Top client shows only one IP (which I don't even recognize)

[arsaboo]

I started using this image on my Synology NAS and have been very happy with it...thanks a ton!

I just have one issue that I am not able to resolve, in the Top Clients section, I see all the requests from one IP address (172.17.0.1). This is particularly interesting, given that 172.17.0.1 is not an IP from my network (at least I don't recognize it). All the IP addresses in my local network have the format 192.168.2.*.

I was hoping that I could see the request per IP address. I am using and Asus router with Merlin firmware (if that helps). I am not sure if it is a bug or something that I need to fix at my end. Thanks for looking into it.

[AzureMarker]

Is your Pi-hole accessible from the internet? Run pihole -d for a debug token.

Actually, that is a Docker internal IP address. @diginc would know more about why it's the only client.

[arsaboo]

Here's the debug token - smtw8e6m6a

Let me know if you want me to paste the log here. Thanks!

[diginc]

When a router cannot directly hand out DNS the only option is to have it relay. Mine does this too where my clients still point to my router and my router points to the pihole. the real addresses of the clients are lost in the process.

[arsaboo]

That is unfortunate. Here are few threads that I stumbled upon (although none of them are using a docker container):
https://www.reddit.com/r/pihole/comments/4rdg5m/top_clients_only_shows_router_ip/
https://www.reddit.com/r/pihole/comments/5gz6dz/trouble_getting_docker_based_pihole_to_work/

I guess, we will have to live with that.

[diginc]

@Mcat12 pointed out that is the docker gateway IP address so the router explanation isn't quite right.

What is your docker run command and what is the output of docker logs pihole | head -35

Also what version of docker?

[arsaboo]

I am using the latest version of Docker (1.11.2-0.325) on my Synology NAS and the latest version of the image that was released 8/10 hours back. I used the GUI to initiate the container. Here are the settings:

{
  "cap_add": [],
  "cap_drop": [],
  "cmd": "",
  "cpu_priority": 0,
  "ddsm_bind_share": "",
  "devices": [],
  "enable_publish_all_ports": false,
  "enable_restart_policy": false,
  "enabled": true,
  "env_variables": [{
    "key": "TZ",
    "value": "America/New_York"
  }, {
    "fixed": false,
    "key": "PATH",
    "value": "/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  }, {
    "fixed": false,
    "key": "IMAGE",
    "value": "debian"
  }, {
    "fixed": false,
    "key": "setupVars",
    "value": "/etc/pihole/setupVars.conf"
  }, {
    "fixed": false,
    "key": "PIHOLE_INSTALL",
    "value": "/tmp/ph_install.sh"
  }, {
    "fixed": false,
    "key": "S6OVERLAY_RELEASE",
    "value": "https://github.com/just-containers/s6-overlay/releases/download/v1.19.1.1/s6-overlay-amd64.tar.gz"
  }, {
    "fixed": false,
    "key": "PHP_ENV_CONFIG",
    "value": "/etc/lighttpd/conf-enabled/15-fastcgi-php.conf"
  }, {
    "fixed": false,
    "key": "PHP_ERROR_LOG",
    "value": "/var/log/lighttpd/error.log"
  }, {
    "fixed": false,
    "key": "IPv6",
    "value": "True"
  }, {
    "fixed": false,
    "key": "S6_LOGGING",
    "value": "0"
  }, {
    "fixed": false,
    "key": "S6_KEEP_ENV",
    "value": "1"
  }, {
    "fixed": false,
    "key": "S6_BEHAVIOUR_IF_STAGE2_FAILS",
    "value": "2"
  }],
  "exporting": false,
  "id": "9375e5086f75a3734f20be6990ff937c748e7880831ac41f1d14627131ca3877",
  "image": "sha256:bf10d7dce4f463173db4d932f8aadcb5f4f09a9cef74d0cb5631ad834ae553d9",
  "is_ddsm": false,
  "is_package": false,
  "links": [],
  "memory_limit": 0,
  "name": "diginc-pi-hole1",
  "network": [{
    "driver": "bridge",
    "name": "bridge"
  }],
  "port_bindings": [{
    "container_port": 53,
    "fixed": false,
    "host_port": 53,
    "type": "tcp"
  }, {
    "container_port": 53,
    "fixed": false,
    "host_port": 53,
    "type": "udp"
  }, {
    "container_port": 80,
    "fixed": false,
    "host_port": 7780,
    "type": "tcp"
  }],
  "privileged": false,
  "shortcut": {
    "enable_shortcut": false
  },
  "ulimits": [],
  "use_host_network": false,
  "volume_bindings": [{
    "fixed": false,
    "host_volume_file": "/docker/PiHole",
    "mount_point": "/etc/pihole",
    "type": "rw"
  }],
  "volumes_from": null
}

Here are the logs:

ash-4.3# docker logs diginc-pi-hole1 | head -35
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific setup for docker diginc/pi-hole
ERROR: To function correctly you must pass an environment variables of 'ServerIP' into the docker container with the IP of your docker host from which you are passing web (80) and dns (53) ports from
:::
::: Neutrino emissions detected...
:::
::: Pulling source lists into range... done!
:::
::: Getting raw.githubusercontent.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting mirror1.malwaredomains.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting sysctl.org list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting zeustracker.abuse.ch list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting s3.amazonaws.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting s3.amazonaws.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting hosts-file.net list... done
:::   Status: Not modified

[diginc]

ERROR: To function correctly you must pass an environment variables of 'ServerIP' into the docker container with the IP of your docker host from which you are passing web (80) and dns (53) ports from

Looks like ServerIP didn't get set correctly. This is a known issue I need to address, before it would cause the docker to die instantly but s6 doesn't seem to be quitting immediately during container init script errors.

[arsaboo]

I added the ServerIP and it shows in the container details (192.168.2.113 is the NAS IP):

[diginc]

Does synology allows live editing of the environment variables? The "env_variables": [{ block you pasted from your docker inspect does not list ServerIP yet your screenshot obviously has it. Live editing values without informing the user you have to re-create a container may explain this.

[arsaboo]

The env_variables that I pasted was before I added the ServerIP. After your comment, I added the ServerIP. Here's the updated block:

{
  "cap_add": [],
  "cap_drop": [],
  "cmd": "",
  "cpu_priority": 0,
  "ddsm_bind_share": "",
  "devices": [],
  "enable_publish_all_ports": false,
  "enable_restart_policy": false,
  "enabled": true,
  "env_variables": [{
    "key": "WEBPASSWORD",
    "value": "REDACTED"
  }, {
    "fixed": false,
    "key": "ServerIP",
    "value": "192.168.2.113"
  }, {
    "fixed": false,
    "key": "TZ",
    "value": "America/New_York"
  }, {
    "fixed": false,
    "key": "PATH",
    "value": "/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  }, {
    "fixed": false,
    "key": "IMAGE",
    "value": "debian"
  }, {
    "fixed": false,
    "key": "setupVars",
    "value": "/etc/pihole/setupVars.conf"
  }, {
    "fixed": false,
    "key": "PIHOLE_INSTALL",
    "value": "/tmp/ph_install.sh"
  }, {
    "fixed": false,
    "key": "S6OVERLAY_RELEASE",
    "value": "https://github.com/just-containers/s6-overlay/releases/download/v1.19.1.1/s6-overlay-amd64.tar.gz"
  }, {
    "fixed": false,
    "key": "PHP_ENV_CONFIG",
    "value": "/etc/lighttpd/conf-enabled/15-fastcgi-php.conf"
  }, {
    "fixed": false,
    "key": "PHP_ERROR_LOG",
    "value": "/var/log/lighttpd/error.log"
  }, {
    "fixed": false,
    "key": "IPv6",
    "value": "True"
  }, {
    "fixed": false,
    "key": "S6_LOGGING",
    "value": "0"
  }, {
    "fixed": false,
    "key": "S6_KEEP_ENV",
    "value": "1"
  }, {
    "fixed": false,
    "key": "S6_BEHAVIOUR_IF_STAGE2_FAILS",
    "value": "2"
  }],
  "exporting": false,
  "id": "9375e5086f75a3734f20be6990ff937c748e7880831ac41f1d14627131ca3877",
  "image": "sha256:bf10d7dce4f463173db4d932f8aadcb5f4f09a9cef74d0cb5631ad834ae553d9",
  "is_ddsm": false,
  "is_package": false,
  "links": [],
  "memory_limit": 0,
  "name": "diginc-pi-hole1",
  "network": [{
    "driver": "bridge",
    "name": "bridge"
  }],
  "port_bindings": [{
    "container_port": 53,
    "fixed": false,
    "host_port": 53,
    "type": "tcp"
  }, {
    "container_port": 53,
    "fixed": false,
    "host_port": 53,
    "type": "udp"
  }, {
    "container_port": 80,
    "fixed": false,
    "host_port": 7780,
    "type": "tcp"
  }],
  "privileged": false,
  "shortcut": {
    "enable_shortcut": false
  },
  "ulimits": [],
  "use_host_network": false,
  "volume_bindings": [{
    "fixed": false,
    "host_volume_file": "/docker/PiHole",
    "mount_point": "/etc/pihole",
    "type": "rw"
  }],
  "volumes_from": null
}

[diginc]

is top client behavior the same still after ServerIP addition? does the startup log indicate it had any errors?

[arsaboo]

Here are the logs again (no errors now):

ash-4.3# docker logs diginc-pi-hole1 | head -35
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific setup for docker diginc/pi-hole
+ [[ REDACTED == '' ]]
+ pihole -a -p REDACTED REDACTED
New password set
Using default DNS servers: 8.8.8.8 & 8.8.4.4
DNSMasq binding to default interface: eth0
Added ENV to php:
                        "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
                        "ServerIP" => "192.168.2.113",
                        "VIRTUAL_HOST" => "192.168.2.113",
Using IPv4 and IPv6
::: Testing DNSmasq config: dnsmasq: syntax check OK.
::: Testing lighttpd config: Syntax OK
::: All config checks passed, starting ...
::: Docker start setup complete - beginning s6 services
:::
::: Neutrino emissions detected...
:::
::: Pulling source lists into range... done!
:::
::: Getting raw.githubusercontent.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting mirror1.malwaredomains.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting sysctl.org list... done

[eronde]

Hi,

I've the same issue when I run pi-hole(docker 1.11.2) on my synology, it only log an internal ip address of docker an not the ip of the requested client.

The logs:

dnsmasq: forwarded www.google.com to 8.8.4.4
dnsmasq: forwarded www.google.com to 8.8.8.8
dnsmasq: reply www.google.com is 172.217.17.132
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific setup for docker diginc/pi-hole
+ [[ test == '' ]]
+ pihole -a -p test test
New password set
Using default DNS servers: 8.8.8.8 & 8.8.4.4
DNSMasq binding to default interface: eth0
Added ENV to php:
                        "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
                        "ServerIP" => "192.168.1.12",
                        "VIRTUAL_HOST" => "192.168.1.12",
Using IPv4 and IPv6
::: Testing DNSmasq config: dnsmasq: syntax check OK.
::: Testing lighttpd config: Syntax OK
::: All config checks passed, starting ...
::: Docker start setup complete - beginning s6 services
:::
::: Neutrino emissions detected...
:::
::: Pulling source lists into range... done!
:::
::: Getting raw.githubusercontent.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting mirror1.malwaredomains.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting sysctl.org list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting zeustracker.abuse.ch list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting s3.amazonaws.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting s3.amazonaws.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting hosts-file.net list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: 
::: Aggregating list of domains... done!
::: Formatting list of domains to remove comments.... done!
::: 133946 domains being pulled in by gravity...
::: Removing duplicate domains.... done!
::: 110427 unique domains trapped in the event horizon.
:::
::: Adding adlist sources to the whitelist... done!

Thanks for looking into it.

[diginc]

#135 (comment)
#135 (comment)

[murugaratham]

+1, i've configured my router to tell clients to use docker host ip which is mapped to pi-hole container, but i am only seeing 172.17.0.1 for all clients.

I've tried setting my docker host ip 192.168.0.25 on my phone and laptop dns to test, but i can't differentiate clients

[ptxmac]

I also have this issue. Why was is closed?

[diginc]

Initially I thought it was a router based problem - I'll look into this again.

Any more data people can provide is appreciated so we can start trying to find a common thread. Docker image used, Docker versions, run command, maybe even router version, and if you're a synology or other type of server.

If you don't use your router DHCP DNS and hard code a computer's DNS to pi-hole does it still show the 172.17.0.1 IP?

[murugaratham]

Router: Asus RT-AC88U running asus merlin firmware 380.67

running latest pi-hole image from dockerhub

Pi-hole Version v3.1 (Update available!) Web Interface Version v3.1 FTL Version v2.9.4 Donate if you found this useful.

docker-compose.yml

version: "3"
services:
  pihole:
    container_name: pi-hole
    image: diginc/pi-hole:alpine
    ports:
      - "0.0.0.0:53:53/tcp"
      - "0.0.0.0:53:53/udp"
      - "0.0.0.0:8053:80/tcp"
    environment:
      # enter your docker host IP here
      ServerIP: 192.168.0.25
      VIRTUAL_HOST: imac.local
      VIRTUAL_PORT: 8053
      WEBPASSWORD: redacted
      TZ: Asia/Singapore
    # Add your own custom hostnames you need for your domain
    #extra_hosts:
      #   Point any of the jwilder virtual_host addresses
      # to your docker host ip address
      #- 'imac.local/pihole:192.168.0.25'
    volumes:
      # - '/etc/pihole/:/etc/pihole/'
      # WARNING: if this log don't exist as a file on the host already
      # docker will try to create a directory in it's place making for lots of errors
      # - '/var/log/pihole.log:/var/log/pihole.log'
      - '/Users/user/pihole/:/etc/pihole/'
      - '/Users/user/dnsmasq.d/:/etc/dnsmasq.d/'
    restart: always

And yes, i tried hardcoding the dns to 192.168.0.25 on my device and it still shows docker gateway ip instead of the actual client IP

[ramsnerm]

I am running the same setups on a Synology DS415 and a Ubiquiti USG as router. On the router DNS settings are points to the pi-hole docker container. Everything runs so far. Some test with some sites showed me that the filter is working - However I have the same issue with the IP mapping. I only see the virtual docker IP in the Dashboard but no details so further investigation is not possible. Did you find any solution/Idea where it comes from?

[ptxmac]

I just verified that my clients are using the IP of the host running docker - i.e. the same as what I configured ServerIP to, but it still shows the client as the docker ip. This is most likely due to dockers bridge networking?

[diginc]

Do the actual dnsmasq logs only show the one docker bridge IP address?

[ptxmac]

The dnsmasq logs shows the queries originating from the docker bridge gateway; in my case:

pihole_1  | dnsmasq: query[A] spectrum.s3.amazonaws.com from 172.19.0.1

172.19.0.1/16 is the bridged network for the pihole container. The container itself have 172.19.0.7, but everything is running on a host with ip 192.168.1.5 which all client correct to directly.

This probably means it's not possible to see the actual client when using docker with bridged network (the default)

[mclambo]

I tried a hard DNS entry of the docker pi-hole IP address in one of my Windows 10 computers, but it does not know a route to this subnet.

So manually adding a route through the command line seems to work, Pi-hole recognizes my computer.
Off course this is suboptimal, because it would require me to manually add this route to all my devices making use of my network which range from Windows, Apple, Android to other kinds of gadgets....

[Rajackar]

I can confirm this behaviour as well.
Not a real issue for me as the pi-hole itself is working fine. It's just no longer possible to identify individual machines on my network.

[fenrir-github]

my 2cts => docker-proxy

[trx1138]

this could be docker bug or more specifically, docker synology build's bug.

I have 2 almost identical setup with one synology and one linux server.
and only synology one has this problem, report client's ip as docker's internal, while running the same image.
I'm comparing every possibly related configs of both setup and found no real difference so far.

and because it seems most reports are from synology user,
I'm suspecting this could be a bug of v.17.05 or synology's build.

synology: Docker version 17.05.0-ce, build 9f07f0e-synology
linux server: Docker version 17.12.0-ce, build c97c6d6

[old-square-eyes]

Current file:

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: always
    ports:
      - "192.168.0.2:53:53/tcp"
      - "192.168.0.2:53:53/udp"
      - "192.168.0.2:67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "192.168.0.2:80:80/tcp"
    environment:
      TZ: 'Pacific/Auckland'
      WEBPASSWORD: 'hackme'
      PIHOLE_DNS_: '1.1.1.1;208.67.222.222'
      DNS_BOGUS_PRIV: 'true'
      DNS_FQDN_REQUIRED: 'true'
      REV_SERVER: 'true'
      REV_SERVER_DOMAIN: 'DAN'
      REV_SERVER_TARGET: '192.168.0.1'
      REV_SERVER_CIDR: '192.168.0.0/24'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'

[AlBundy33]

and this still doesn't work?

If I run
dig @192.168.1.111 google.com
on my docker host I see the hostname in then querylog (web-interface) and the ip in the pihole.log

can you try to change the "external" port to 5353 and run and check
dig google.com @192.168.0.2 -p 5353

[old-square-eyes]

Well it works. Just the client IP is the Docker IP.

How do I change the external port?
Do you mean in the yaml file ports: - "192.168.0.2:5353:53/tcp" ?

[AlBundy33]

I had the same issue but binding the porta to the interface worked for me.

yes try to change
192.168.0.2:53:53
to
192.168.0.2:5353:53

just to see of this makes a difference.

[old-square-eyes]

dig google.com @192.168.0.2 -p 5353 times out after making that change.
dig google.com @192.168.0.2 -p 53 still works

I notice this in the logs Apr 3 14:16:44 dnsmasq[513]: Pi-hole hostname pi.hole is 0.0.0.0

I set...

      ServerIP: '192.168.0.2'
      FTLCONF_REPLY_ADDR4: '192168.0.2'

and now...

dnsmasq[513]: Pi-hole hostname pi.hole is 127.0.0.1

But it hasn't improved the other issue.

[AlBundy33]

if you change your yml to

      - "192.168.0.2:5353:53/tcp"
      - "192.168.0.2:5353:53/udp"
      - "192.168.0.2:6767:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "192.168.0.2:80:80/tcp"

and restart the container dig google.com @192.168.0.2 -p 5353 should work and not 53.
You can run this direct at 192.168.0.2

Also try netstat -ano | grep :53 on your docker-host.
here you should see no open port 53

ServerIP and FTLCONF_REPLY_ADDR4 are not needed

[old-square-eyes]

Fails with error...

[+] Running 0/1
 - Container pihole  Starting                                                                                            0.4s
Error response from daemon: Ports are not available: listen udp 192.168.0.2:5353: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted.

Changing UDP to just 53 results in the image booting. But the dig query times out.

Could something else be using these ports? Only other thing on that machine is a Chia Farm.

[AlBundy33]

Maybe the port is already in use.
Then try just another port (e.g. 4453 instead of 53)

[loehden]

Your issue "IP is always 172.19.0.1" looks like an adress translation "problem". And it might be the effect that I tried to explain above. If you promote an IPv6 DNS server adress to the network (at home usually via the router/DHCP server) then the clients often prefer sending DNS requests via IPv6, but this is not translated by the Docker userland to the IPv6 of the requesting client. Instead it is reached through with the internal IPv4 of the Docker interface. So the container sees all requests comming from that adress and only shows this as source of requests.
The easiest way to check would be to deactivate IPv6 for one client completely and test if their requests now show up in the dashboard under the right IPv4/client name.

[old-square-eyes]

Thanks for the insight. But I don't publish a IP6 DNS address. I doubt 100% of 30 odd clients would choose IP6 anyway. As far as I know IP6 is disabled everywhere, including vlans on my home network. Also my explicit dig tests query the IP4 address. Did I understand your comments correct? Sorry if I missed the point.

[old-square-eyes]

@AlBundy33

edit: also 12hours later this has happened...

[AlBundy33]

Instead of the port-forwarding you can also try network_mode: host

[rdwebdesign]

You can also try a macvlan network.
Your pi-hole will have an IP like "192.168.0.X" and no need to port forwarding.

[old-square-eyes]

network_mode: host

Network host mode is not supported on any other OS than Linux

Folks I'm super grateful for all the help. I'm just a bit confused that a supported implementation doesn't seem to work in any known configuration. Is the only option here to bow out and run a Linux VM? Feels like such opportunity cost :)

[github-actions]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

[lexpostma]

Anyone figure out a solution? I see the bot recently closed the issue because of it was stale, but I see no fix. I'm running into this same issue, was actually lurking in this thread because it got closed.

Running Pi-hole in Docker on macOS. Mac has fixed IP 192.168.96.6. And there's on one client in Pi-hole with 172.X.0.1 where X seems to change after a reboot. Also running Pi-hole in a Raspberry Pi at 192.168.96.5 without any issues. My router is set up with DHCP DNS Servers defined to both the Mac and RPi IP addresses. Blocking ads works perfectly, but the clients on Mac are weird.

My docker-compose.yml:

version: "3"

# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "192.168.96.6:80:80"
      - "192.168.96.6:53:53/tcp"
      - "192.168.96.6:53:53/udp"
      - "192.168.96.6:443:443"
    environment:
      SERVERIP: '192.168.96.6'
      FTLCONF_REPLY_ADDR4: '192.168.96.6'
      FTLCONF_BLOCK_ICLOUD_PR: 'false'
      TZ: 'Europe/Amsterdam'
      WEBPASSWORD: 'XX'
      PIHOLE_DNS_: '1.1.1.1;1.0.0.1'
      # FTLCONF_CHECK_DISK: '0'
    # Volumes store your data between container upgrades
    volumes:
      - '~/Docker/pihole/:/etc/pihole/'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    dns:
      - '127.0.0.1'
      - '1.1.1.1'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped # Recommended but not required (DHCP needs NET_ADMIN)

What should I change to get individual clients?

[pralor-bot]

This issue has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/pi-hole-in-docker-on-macos-has-only-one-client/55875/1

[imro2]

If I remember correctly, most of the problems came down to iptables masquerading real IP addresses. There are a few solutions in this issue on how to turn that off. There were a few instances of IPv6 being translated to IPv4, which would look the same, but not sure what the solution be there as I have no experience with Docker and IPv6. I don't think there was ever a solution for Windows. I don't know what kind of firewall or service MAC uses to masquerade the IPs for Docker, but I would look there. It will most likely not be anything that docker-compose or the pi-hole docker itself can address.

Edit: here is an example of how the issue is fixed using iptables #135 (comment)

Has a IPv6 entries in there, so I guess should work there too.

Edit2: maybe this can help you docker/for-mac#180 (comment)

[nsmits]

As mentioned before; it's an issue with IPv6 and Docker; which doesn't play nice :) Running this will fix your issue (as a workaround; but the original/real IPv6 addresses will show up in pi-hole): https://github.com/robbertkl/docker-ipv6nat

Edit: don't forget to add a IPv6 network or change /etc/docker/daemon.json and add for example the following to the config:

    "ipv6": true,
    "fixed-cidr-v6": "fd00::/80"

[superman-lopez]

Also running into this problem. Running docker on Synology (Bridged mode, Host mode is currently not available to me). My network does not communicate on IPv6, only IPv4. I can confirm this as my laptop only receives an IPv4 address, and IPv6 address is empty. The DNS on the my laptop is set to directly the IP address of Pihole/Synology (so domain name request are not forwarded from router).

In the docker I changed the following environment variables:

IPv6: False
FTLCONF_LOCAL_IPV4: 192.168.68.2
DNSMASQ_LISTENING: all

Requests do not show the actual client IP address or host name for known clients (mapped basis Mac address).
Docker Tag [2022.10]

[rdwebdesign]

This issue was opened in 2017 and is currently closed.

If you think you have a similar issue and didn't find a solution here you should open a new issue, following the template (including a debug token).

[nyakojiru]

Same issue here

[akhamar]

I'll had some more context as I have the two side of this issue (working and not working).

I've a computer with dual boot.

When I boot on linux, pihole logs show an IP of my LAN which correspond to my real client LAN IP.
When I boot on windows, pihole logs show an IP corresponding to the container gateway (172.18.0.1, container is 172.18.0.2)

• green: lan ip
• red: docker gateway ip

Dual boot computer is in the same network, get the same IP, etc... The only thing that change is windows/linux.