Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Pi-Hole Access from App when Remote

Follow
Avatar
Chris Hewitt
  • Edited

We have Pi-Holes running on each of our client Firewallas.

There is a use case where we need to manage each Pi-Hole remotely from the Pi-Hole mobile app when not connected to the host Firewalla.  Basically, we want access to all the Pi-Holes at the same time from the mobile app.

We are sure we are missing something really simple but we just can't get this to work.

Certainly, port forwarding could be setup to the internet IP address, or better yet the DDNS, of the host Firewallas but port fowarding to the default 172.16.0.2 address is not permitted because it's not within the range of the local network.

I guess the solution is to forward the app requests to a unique port (we are trying port 14177) to the DDNS address of the Firewalla to Pi-Hole Docker container to 172.16.0.2 as port 80.

We’re thinking that using the —net=host option in the docker run command might help make this work. And yes, we know this has some security implications.

Anyone have a solution?

Signed
Stumped

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Chris Hewitt

    I asked OPENAI.COM's ChatGPT and this is what it came back with.  Close? Would this work?

    Will this break anything on the Firewalla?

     

    Create a set of ubuntu iptable rules for a Firewalla (LAN address of 192.168.1.1 and a WAN address of ww.xx.yy.zz) and a supporting script so that an iphone pi-hole app can connect to the pi-hole running on the firewalla in a docker container (address 172.16.0.2) from the internet. Make sure that the incoming connections (over port 14177) to the firewalla are forwarded to the docker container (over port 80) as well. Include the rules to forward traffic from the firewalla to the docker container. The DNS traffic doesn't have to be considered.
     
     

    Here is an example set of iptable rules for a Firewalla device that allows connections to a Pi-hole running in a Docker container at the address 172.16.0.2 from the internet and forwards incoming connections on port 14177 to port 80 on the container:

    1. Enable IP forwarding: sudo echo 1 > /proc/sys/net/ipv4/ip_forward

    2. Allow incoming connections on port 14177 to the firewalla's WAN address: sudo iptables -A INPUT -p tcp -i wan --dport 14177 -j ACCEPT

    3. Forward incoming connections on port 14177 to the Pi-hole container at 172.16.0.2 on port 80: sudo iptables -t nat -A PREROUTING -p tcp -i wan --dport 14177 -j DNAT --to 172.16.0.2:80

    4. Enable masquerading for the forwarded traffic: sudo iptables -t nat -A POSTROUTING -p tcp -o wan -j MASQUERADE

    And here is an example script that can be run on the Firewalla to configure the iptable rules:

     
    #!/bin/bash
    sudo echo 1 > /proc/sys/net/ipv4/ip_forward
    sudo iptables -A INPUT -p tcp -i wan --dport 14177 -j ACCEPT
    sudo iptables -t nat -A PREROUTING -p tcp -i wan --dport 14177 -j DNAT --to 172.16.0.2:80
    sudo iptables -t nat -A POSTROUTING -p tcp -o wan -j MASQUERADE

    It's important to note that these rules are not persistent and will be lost after reboot. To make them persistent, you can use tools like iptables-persistent or other tools that can save and restore iptables rules across system reboots.

    Also, you will need to make sure that your Firewalla is correctly configured to forward traffic to the Pi-hole container, and that the IP address of the Pi-hole container is correctly configured on the Firewalla.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post