Freedom from Ads with Pi-Hole and Macvlan

Raspberry Pi Pi-Hole Ad Blocker

Block Ads to Your Entire Network Using Pi-Hole

Pi-Hole is a fantastic ad-blocking software that can run on a Raspberry Pi or pretty much any other Linux or Windows machine. Most websites that can detect ad-blocking cannot detect Pi_hole and Pi-Hole protects your entire home network. It acts as a personal DNS server which can block advertising or other objectionable sites from your network using blacklists (similar to OpenDNS but completely configurable by you with unlimited whitelists and blacklists). Once it blocks the sites that are on its blacklist, it hands the DNS search off to a secondary DNS (either your ISP’s or one you designate such as Google’s or OpenDNS), thus providing you a second opportunity to filter.

Easiest Install Ever Without Hogging Your Server

There are may how-tos out there on how to install Pi-Hole, but this method provides the following advantages:

  • uses Docker to compartmentalize the installation from the rest of the files on your computer,
  • stores configuration files on your physical computer rather than in the container,
  • grants the Pi-Hole server a separate IP address from the physical computer you are running the container on (this allows you to install other services that would otherwise conflict with Pi-Hole as Pi-Hole tends to listen to all relevant ports).

This post and configuration is based on Tony Lawrence’s setup for synology. It uses the Macvlan network driver to provide the Pi-hole server an IP address separate from the physical computer on which the container is running.

Note
  1. MacVlan only works with ethernet so your server should be connected to a hard wired connection, and
  2. As of April, 2020, there is currently a bug with the latest 4.19v7 kernel of Raspbian which will prevent macvlan from working but there is a fix. See the note at the end of this post for more details. As far as I am aware this only has occurred on Raspbian and does not apply to other distros.

Installing Pi-Hole – Easy as Pie

  1. Install Docker on a Linux computer (I use a Raspberry Pi).
  2. Install Docker-Compose.
  3. At the console enter the the following commands to download the docker-compose yaml file:
  4. Open the docker-compose.yaml file in your favorite text editor and edit as indicated by the #comments to add the IP address you want to assign to the Pi-hole container, as well as other network configurations:

  5. When done editing, save your changes and exit your editor.
  6. Copy files over from the image (this step should be done automatically by the volume attachment when the image is created by docker-compose but it did not work for me so I’m doing it manually here):
  7. Now start up the container:

    You can omit the second line if you don’t want to see the logs. If you keep it, when you see “Pi-hold blocking is enabled”, “Starting lighttpd” and “[services.d] done.]” the container is up and running:

    Pi-Hole Container Starting Up

    You can now can cancel out of the logs by hitting “Ctrl-C”.

  8. After a few minutes you will have Pi-Hole up and running. Type the IP4 address you revised on line #23 of the docker-compose.yaml file (e.g., 192.168.0.210), and you should see the following in your browser:

    Pi Hole Logo - Did you mean to go to the admin panel

  9. If you click on the admin link you will see the following:

    Pi-Hole Dashboard

  10. Now login to your router, and edit your router settings so that the configured DNS matches the ip address on line #23.
    For example, on my router the configuration is as follows:

    DDWRT DHCP Router Settings

  11. It’s now up and running – blocking all ads to all of the computers, phones, tablets, and other devices in your home that are on your internal LAN or Wifi networks (obviously it won’t block cellular data).
  12. Read the documentation on the Pi-Hole website to configure the various options. The most common configuration changes will be to add certain sites to the whitelist (Pi-Hole has been known to block good web sites or server URL’s that are necessary for some functions like comments). You may also want to add blacklists other than the defaults.

    Shutting Down Pi-Hole Using Docker

  13. Best to disable Pi-Hole in the web admin interface but if you really want to shut down the service type the following at the console:
    Keep in mind that wants this shuts down your network will no longer have a DNS service so your internet won’t work. Make sure you edit your router configuration to replace the Pi-Hole ip with the IP address of another DNS service (your ISP’s, Google’s, or OpenDnS for example).

    Updating Pi-Hole Using Docker

  14. Updating Pi-Hole is easy when it is in a container. At the command line of your Linux server simply issue the following within the ~/docker/pihole directory:

  15. Raspbian Kernel 4.19 Bug Affecting Macvlan

    RASPBERRY PI BUG ALERT FOR MACVlAN: As I write this, there is currently an outstanding bug with the latest Raspbian 4.19.7 kernel published on February 13, 2020 which prevents macvlan from working properly within a container on Raspbian PI (it does not expose its services to those outside its container). To fix, you can do a “sudo rpi-update” and reboot which will provide the bleeding edge update to the firmware and the kernel (currently updates kernel to 4.19.113-v7+). Do this only at your own risk! I did and the update to 4.19.113-v7+ went without a hitch and fixed the problem, but this update may cause other problems on your server as it’s an experimental update. The bug does not occur on earlier or later versions of the kernel.

5 Comments

  1. MV

    Hello and thank you for your guide!

    I am running this on my debian server x64.
    I have setup the MacVlan to 10.0.0.2 while the server itself has 10.0.0.3 (Static)

    Pihole is running as DHCP and all clients are showing up. but there is no way I can reach the server (10.0.0.3) via the hostname (Ok via IP)

    I tried to add the server as DNS name in pihole webgui but it’s not working

    ping: cannot resolve server.lan: Unknown host
    ping: cannot resolve server: Unknown host

    Do you have any idea?

    • Charlie

      I just make the Pihole box a static ip and use the internal IP address.

      But if you need to use domain names, in Pihole dashboarrd, try going to Settings->DNS, to Advanced DNS settings at bottom. Read the Note on “Conditional Forwarding” stating that “If not configured as your DHCP server, Pi-hole typically won’t be able to determine the names of devices on your local network.” Try either using PiHole as your DHCP server OR try conditional forwarding, as it explains: “One solution for this is to configure Pi-hole to forward these requests to your DHCP server (most likely your router), but only for devices on your home network. To configure this we will need to know the IP address of your DHCP server and which addresses belong to your local network. Exemplary input is given below as placeholder in the text boxes (if empty).”

    • Charlie

      Just experimenting with this. I found that adding the host name and associated IP address to Local DNS records in Pihole (Dashboard Menu->Local DNS->DNS Records) does indeed work if you add a “.” (dot) after the domain name.

      For example if “pihole” is set to “192.168.0.43” on your network, then “pihole.” will resolve.

      Also try the condtitional forwarding in my prior comment and make sure that your router also has a default domain name set. Try with and without the domain name (e.g., if “lan” is default domain, try pihole.lan”. Just adding the dot does appear to indeed work though if you add it to the pihole’s Local DNS Records.

  2. Stamatis Kavvadias

    Hi…

    I have been trying to apply this macvlan approach with an Ubuntu 18.04 desktop, as docker host.
    I tried both your, as well as tonylawrence.com code for synology. Neither works!
    No DNS resolution; no access to DNS configuration web API.
    ‘ifconfig’ does not show the configured ServerIP/ipv4_address or MAC address in any interface, nor does ‘ip link’.

    I also tried the variant of macvlan network, the 802.1q trunked macvlan network. With this, ‘ifconfig’ shows a new network (sub)interface, but still no IP or MAC address is set; and no connectivity, as in the former case.

    It looked really good, but it doesn’t work…

    PS:
    Docker version 20.10.5, build 55c4c88
    Docker Pi-Hole v4.2.2

    • Charlie

      I’m not sure, sounds like a gateway/DHCP issue with the machine itself ? Make sure the server itself has internet access before testing the Pihole container. Make sure /etc/resolv.conf has correct nameserver (try 8.8.8.8).

Leave a Reply to MV Cancel reply

Your email address will not be published. Required fields are marked *

*******************************************************