Thanks for the video idea. I've added it to my backlogs.

I don't use conditional forwarding in pi-hole, but in my understanding it should be your router's ip address. In "the last step changing the configuration file", the ip addresses are for pi-hole, so I don't follow the question.

@@hz777 sorry I combined two comments. The last step I configured and it works perfectly. Afterwards I noticed you weren't using conditional forwarding. I will disable and test. Thank you for the prompt reply. Really enjoying your videos. No one else is putting out content like this and it is very much needed.

From pihole, are you able to ping IP address of the gateway/router for the corresponding VLAN? Make sure when you do the ping, it uses the interface for the corresponding VLAN, instead of the default interface.

@@hz777 Good call. Nope, although I can specify the interface (which tells me the /etc/network/interfaces file is written correctly and has persisted reboots) in this case the eth0.10 interface for the .10 VLAN, I cannot reach either the gateway 192.168.10.1 or the other computer. The pings fail. So the Pi can't see any of the subnets / VLANs nor can any of the VLANs see the Pi. I don't have any firewall rules in place yet and Ubiquiti's default state appears to be allowing all VLANs to communicate freely so I'm not sure where the failure is. Thanks again for your help!

@@mxmerc I am not familiar with the Linux distribution you described, but as I know some Linux needs to first install vlan package.

@@hz777 Yup, installed the vlan package as well. Not sure if necessary, but I copied the configuration file to /etc/dhcpcd.conf and /etc/network/interfaces.d/vlans as well. Interestingly enough, I have another VLAN that the Pi can see and ping. It can also ping the Pi, but only on the .1 subnet not any other. So I'm guessing you're correct, it appears to be an issue with the interfaces / interface binding on the Pi. I set up another VLAN aside from those you described for a "kids" network. This VLAN is on .30 but I did not set up an interface for it as I planned on having NextDNS handle the DNS inquiries there. So a device on the .30 subnet can ping the Pi on the .1 subnet which eliminates the Ubiquiti equipment as the issue. It cannot reach the Pi on any other interface (.10 or .20) however.

​@@mxmerc in pihole, if you run ip link, and ip -4 a, do you see the links you expect? If yes, the issue is in your network outside of pihole; if not the issue is in your pihole's network interface config.

it has to be in the similar way as the second approach in this video, because dhcp relies on broadcasting so only works within one vlan. I am working on a dedicated video about dhcp in general, hopefully it can address many general confusions about dhcp.

Yes I did. 18:56

@hz777 Shit you did. Thanks so much for another great video. You and chatgpt are all I need these days. I dont think this is possible with docker though, you still have to allow the interface, only local networks doesnt seem to work.

I am about to start the process to migrate my VMs from ESXi. This Proxmox container topic is interesting to me. Give me some time and I may make a video about Proxmox+Container+Pi-Hole+VLAN.

@@hz777 Thanks!

@@hz777 did you get a chance to make a video showcasing pihole working on multiple vlans through proxmox via containers instead of ESXi?

I don't use containers a lot and I just switched to Proxmox, but this was already in my backlogs, I just need to find some time to work on it.

@EduardoKabello @DamonKwong I am working on a new video about proxmox+container+pi-hole, but I do see the network interface configuration file in the same folder. I am using the debian 12 container. Why don't you see the file in your installation? Do you use a different type of container?

In the video, I used a debian 12 VM. As long as you change the interfaces configuration file like what I did in the video, the default network manager will not be working and the interfaces config file will be effective.

⁠Thanks much for your response. I’ll try this on a raspberry π 5.

There will be no single good answer to your question. What the new "allow internet" setting really does is: - remove the firewall rule that allows the vlan to access any; - add 3 new rules: -- allow the vlan to "coporate networks" -- allow that vlan to "guest networks" -- block that vlan internet access So, if you have to disable internet for the vlan that pihole is in, of course you need to add additional firewall rule to allow pihole's internet access.

@@hz777 so, I have 3 vlans default vlan, vlan B and vlan D. All 3 vlans have allow internet checkbox enabled and I also have a firewall rule to block communication between vlan D and B. I have pi-hole running on vlan B. I want traffic from Vlan D to go through pihole running on vlan B. For this to happen should I uncheck the allow internet access on vlan D and create Lan in firewall rule and also Internet In and Out rules saying whatever is coming to vlan D go through pihole ?

@@WAMNZ to allow vlan d to access internet or not is irrelevant in your case. what you need to do is to create additional firewall rules to allow communication between vlan d and pihole. Of course what I said above is to purely make the dns resolving possible. I understand mostly later the clients in vlan d need to access internet, then you need to adjust more firewall rules accordingly.

Is it related to the standard firewall rule for "internet in"? Or your own custom firewall rule? If former, it sounds like a problem because there was traffic initiated from internet and it tried to connect to your pihole, instead of of the other way. If latter, you may have to troubleshoot by yourself.

It will show as the IP of UniFi router.

@@hz777 Is it possible to show each separate client, instead of one big client being the UniFi router?

@Volgin. Sorry I misunderstood your original question. I thought you were asking about dhcp. If the question is about in UniFi Network Controller, under DHCP settings for each network, you set the DNS server to pi-hole, then the answer is: - for a client, it's dns server will be pi-hole; - the whole dns name resolving process will have nothing to do with unifi router's DNS server - in the pi-hole logs, you should see individual clients.

@@hz777 That's exactly what I wanted to know. Like I said, with my current setup, all clients in PiHole show under the same IP, that IP being my routers IP, instead of, for example, my desktop or phone's IP. That way it's impossible to set groups on PiHole for specific clients. Thanks for the reply :)

The way in the video guarantees all interfaces are based on one physical interface. The vm way as you described is up to the vm config to decide, so you have chances to use multiple physical interfaces.

@@hz777 thank you!

When it comes to routing, UniFi routers are good enough for home or small business users. But for me, pfSense supports more routing protocols so is more fun to play with.

I purchased a Dream Machine pro SE; Coming from a Netgate 6100 - thinking of returning the DM, I can’t get over the way Unifi handles firewall rules. Anyway, love the videos!

If you use raspberry pi os, you may need to install vlan package first, then configure vlan interfaces.

@@hz777 YES!!! Thank you for the step in the right direction. Got it up and running.

@@URackADisciprinehow did you install a vlan package ? Which version of raspbian were you running and which the Pi? The new Pi 5 or Pi 4

@@Kehf27 I am running an older Lite version I can't remember which. Just running a couple Pi 4B's for redundant Pi-hole/Unbound and a couple for camera surveillance feeds and a Pi 5 for Home Assistant which does have whatever the latest OS Lite is. As for the VLAN package install, I used this command on all of them with no issue: sudo apt install vlan I found some tutorials online when searching RPi and VLAN setup. You might just be able to search the command above and find a tutorial. You have to add a file and edit an existing one but it wasn't too bad even for me. I am not a Linux person at all. LOL Hope that helps.

@@URackADisciprinethank you I found some tutorials I’ll try this evening