macvlan with docker and pihole

This web page (Set up a PiHole using Docker MacVlan Networks) is great and got me there, but here are notes on how I fixed it globally. I use many stacks.


You need MACVLAN network to fake an external IP for the DNS/DHCP server or it does not work (the requests don’t come through docker). But if you make a macvlan IP address, by design the host cannot see that IP address! You have to make a bridge.

If that bridge is local to the docker compose file, then only that stack can see it. For all stacks to see it you need to make a new macvlan and bridge network globally (I did this in portainer).

Steps to create:

1. Make a macvlan configuration

name: pihole-macvlan-config
Interface: eth0
IPV4 Subnet - 192.168.0.0/24	IPV4 Gateway - 192.168.0.1
IPV4 IP Range - 192.168.0.8/29	

2. Make the macvlan using that configuration (just select the configuration and give it a name)

name: pihole-macvlan
driver: macvlan

3. Set up the bridge

name: pihole-bridge
IPV4 Subnet - 10.123.0.0/24

4. In pihole set up the brige ip address.

    networks:
      pihole-macvlan:
        ipv4_address: 192.168.0.10
      pihole-bridge:
        ipv4_address: 10.123.0.2

5. Use nmtui to change the host “dockerbox” DNS to 10.123.0.2 and give it a fixed IP address. All the containers will look for that for the DNS but need pihole-bridge network to see it.

sudo nmtui

6. In each container that needs pihole you add the network pihole-bridge

e.g.

  tasmoadmin:
    container_name: tasmoadmin
    image: ghcr.io/tasmoadmin/tasmoadmin:latest
    volumes:
      - ./tasmoadmin-data:/data 
    ports:
      - 9541:80
    restart: unless-stopped
    depends_on:
      - homeassistant
    networks:
      - mqtt
      - pihole-bridge