I have just rebuilt my Proxmox machine and got pfSense up and running again so that I can use everything as I would normally. I decided a while ago that I needed to get on the PiHole bandwagon and block ads network-wide rather than just on my own devices, per browser, etc.
ISP modem > pfSense (as router+DHCP server) > rest of network.
I have pfSense set as the .1 in my subnet, PiHole as .2.
Supposedly, all I need to do is set the DNS address to that of my PiHole server in the DHCP settings on pfSense. I did that and got no internet + DNS errors.
Is it possible to have pfSense acting as a full router but still pass internet to PiHole which handles DNS requests?
To add to the confusion, don’t forget both pfSense and PiHole are run as VMs on Proxmox.
What is the PiHole forwarding to, though? I bet it’s the .1 giving you a loop?
We have our own DNS and run OPNsense, so we have our DHCP put our local DNS address in the DHCP leases, that way they look locally first, then the local DNS (PiHole in your case) can forward to the .1 which can forward to the ISP or wherever. Our OPNsense router doesn’t need to look up things on our local DNS, so it just forwards upstream only.
I don’t know exactly what you mean by all of that as I’m still learning a lot of networking stuff.
Are you saying that I should have normal DNS settings on the WAN side of pfSense, have it also provide DNS on .1, then have PiHole also provide DNS to everything but on .2, and point it at .1? I’m not sure if I follow what you’re suggesting…
EDIT: And what exactly is the difference between the gateway and DNS server?
No, in your DHCP config, you should put your PiHole as the DNS server since that’s what you want it to do. That will make your DHCP clients (PCs, tablets, etc) use the PiHole for address lookups.
In your PiHole’s config, where you set up a forward DNS, that’s where you put the pfSense router’s address.
pfSense shouldn’t have the PiHole’s address set in any of its DNS settings. Just use the DNS provided by your ISP or some other one (CloudFlare, etc) that you want to use.
A gateway is where packets from your network that are going to another network have to pass through. It’s literally a gateway.
A DNS server is a service that translates addresses like “forum.level1techs.com” into an IP address. PiHole is used to create a DNS service that translates addresses like “spy.doubleclick.net” etc into fake IP addresses, so your browser won’t even be able to fetch them.
Perhaps I should post about how to configure pi-hole and opnsense redirects in my blog.
If there’s a demand for how it’s done.
Basically what you want is what buffy said. Set the DNS in dhcp. If you are using this it’s best to configure static addresses via a static lease
You have two options for redirects. You can either redirect ALL dns traffic to the pi and have the pi exit via DoT or DoH or you redirect all with exception to the pi allowed 53 out. These are simple lan and wan rules to setup on both opnsense and pfsense but make sure you have the pi-hole working and configured as you want it first
I would be very interested in learning how to setup pi-hole and opensense. Pfblockerng looks way more advanced than my simple needs. I need a way to block adds and keep adds from creating their own browser tab.
Thanks for all the useful knowledge, guys. Looks like I did have things in my head as they were supposed to be and I’m now just overthinking. Not sure what’s up with my network now though as it’s very slow to respond - sometimes showing as no internet. Like there’s either a loop or DNS issue. The Pihole VM is offline at the moment so I don’t understand why it’s broken. Haha! I shall have a play around and see where it gets me.
@PhaseLockedLoop Thanks for the guide you posted on how to set up a Pi-Hole. I did get it set up yesterday, and it seems to work, but I was a little disappointed the Pi-Hole didn’t block any Youtube adds or adds on my IPTV service. The reason might be the adds are merge with the programming, or I need to find a different Pi-Hole list to add to my Pi-Hole. I know the Pi-Hole is working (hence my statement seems to work) because this morning, when I tried to use my IPTV service. The IPTV service wouldn’t work unless the Pi-Hole were running. It is blocking some ads on certain websites I visit, so it should be working.
I am so impressed with the Pi-Hole concept I am thinking of purchasing a Raspberry Pi Official Pi 4 Essentials Kit - 8GB to retire my Pi_hole VM and have my Pi-Hole running 24 /7 instead of having it only available when my desktop is running. If you could share your block list or point me in the right direction, I would be so grateful. Thank again for your post.