PiHole HA with 3 subnet setting help

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
MaxiHP
DD-WRT Novice


Joined: 19 Apr 2019
Posts: 21

PostPosted: Sat Jul 29, 2023 21:04    Post subject: PiHole HA with 3 subnet setting help Reply with quote
I dont know if this is advanced netrworking issue sorry if this is the wrong location. I searched the forums and the interweb I cant find or what I do find is senseless to me.

Everything is Static Lease on each router meaning the MAC address is in the lease is on each one if it is necessary to use that path out to the intenet.

AT&T gateway BGW 210 passthrough to main router

I have 3 subnets

Main 10.0.20.0/24 (255.255.255.0)
VPN 10.0.21.0/24 (255.255.255.0) from 10.0.20.253 to wan
IoT 10.0.22.0/24 (255.255.255.0) from 10.0.20.252 to wan

Image of network and DD-WRT firmware attached.

I have 2 Raspberry Pi 4B 8gb set up with PiHole Hi Availability @
10.0.20.249
10.0.20.250
with Virtual IP
10.0.20.20

Issue is how to set up the firewalls to let all 3 subnets use the virtual PiHole. I believe it should be
Main 20 network
# DNS to PiHole
iptables -t nat -I PREROUTING -i br0 -s ! 10.0.20.20 -p tcp --dport 53 -j DNAT --to 10.0.21.1
iptables -t nat -I PREROUTING -i br0 -s ! 10.0.20.20 -p udp --dport 53 -j DNAT --to 10.0.21.1
iptables -t nat -I PREROUTING -i br0 -s ! 10.0.20.20 -p tcp --dport 53 -j DNAT --to 10.0.22.1
iptables -t nat -I PREROUTING -i br0 -s ! 10.0.20.20 -p udp --dport 53 -j DNAT --to 10.0.22.1

This is if I attach the PiHole to the Main 20 network I believe it is better to use the VPN 21 network to take advantage of the NordVPN DNS servers

I did not set up Vlans or routing tables I would imagine they would go on the Main 20 network to point to the Virtual Pi Hole.

For some reason this is very confusing to me I would need a detailed outline to follow. I dont want to use the Main as the DHCP for the entire network each machine having its own DHCP / Static leas works well but I don't know if this is the beat practice

As this set up works with dedicated PiHoles in each network I want to update to take advantage of the HA application and actually reduce the Raspberry Pi's to 2 from 3

All my Firesticks (with Kodi) and other more private hardware/applicatons are on the VPN
TVs and IoT Cameras, Power Outlets, Echo and other Chinese listening crap are on the IoT Network
Most of the family PC's are on the Primary network but are capable to jump on the VPN network Via Static leases set up on the 2 networks

Any help you can give is greatly appreciated.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13532
Location: Netherlands

PostPosted: Sun Jul 30, 2023 7:45    Post subject: Reply with quote
Try this, on your main router just use:
Code:
iptables -t nat -I PREROUTING -i br0 -s ! 10.0.20.20 -p tcp --dport 53 -j DNAT --to 10.0.20.20
iptables -t nat -I PREROUTING -i br0 -s ! 10.0.20.20 -p udp --dport 53 -j DNAT --to 10.0.20.20


This will redirect everything which is connected to the main router (including all the other routers/subnets) to the PiHole except traffic from the PiHole itself (as that should go out via the WAN Smile )

BTW very good drawings, makes it easy to see what is going on, kudos!

Edit:
Moved this to the Advanced Networking forum where there is also a very good sticky about "use Pi-Hole as simple DNS-Server with DD-WRT"

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
MaxiHP
DD-WRT Novice


Joined: 19 Apr 2019
Posts: 21

PostPosted: Wed Aug 02, 2023 17:57    Post subject: Resloved Reply with quote
I have them configured with the Main 20 however I am having an issue with PiHole the HA set up works but I cant get gravity to update. Not your issue just scratching my head at this point.
I believe the original issue and response should close this issue.

BTW thanks for the Kudos I did not expect that. Perhaps you can use that as a template example for others...
MaxiHP
DD-WRT Novice


Joined: 19 Apr 2019
Posts: 21

PostPosted: Thu Aug 03, 2023 15:48    Post subject: Resolved -- epilogue -- Bonus PIHole with HA Reply with quote
Last point for those contemplating this update.

I have PiHole with Unbound, Stubby, Netlog, as my base image. I had log2ram but that is a bit buggy for me.

I don't static IP any config files in the PiHole I have static leases in the DD-WRT routers there are no issues and I can move or add a Mac address and change the hardware in the service tab.

As the /etc/host and /etc/pihole/custom.list files are identical in both they are easy to maintain I pull the list out of DD-WRT WOL tables.

Each router hands out its own IP range the Static Lease MAC is in their Service Tab which is easily updated loading it through nvram commands

this is the write up I followed.

https://www.reddit.com/r/pihole/comments/d5056q/tutorial_v2_how_to_run_2_pihole_servers_in_ha/

I did tweak some things but I can't say you should follow me just made it fit my landscape.

Any specific issues that I had to change in the write up I made a txt document with each command step by step then updated it for each mistake along the way.
One for Primary and one for Back Up as there are specific elements in each.

trust me the original txt is different than the final.

Use the smallest SD card helps speed up the process cycle, 10 minutes to write 15 to read/capture.

I created an image on one pi then copied it with diskimager then once compete and functional on both I made another copy of each to have and look at files should one get corrupt.

Best news I now have 3 extra RaspberryPi 4B+ 8Gb. Maybe 3 in sync is the next bold adventure....

The bonus is with 2 synced you can update gravity on the one that is idle and it pushes the update to the other. It is way faster to use the idle PiHole and do experiments. You can take down one and not effect anybody unless you are real wild and they both go down.

I am no expert and at my age (60+) I can hack with most and end up with something nobody else will recognize... Then I beg for help!

Again thanks for the support. This is a very helpful community and the experts are top drawer.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum