Sorry I meant to say did I need to run it off the router instead of the pihole as when it drops off, so does dhcp server.No. Never run two DHCP servers on the same subnet.
Sorry I meant to say did I need to run it off the router instead of the pihole as when it drops off, so does dhcp server.No. Never run two DHCP servers on the same subnet.
I don't know what you're doing with DHCP servers as you've never said. I was assuming the router was still acting as the one and only DHCP server on your LAN. If that's not the case then you can probably ignore everything suggested in this tread.Sorry I meant to say did I need to run it off the router instead of the pihole as when it drops off, so does dhcp server.
I gave up last night and just went with 1.1.1.1 & 9.9.9.9What’s in /etc/resolv.conf? Found this discussion of strict-order:
nameserver 1.1.1.1
nameserver 9.9.9.9
nameserver 192.168.1.146 (my pihole ip)
nameserver 9.9.9.9 (Also tried my cloud pihole ip to no avail)
You'll have to describe your current configuration (router and pihole(s)) in detail. All we know at the moment is that you started based on some thread on reddit and then made some other changes based on information here. We also don't know anything about how your Piholes are setup.Keen to work this one out if anyone is available to assist.
You'll have to describe your current configuration (router and pihole(s)) in detail. All we know at the moment is that you started based on some thread on reddit and then made some other changes based on information here. We also don't know anything about how your Piholes are setup.
FYIYou'll have to describe your current configuration (router and pihole(s)) in detail. All we know at the moment is that you started based on some thread on reddit and then made some other changes based on information here. We also don't know anything about how your Piholes are setup.
iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ACCESS_RESTRICTION
-N DNSFILTER_DOT
-N FUPNP
-N INPUT_ICMP
-N INPUT_PING
-N NSFW
-N OVPN
-N PControls
-N PTCSRVLAN
-N PTCSRVWAN
-N SECURITY
-N default_block
-N logaccept
-N logdrop
-N other2wan
-A INPUT -p icmp -m icmp --icmp-type 8 -j INPUT_PING
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT ! -i br0 -j PTCSRVWAN
-A INPUT -i br0 -j PTCSRVLAN
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -m state --state NEW -j OVPN
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -p icmp -j INPUT_ICMP
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT-A FORWARD ! -i br0 -o ppp0 -j other2wan
-A FORWARD ! -i br0 -o eth0 -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -j NSFW
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A FORWARD -m state --state NEW -j OVPN
-A FORWARD -i br0 -p tcp -m tcp --dport 853 -j DNSFILTER_DOT
-A FORWARD -j DROP
-A DNSFILTER_DOT -m mac --mac-source B8:27:EB:51:0E:3E -j RETURN
-A DNSFILTER_DOT ! -d 192.168.1.146/32 -j REJECT --reject-with icmp-port-unreachable
-A FUPNP -d 192.168.1.147/32 -p tcp -m tcp --dport 32400 -j ACCEPT
-A FUPNP -d 192.168.1.131/32 -p tcp -m tcp --dport 55555 -j ACCEPT
-A FUPNP -d 192.168.1.131/32 -p udp -m udp --dport 55555 -j ACCEPT
-A INPUT_ICMP -p icmp -m icmp --icmp-type 8 -j RETURN
-A INPUT_ICMP -p icmp -m icmp --icmp-type 13 -j RETURN
-A INPUT_ICMP -p icmp -j ACCEPT
-A INPUT_PING -i ppp0 -p icmp -j DROP
-A INPUT_PING -i eth0 -p icmp -j DROP
-A PControls -j ACCEPT
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A SECURITY -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j RETURN
-A SECURITY -p icmp -m icmp --icmp-type 8 -j DROP
-A SECURITY -j RETURN
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
-A other2wan -i tun+ -j RETURN
-A other2wan -j DROP
This is exactly what I have setup as of yesterday when I said I disconnect primary pi, it goes offline. I followed the instructions. It isn't working.Make sure you have it setup exactly as shown in the other post here, not like the reddit post. You should have 2 LAN DNS severs defined. Advertise router's IP in addition to user-specified DNS should be set to No.
You also need to add strict-order as discussed.
Can you post a screen shot of your LAN - DHCP Server page. Those instructions were for John's fork which is what I use, Merlin's firmware may be different.
EDIT: Might as well post screen shots of the DNSFilter and WAN DNS settings.
The possibly relevant difference between the fork and Merlin is that Merlin uses no-resolv and servers-file in dnsmasq.conf. The fork uses resolv-file, if memory serves. Behavior might be different.Those instructions were for John's fork which is what I use, Merlin's firmware may be different.
Assuming you enable the DHCP server, are you intentionally using a 192 second lease time for testing, or did you assume it was a different unit of time besides seconds (86400 is the default)? Or did you start typing an IP address in there by accident?
Correct, was using PiHole as DHCP. That's why I asked did it matter if it was on the router or not.DHCP server enabled.
OMG, maybe that was causing me to drop out yesterday when I had that enabled. I was using 192 on pihole as it was in hours. Forgot about the router being in seconds..Assuming you enable the DHCP server, are you intentionally using a 192 second lease time for testing, or did you assume it was a different unit of time besides seconds?
and I said it did matter because you have to use the router's DHCP server. EDIT: Maybe I wasn't explicit enough in saying these instructions won't work if you're using the Pi as a DHCP server.Correct, was using PiHole as DHCP. That's why I asked did it matter if it was on the router or not.
and I said it did matter because you have to use the router's DHCP server.
Looks OK. But as Dave said there are differences in Merlin's firmware that might be an issue.Does everything else look fine? Only other thing I can see is default gateway and domain name but I think they've been blank since day dot.
It will contain WAN DNS 1 and 2:Do you know where the server-file is and what it usually contains?
# grep servers-file /etc/dnsmasq.conf
servers-file=/tmp/resolv.dnsmasq
# cat /tmp/resolv.dnsmasq
server=9.9.9.11
server=149.112.112.11
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!