related to the iptables NAT table doing a DNAT from port 53 (pihole-ftl) to 8853 (local dnsmasq) for sources not 127.0.0.1. Your incoming traffic hits iptables then gets DNAT'ed to 8853 which forwards your query to 127.0.0.1:53 which does not get DNAT'ed to port 53 (pihole-ftl). The non-authoritative lookup makes all your queries to pihole-ftl appear to be originating from localhost.

    So my question to the Firewalla team is... how can i have the result from the following be applied forever and always?

    sudo iptables -t nat -D PREROUTING -s 0.0.0.0/0 -d 0.0.0.0/0 -j PREROUTING_DNS_DEFAULT

    I needed the Beta Firewalla app to see the DNS Boost function which adds entries to an ipset (no_dns_caching_mac_set) for devices to be excluded from the rules in the PREROUTING_DNS_DEFAULT chain.

    2
    Comment actions Permalink
  • Avatar
    Support Team

    @Jeremy, thanks for theinfo.

     

    The rule will automatically be added if Firewalla service restarts. What you can do is adding a cronjob to root account to execute this delete command periodically.

     

    Do not add to pi's cronjob, as its cronjob will be flushed when service restarts.

    1
    Comment actions Permalink
  • Avatar
    Antonio Lopedote

    Hello there, I have tried to use pi hole on my firewalla blue but after one day it has blocked all my local network. I have disabled the dhcp server on my router and I have used the pi hole dhcp service. What is the problem ? could you help me? Now I have done a reset of firewalla ...  where is the problem?

     

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Antonio,

    We didn't use the dhcp service on pi-hole. This may cause Firewalla can't get IP allocated for itself. Maybe after one day, your box's IP address is expired.

     

    What's the reason did you want to use PiHole DHCP service?

     

    Melvin

    1
    Comment actions Permalink
  • Avatar
    Antonio Lopedote

    @Melvin, thank you for your reply. There is not a good reason for my decision. I have understood  this operation could block all my lan.

    Thank you!

    0
    Comment actions Permalink
  • Avatar
    Adrian✌🏽🎃

    @Rastislav Švarba

    Are you using Simple or DHCP mode?

    I'm only seeing traffic from localhost, firewalla, and anything plugged into ethernet in the pihole logs. Have tried a few permutations that gave me varying results. No matter what I do (probably doing something wrong) I can't get Pi-hole and Firewalla to see traffic (and block ads) at the same time. Any tips?

    0
    Comment actions Permalink
  • Avatar
    Rastislav Švarba

    @Adrian,

    I'm using Simple mode. And currently, I have on my router set primary DNS to point to IP of firewalla and in firewalla Primary DNS Server set to firewalla IP too.

    In pi-hole I see only `localhost`, `firewalla`, and `gateway`. But I see that what's marked as firewalla are the requests from devices on my network

    1
    Comment actions Permalink
  • Avatar
    Adrian✌🏽🎃

    Thanks @Rastislav Švarba!

    In playing around with settings I ended up with DHCP mode with the overlay network's DNS server pointed to Pi-hole (primary set as the primary address and secondary set to 192.168.218.1, Firewalla's IP in the overlay). With the exception of the primary and secondary DNS + DHCP mode, I've mirrored your settings and I'm able to see traffic from the Pi-hole and Firewalla side.

    Looks like TTL was the thing getting me; making changes but everything is cached. Got reacquainted with `dig` in the past few hours :)

    0
    Comment actions Permalink
  • Avatar
    Maurice Field

    I have tried looking in using SSH but keep getting a wrong password error even though I know it correct. It didn't ask me for username. Any suggestions as to what I can do.

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Maurice

     

    The username is pi. If still getting the wrong password error, please reload the data from the main screen and try again.

     

    1
    Comment actions Permalink
  • Avatar
    David Wigley

    `So I was setting a a rpi todo this and thought great I can get my firewalla to do it one less device and socket to find but when a ssh in it takes ages and often times out and if I do get to enter the curl command it doesn't like the url  so I think it must be down to the slowness of the subnet but that confuses me the sub net is small and short why does this happen?

    0
    Comment actions Permalink
  • Avatar
    Eli1

    I loaded Pi Hole and can see the dashboard. However, the DNS service is not running and the FTL service is offline. What kind of edits to either my NETGEAR Nighthawk R6700v3 or my Firewalla Blue should I make? Thanks in advance.

    0
    Comment actions Permalink
  • Avatar
    Brian Adler

    @Eli1,log in to the pihole via ssh

    run from command line: "pihole restartdns"

    sometimes my DNS will not work after restart or power failure. It comes up so quick that it does not see default interface, which is still coming up.

    here are some useful commands :

    #
    pihole restartdns <--- fixes DNS reboot problem
    pihole status <--- pihole server check
    pihole -c -e <--- terminal display on overall status
    #
    pihole -v <--- checks if update are available
    pihole -up <--- this will update pi-hole application
    #
    pihole -g <-- updates the blocklists

    hope this helps

     

    0
    Comment actions Permalink
  • Avatar
    Hirotoshi Ito

    I installed Pi-hole and it seems working.

    However, Pi-hole Dashboard shows no query count, no blocked count.

    Is something wrong?

     

    My firewalla blue Version 1.966 Beta

    Ad Block ON

    Family Protect OFF

    DNS Booster ON

     

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Hirotoshi

     

    Can you try to configure the box primary IP address as the DNS server of Primary Network and Overlay Network?

            Settings -> Advanced -> Network Settings

     

    See if you can see the queries in pihole after the change.

     

     

    1
    Comment actions Permalink
  • Avatar
    Hirotoshi Ito

    Thank you @Melvin

    I change my firewalla blue DNS server setting to IP address itself.

    Pi-hole Dashboad shows queries and counter up.

    0
    Comment actions Permalink
  • Avatar
    Robb McMahan

    I have a Firewalla Blue and followed the directions and can see the admin panel fine but it only shows local host and queries from only local host which are mainly ubuntu. There are no other queries. I also tried to add the firewalla's IP address as DNS for both Primary and Overlay Network and still nothing, I do have ad block on and family protect off.

    0
    Comment actions Permalink
  • Avatar
    Sunny

    I installed Pi Hole services and the dashboard loaded for onetime. As per instructions did a reboot and nothing is loading now. Even cannot access the dashboard and firewalla app is slow on phone. It is been an hour how to fix this? 

    Update: after an hour of time from the app it is showing the device is unreachable.

    0
    Comment actions Permalink
  • Avatar
    Support Team

    If you can still ssh to the box, try to restart the pihole service by

            sudo systemctl restart pihole-FTL

    And check if it's coming back.

    0
    Comment actions Permalink
  • Avatar
    Michael Weiner

    @Hirotoshi Ito

    Which monitoring mode do you employ?  Thanks!

     

    0
    Comment actions Permalink
  • Avatar
    Maurice Field

    For some reason pi-hole stops for no reason every few days. Sometimes a reboot helps, sometimes not. Any idea what I can do to stop this happening?

    0
    Comment actions Permalink
  • Avatar
    sarkawt

    i got this (Firewalla) $ pihole -t
    [i] Press Ctrl-C to exit
    01:19:14: query[A] 1.ubuntu.pool.ntp.org from 127.0.0.1
    01:19:14: config error is REFUSED
    01:19:14: query[AAAA] 1.ubuntu.pool.ntp.org from 127.0.0.1
    01:19:14: config error is REFUSED
    01:35:23: read /etc/hosts - 7 addresses
    01:35:23: failed to load names from /etc/pihole/custom.list: No such file or directory
    01:35:23: read /etc/pihole/local.list - 2 addresses
    01:50:12: read /etc/hosts - 7 addresses
    01:50:12: failed to load names from /etc/pihole/custom.list: No such file or directory
    01:50:12: read /etc/pihole/local.list - 2 addresses
    02:14:29: read /etc/hosts - 7 addresses
    02:14:29: failed to load names from /etc/pihole/custom.list: No such file or directory
    02:14:29: read /etc/pihole/local.list - 2 addresses

    any solution please

    0
    Comment actions Permalink
  • Avatar
    Michael Marrah

    Same issues as others above.  Everything installed and appears to be running fine.  I set the DNS Server for both primary and overlay networks to be the FW IP and that seemed to work for a day.  Now dashboard shows nothing blocked and a handful of queries.  Setting DNS Server to FW IP only on the overlay seems to have no effect at all.  Any suggestions for troubleshooting?

    thanks,

    Mike

     

    0
    Comment actions Permalink
  • Avatar
    Michael Marrah

    FWIW, the solution for me appears to be going into the router settings and changing its DNS server to point to the FW.  So with FW in DHCP mode, both the overlay DNS server and the router are pointed to the FW IP address.  That seems to be working although the blocked queries are still very low (1% or less), which is surprising.

    0
    Comment actions Permalink

Please sign in to leave a comment.