Pi Hole DNS not working after configuring Wireless Access Point on Arch Linux in Bridge Mode on Raspberry Pi

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












1















I'm experimenting with a Raspberry Pi 3 Model B (running arch linux) and its WLAN module.



Until today I had Pi Hole running on it for my entire network.
The Pi stands where we have very poor Wifi reception for mobile phones so I decided to add Wifi AP to the Pi.



Now the strange thing is that the WLAN AP is working perfectly (set up in bridged mode like described @ https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md) but I can't do DNS requests to the Pi anymore.



dig pi.home @192.168.1.150
; <<>> DiG 9.13.5 <<>> pi.home @192.168.1.150
;; global options: +cmd
;; connection timed out; no servers could be reached


Even more confusing is the fact that as soon I load the Pi Hole web interface in Chrome once, DNS is working again.



I currently have the following configuration.



Pi-Hole's DNS server listens on all interfaces



bridge configuration



cat /etc/netctl/bridge
Description="WAP Bridge"
Interface=br0
Connection=bridge
BindsToInterfaces=(eth0 wlan0)
IP=no
ExecUpPost="ip link set dev br0 address $(cat /sys/class/net/eth0/address); IP=dhcp; ip_set"
ExecDownPre="IP=dhcp"
SkipForwardingDelay=yes


iptables



cat /etc/iptables/iptables.rules
*nat
:PREROUTING ACCEPT [4:196]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [88:10291]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:4764]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
COMMIT


ifconfig



ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.150 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 2537 bytes 468919 (457.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 267 bytes 60665 (59.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 2560 bytes 473036 (461.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 297 bytes 70500 (68.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 109 bytes 8338 (8.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 109 bytes 8338 (8.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2276 bytes 529781 (517.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


IPv4 forwarding



cat /etc/sysctl.d/ipv4forwarding.conf
net.ipv4.ip_forward = 1


/etc/dhcpd.conf contains



[...]
denyinterfaces eth0
denyinterfaces wlan0


/etc/hotapd/hostapd.conf (if this is needed)



cat /etc/hostapd/hostapd.conf
interface=wlan0
bridge=br0
driver=nl80211
ssid=<SSID>
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=<PASSWORD>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP


Anyone ideas? Can this be related to "permit all origins" in the DNS setting of Pi Hole?










share|improve this question



















  • 1





    Why do you have IP Forwarding rules when you're bridging?

    – roaima
    Jan 11 at 23:49











  • @roaima I somehow thought this is still needed.

    – Tony Stark
    Jan 11 at 23:59















1















I'm experimenting with a Raspberry Pi 3 Model B (running arch linux) and its WLAN module.



Until today I had Pi Hole running on it for my entire network.
The Pi stands where we have very poor Wifi reception for mobile phones so I decided to add Wifi AP to the Pi.



Now the strange thing is that the WLAN AP is working perfectly (set up in bridged mode like described @ https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md) but I can't do DNS requests to the Pi anymore.



dig pi.home @192.168.1.150
; <<>> DiG 9.13.5 <<>> pi.home @192.168.1.150
;; global options: +cmd
;; connection timed out; no servers could be reached


Even more confusing is the fact that as soon I load the Pi Hole web interface in Chrome once, DNS is working again.



I currently have the following configuration.



Pi-Hole's DNS server listens on all interfaces



bridge configuration



cat /etc/netctl/bridge
Description="WAP Bridge"
Interface=br0
Connection=bridge
BindsToInterfaces=(eth0 wlan0)
IP=no
ExecUpPost="ip link set dev br0 address $(cat /sys/class/net/eth0/address); IP=dhcp; ip_set"
ExecDownPre="IP=dhcp"
SkipForwardingDelay=yes


iptables



cat /etc/iptables/iptables.rules
*nat
:PREROUTING ACCEPT [4:196]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [88:10291]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:4764]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
COMMIT


ifconfig



ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.150 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 2537 bytes 468919 (457.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 267 bytes 60665 (59.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 2560 bytes 473036 (461.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 297 bytes 70500 (68.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 109 bytes 8338 (8.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 109 bytes 8338 (8.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2276 bytes 529781 (517.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


IPv4 forwarding



cat /etc/sysctl.d/ipv4forwarding.conf
net.ipv4.ip_forward = 1


/etc/dhcpd.conf contains



[...]
denyinterfaces eth0
denyinterfaces wlan0


/etc/hotapd/hostapd.conf (if this is needed)



cat /etc/hostapd/hostapd.conf
interface=wlan0
bridge=br0
driver=nl80211
ssid=<SSID>
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=<PASSWORD>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP


Anyone ideas? Can this be related to "permit all origins" in the DNS setting of Pi Hole?










share|improve this question



















  • 1





    Why do you have IP Forwarding rules when you're bridging?

    – roaima
    Jan 11 at 23:49











  • @roaima I somehow thought this is still needed.

    – Tony Stark
    Jan 11 at 23:59













1












1








1








I'm experimenting with a Raspberry Pi 3 Model B (running arch linux) and its WLAN module.



Until today I had Pi Hole running on it for my entire network.
The Pi stands where we have very poor Wifi reception for mobile phones so I decided to add Wifi AP to the Pi.



Now the strange thing is that the WLAN AP is working perfectly (set up in bridged mode like described @ https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md) but I can't do DNS requests to the Pi anymore.



dig pi.home @192.168.1.150
; <<>> DiG 9.13.5 <<>> pi.home @192.168.1.150
;; global options: +cmd
;; connection timed out; no servers could be reached


Even more confusing is the fact that as soon I load the Pi Hole web interface in Chrome once, DNS is working again.



I currently have the following configuration.



Pi-Hole's DNS server listens on all interfaces



bridge configuration



cat /etc/netctl/bridge
Description="WAP Bridge"
Interface=br0
Connection=bridge
BindsToInterfaces=(eth0 wlan0)
IP=no
ExecUpPost="ip link set dev br0 address $(cat /sys/class/net/eth0/address); IP=dhcp; ip_set"
ExecDownPre="IP=dhcp"
SkipForwardingDelay=yes


iptables



cat /etc/iptables/iptables.rules
*nat
:PREROUTING ACCEPT [4:196]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [88:10291]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:4764]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
COMMIT


ifconfig



ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.150 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 2537 bytes 468919 (457.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 267 bytes 60665 (59.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 2560 bytes 473036 (461.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 297 bytes 70500 (68.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 109 bytes 8338 (8.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 109 bytes 8338 (8.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2276 bytes 529781 (517.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


IPv4 forwarding



cat /etc/sysctl.d/ipv4forwarding.conf
net.ipv4.ip_forward = 1


/etc/dhcpd.conf contains



[...]
denyinterfaces eth0
denyinterfaces wlan0


/etc/hotapd/hostapd.conf (if this is needed)



cat /etc/hostapd/hostapd.conf
interface=wlan0
bridge=br0
driver=nl80211
ssid=<SSID>
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=<PASSWORD>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP


Anyone ideas? Can this be related to "permit all origins" in the DNS setting of Pi Hole?










share|improve this question
















I'm experimenting with a Raspberry Pi 3 Model B (running arch linux) and its WLAN module.



Until today I had Pi Hole running on it for my entire network.
The Pi stands where we have very poor Wifi reception for mobile phones so I decided to add Wifi AP to the Pi.



Now the strange thing is that the WLAN AP is working perfectly (set up in bridged mode like described @ https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md) but I can't do DNS requests to the Pi anymore.



dig pi.home @192.168.1.150
; <<>> DiG 9.13.5 <<>> pi.home @192.168.1.150
;; global options: +cmd
;; connection timed out; no servers could be reached


Even more confusing is the fact that as soon I load the Pi Hole web interface in Chrome once, DNS is working again.



I currently have the following configuration.



Pi-Hole's DNS server listens on all interfaces



bridge configuration



cat /etc/netctl/bridge
Description="WAP Bridge"
Interface=br0
Connection=bridge
BindsToInterfaces=(eth0 wlan0)
IP=no
ExecUpPost="ip link set dev br0 address $(cat /sys/class/net/eth0/address); IP=dhcp; ip_set"
ExecDownPre="IP=dhcp"
SkipForwardingDelay=yes


iptables



cat /etc/iptables/iptables.rules
*nat
:PREROUTING ACCEPT [4:196]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [88:10291]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:4764]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
COMMIT


ifconfig



ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.150 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 2537 bytes 468919 (457.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 267 bytes 60665 (59.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 2560 bytes 473036 (461.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 297 bytes 70500 (68.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 109 bytes 8338 (8.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 109 bytes 8338 (8.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 xyxyxy prefixlen 64 scopeid 0x20<link>
ether xyxyxy txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2276 bytes 529781 (517.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


IPv4 forwarding



cat /etc/sysctl.d/ipv4forwarding.conf
net.ipv4.ip_forward = 1


/etc/dhcpd.conf contains



[...]
denyinterfaces eth0
denyinterfaces wlan0


/etc/hotapd/hostapd.conf (if this is needed)



cat /etc/hostapd/hostapd.conf
interface=wlan0
bridge=br0
driver=nl80211
ssid=<SSID>
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=<PASSWORD>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP


Anyone ideas? Can this be related to "permit all origins" in the DNS setting of Pi Hole?







networking arch-linux dns raspberry-pi pi-hole






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 11 at 23:43







Tony Stark

















asked Jan 11 at 22:34









Tony StarkTony Stark

228127




228127







  • 1





    Why do you have IP Forwarding rules when you're bridging?

    – roaima
    Jan 11 at 23:49











  • @roaima I somehow thought this is still needed.

    – Tony Stark
    Jan 11 at 23:59












  • 1





    Why do you have IP Forwarding rules when you're bridging?

    – roaima
    Jan 11 at 23:49











  • @roaima I somehow thought this is still needed.

    – Tony Stark
    Jan 11 at 23:59







1




1





Why do you have IP Forwarding rules when you're bridging?

– roaima
Jan 11 at 23:49





Why do you have IP Forwarding rules when you're bridging?

– roaima
Jan 11 at 23:49













@roaima I somehow thought this is still needed.

– Tony Stark
Jan 11 at 23:59





@roaima I somehow thought this is still needed.

– Tony Stark
Jan 11 at 23:59










1 Answer
1






active

oldest

votes


















0














The solution was to add Gateway to br0 and remove IPv4 forwarding and all iptables rules.






share|improve this answer






















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f494039%2fpi-hole-dns-not-working-after-configuring-wireless-access-point-on-arch-linux-in%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    The solution was to add Gateway to br0 and remove IPv4 forwarding and all iptables rules.






    share|improve this answer



























      0














      The solution was to add Gateway to br0 and remove IPv4 forwarding and all iptables rules.






      share|improve this answer

























        0












        0








        0







        The solution was to add Gateway to br0 and remove IPv4 forwarding and all iptables rules.






        share|improve this answer













        The solution was to add Gateway to br0 and remove IPv4 forwarding and all iptables rules.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 12 at 9:31









        Tony StarkTony Stark

        228127




        228127



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f494039%2fpi-hole-dns-not-working-after-configuring-wireless-access-point-on-arch-linux-in%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown






            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?