Hi people. I am running pihole under podman and its dedicated system account on my NAS. Now, from the NAS, I get a connection refused on ip.of.the.nas:53 but everywhere else in my network, pihole works perfectly. To run pihole as a rootless container, i made it listen on 1053 and I have a firewall redirection from 53 to 1053 for both udp and tcp. Any pointer to where (and how) I can debug this ?

Edit: Small precision about my current setup : ISP router (so I can’t really do anything on it) and NAS running opensuse leap

  • JASN_DE@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    19 days ago

    The request from the other machines go through the firewall and are being redirected, the requests from the NAS are basically trying to connect to localhost, so no redirection here as the requests aren’t leaving the machine.

    • BluescreenOfDeath@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      19 days ago

      I agree.

      So the solution, OP, is to set the DNS settings on your NAS to your router’s internal IP so the firewall can redirect the traffic to your new port.

      • IsoKiero@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        0
        ·
        19 days ago

        As it’s only single device I’d suggest configuring DNS server for that to <ip-of-nas>:1053. Port forwarding rule on the nas firewall most likely applies only to ‘incoming’ traffic to the nas and as locally generated DNS request isn’t ‘incoming’ (you can think it as ‘incoming’ traffic is everything coming via ethernet cable into the nas) then the port redirection doesn’t trigger as you’re expecting.

        • BluescreenOfDeath@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          19 days ago

          An inbound only DNS forwarding rule would be pointless. All DNS queries should be originating from within the network.

          EDIT

          I think I see what you’re getting at. Assuming that the firewall is running on the NAS vs on the router.

          The OP doesn’t specify, but I would assume the firewall rule would be on the router, as that makes the most sense to force all DNS requests on the network to go through the pihole.

          • IsoKiero@sopuli.xyz
            link
            fedilink
            English
            arrow-up
            0
            ·
            19 days ago

            If the firewall was running on a router then you’d need to DNAT back to the same network from which they originated and that is (in general) quite a PITA to get running properly. My understanding is that the firewall doing port forwarding is running on the NAS. And we don’t have much information on what that ‘NAS’ even is, I tend to think devices like qnap or synology when talking on NAS-boxes, but that might as well be a full linux-system just running CIFS/NFS/whatever.

            OP could obviously use his router as a DNS server for the network and set upstream DNS server for the router to pihole, but that’s a whole different scenario.

            • mat@jlai.luOP
              link
              fedilink
              English
              arrow-up
              0
              arrow-down
              1
              ·
              19 days ago

              For now my NAS it not really running anything (I want to have proper DNS/IDM before starting any other service and for storage I think I may go with owncloud ocis or nextcloud)