Cant you just set PiHole's IP as DNS on your clients?
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Yes, especially if you use it as your dhcp server.
I've done something similar in Ireland, where ISP router was the only way to connect. Managed to setup everything on OpenWRT router, but it kept disconnecting, so I put openwrt router behind ISP router.
Interesting thing I found in ISP router is DMZ host - just point it to your own router and that's it. Basically ISP router doesn't exist lol.
Then you have absolute freedom with your router.
I ran like this for years. As long as you have DMZ/exposed host functionality everything works great. The only thing that needed some massaging was IPv6, but if you want/need that, you probably know enough about it to get it working.
“Double NAT” is a bit of a bugbear in the home lab community, but as long as you can port forward in bulk you should not even notice it, aside from a tiny bit of additional latency.
Bridge mode on the ISP router is what you want. Then it just passes through the internet connection to the internal router on the edge of your network. It's what I do with Comcast.
Connect the router's WAN port into the cable modem. Plug your stuff into the router LAN ports or connect to the new router wifi. Set pi hole to a static address and then set the router's DNS to point to that. Remove any secondary DNS in the router settings. Reboot everything and make sure it all works. That should be about it.
I had this same problem but Pihole can act as your DHCP server too. I turned off DHCP on my ISP router, turned it on in Pihole and configured my range (with some buffer for static IPs for servers and others) and off it went. When all my clients (laptops, workstations, phones, etc.) requested an IP (which I saw them trickle in almost immediately), they got their IP from Pihole and also automatically directed all DNS queries to Pihole. No need for complicated setups.
Edit: fix typos.
I don't see why it shouldn't work. I have my ISP router set to pass through mode and my mikrotik router behind it
Yes, that will work. On your router plug in WAN (or whatever that's called on your router) port to the ISP router, set up IP-range and NAT (plus DHCP and whatever other services you might want to use) and plug in the rest of your network on the LAN side of the router. That way the only thing ISP router will see is your own router and everything else is behind that & yours to configure however you wish.
I've ran setup like this on several locations and (if possible) I've used bridged port on the ISP router, so that ISP router is only a 'media converter' and my own router connects directly to the public internet. Just make sure to have proper firewall configuration and keep safety in mind when doing that. If bridging isn't possible your traffic just goes trough NAT twice (your router and ISP router) which in some odd edge cases can cause problems, but they're very rare.
It's not really optimal, having two firewalls and double NAT. Maybe check if your ISP router supports a modem-only mode.
This is also sometimes referred to as "bridge" mode. Even if the ISP doesn't officially support it, some googling may reveal how. It's shockingly easy to find the default credentials for these things, for example.
Wireguard + pihole?
You can do this with Tailscale. Added plus is you can then use Tailscale on you phone to access your pihole for DNS when on the go.
https://tailscale.com/kb/1114/pi-hole/
https://shotor.com/blog/run-your-own-mesh-vpn-and-dns-with-tailscale-and-pihole/