Docker Community Forums

Share and learn in the Docker community.

Raspi 4 PiHole Docker Cloudflared ipv6 challenge

Hi,

I am currently struggling at enabling IPv6 for PiHole in a docker container.
At the moment I have a Raspi 4 running docker with 2 containers.
One is pihole, the other one i cloudflared.
Both connect on a separate macvlan network with a small IP Range /30 via IPv4.
The request from pihole with be forwarded to the cloudflared container at #5053 and everything is working smooth.

I now would like to replace my old Raspi 2B+ with a native pihole installation. The only thing that is missing, is ipv6 for pihole in docker.

And that is where the problems start.
At the moment I tried the following:

  1. I enabled IPv6 for Docker via /etc/docker/daemon.json:
{
    "ipv6": true,
    "fixed-cidr-v6": "2003:xxx:xxxx:xxxx::/64"
}

There is my first question. Is it correct to use the global ip range of eth0 or should I use the “fd00::/64” address?

  1. I created a new macvlan configuration with a /64 subnet for the IPv6 address and also created the network itself, connected it to the pihole container and added the IPv4 address. I left the IPv6 open to see what happens.
    When the container is started, the inspect shows an IPv6 address and it is also pingable and I can connect to the website via that address to the admin panel.
    But in the admin panel for the ipv4 and the ipv6 address only 0.0.0.0 and 0:0:0:0:0:0 is shown.

So what exactly do I have to do to enable ipv6 via macvlan for the pihole and cloudflared container and which address do I have to use?

Thanks a lot in advance.
shirocko

Static IP
We’re going to want to set a static IP for the Raspberry Pi. You can do this a couple of ways, but we’re goint to do it on our router. In the DHCP section, you can set a static IP for a device if you know it’s MAC address. On your Pi, run ip link and you should get some output like this:

$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether b8:27:eb:00:00:01 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether b8:27:eb:00:00:02 brd ff:ff:ff:ff:ff:ff
The MAC address is the bit next to “link/ether” under eth0, so in our case “b8:27:eb:00:00:01”. We can assign a static IP to this from the router.

Now we want to force the Pi to renew it’s DHCP lease. Note that this is going to change the IP of the Pi, so once you do this you’ll get booted out and have to login again:

sudo dhclient -r && sleep 5 && sudo dhclient
Set Hostname and Upgrade
Run these commands to set our hostname:

Create a user for us to use other than ubuntu

sudo adduser jason
sudo usermod -aG sudo jason
echo “jason ALL=(ALL) NOPASSWD:ALL” | sudo tee -a /etc/sudoers

Set our hostname

sudo hostname pihole
echo pihole | sudo tee /etc/hostname

Upgrade Ubuntu (this can take a LONG while…)

sudo apt update && sudo apt upgrade -y
The upgrade can take a really long time. So long, it’s likely you may drop your SSH sesssion for one reason or another. If this happens, you can check to see if the upgrade is still happening with:

watch “ps -ef | grep apt | grep -v grep”
This will list all the processes with “apt” in the name and refresh it every 2 seconds. If you see apt upgrade running, then the upgrade is still going.

Docker
For a long time I ran cloudflared and Pi-hole using Docker. This works well, so long as you’re not running any other docker containers, but you can run into some challenges if you want other docker containers on the same host to use Pi-hole to lookup DNS entries. You end up having to run cloudflared using --network host, because otherwise you can’t easily configure what IP Pi-hole should connect to, and then you run Pi-hole as --network host, but then you run into problems with other docker containers that are not running as --network host being unable to connect to Pi-hole to resolve domain names.

But, if you want to install docker:

curl -sSL https://get.docker.com | sh
sudo usermod -aG docker ubuntu
And then go look at these instructions.

Hello lewish95,

at first thanks a lot for your large reply.
Currently I still have static ip addresses for the Raspi and also the hostname etc. is set the way I want to have it.
Currently I am struggling with IPv6 in docker, not on the host.

I have chosen the implementation with docker on purpose.
I want to run multiple containers on that Raspi and port 53 is already used by another software on that machine and I also want to have a separate ip address for the pihole container.
So at the moment I was able to activate IPv6 for Docker and I also configured the address for the pihole and cloudflared container, but I got an address conflict.
When I activate the subnet “fd00::/64” for the docker network and I also use it for the macvlan, then docker crashes at next startup due to address conflict.
But if I choose another subnet like “fd01::/64” I cannot set the gateway to “fd00:…” because it is out of the range of the network.
How can I combine two different IPv6 or the same IPv6 subnet to work the way I want it?

That is currently not the problem as I have the name resolution of the router a fallback.
And there als also other ways to handle that problem.

But this should not be the point at the moment.

Thanks
shirocko

Sorry, but @lewish95 is a bot that just posts unrelated, unformatted and plagiarized content from the internet here, in this case from Setting up a Raspberry Pi as a Pi-Hole Server. I’ve flagged it. Please see Why does this forum feel so unmoderated? - #23 by avbentem and flag if you agree.