mikeyw64
Posts: 20
Joined: Fri Sep 13, 2019 9:55 am

PiHole + Guest Wifi

Fri Sep 13, 2019 10:05 am

Hi All

With reference to the diagram belowI'm looking to set my Pi up to act as a PiHole + Guest Wifi

I already have PiHole up and running and acting as DNS/DHCP server for my main home network (Birdsnest) and have also configured hostapd to turn the WAP on at a basic level (ie I can see it in a wifi client).

I know I'm going to need to bridge the connection between wlan0 & eth0 but where I'm scratching my head at the moment is configuring PiHole to act as DHCP for the Guest WiFi using a different set of IPs. Pretty much all the how to's I've found so far have worked on getting the wifi up first then binding PiHole to the wlan0 however this is not what I want.


Hopefully my diagram makes it clearer where I'm trying to end up.

TIA for any assistance.


Image

epoch1970
Posts: 3804
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: PiHole + Guest Wifi

Fri Sep 13, 2019 11:33 am

I would ask/look first in the PiHole community how they would go about this, you can't be the first asking for a guest network setup.

What does the solid red link going into Birdsnest represent? Is it the future guest network?

If you're using the built-in WiFi interface in the Pi as access point for the main network, you cannot have it serve another network for guests. You'd need an extra USB adapter.

You're mentioning "bridge", do you actually want an ethernet + WiFi guest network? If wifi only, you don't need to bridge.

You will certainly want to route and filter between the guest interface (a bridge? wlan0?) and the interface connected to the main network (eth0) in the Pi.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

mikeyw64
Posts: 20
Joined: Fri Sep 13, 2019 9:55 am

Re: PiHole + Guest Wifi

Fri Sep 13, 2019 12:28 pm

solid red line is simply where visio cant handle overlaid red dotted lines (which represent wifi connctions)

The Wifi on the Pi (aka SunnySide) will be purely for guests with all traffic going out via eth0 to the main router for Birdsnest. Eth0 is currently also serving DNS & DHCP to Birdsnest.

All my "normal" devices connect to the Birdsnest Router whilst my Sky boxes connect (to keep the noise they generate off my normal network) to the Skynet Router (which in turn connects into Birdsnest)

mikeyw64
Posts: 20
Joined: Fri Sep 13, 2019 9:55 am

Re: PiHole + Guest Wifi

Fri Sep 13, 2019 5:32 pm

Ok so progress of a sort.

Can connect via the guest wifi providing I set the IPs manually soo all thats left is to figure out how too do the DHCP bit.

Oh and figure out how to either disable 5Ghz or at leats give it an SSID (keeps coming up on clients as <blank SSID>










----information to get the wifi working-------------


/etc/dhcpcd.conf

interface eth0
static ip_address=192.168.1.210/24
static routers=192.168.1.1
static domain_name_servers=127.0.0.1


interface wlan0
static ip_address=10.0.0.1/24
static routers=192.168.1.1
static domain_name_servers=127.0.0.1



/etc/hostapd/hostapd.conf

interface=wlan0
driver=nl80211
ssid=Sunnyside
hw_mode=g
channel=8
ieee80211n=1
wmm_enabled=1
#ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
auth_algs=1
#ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_passphrase=PASSWORD
rsn_pairwise=CCMP


/etc/default/hostapd

DAEMON_CONF="/etc/hostapd/hostapd.conf"



/etc/sysctl.conf

net.ipv4.ip_forward=1

Shell
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

/etc/rc.local

iptables-restore < /etc/iptables.ipv4.nat

/etc/dnsmasq.d/01-pihole.conf (added via web interface. This listens on all interfaces at all times)

except-interface=nonexisting

epoch1970
Posts: 3804
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: PiHole + Guest Wifi

Fri Sep 13, 2019 5:55 pm

mikeyw64 wrote:
Fri Sep 13, 2019 5:32 pm
interface wlan0
static ip_address=10.0.0.1/24
static routers=192.168.1.1
static domain_name_servers=127.0.0.1
A router is a gateway to other networks, it is the host you reach to get to foreign destinations. It always belongs to the current network (and at least to one more, of course).
Try "static routers=10.0.0.1"

The DHCP bit should be done by dnsmasq. I guess it is disabled in PiHole?
The official AP doc documents setting up hostapd and dnsmasq, that should give you an idea.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

mikeyw64
Posts: 20
Joined: Fri Sep 13, 2019 9:55 am

Re: PiHole + Guest Wifi

Fri Sep 13, 2019 6:00 pm

epoch1970 wrote:
Fri Sep 13, 2019 5:55 pm
mikeyw64 wrote:
Fri Sep 13, 2019 5:32 pm
interface wlan0
static ip_address=10.0.0.1/24
static routers=192.168.1.1
static domain_name_servers=127.0.0.1
A router is a gateway to other networks, it is the host you reach to get to foreign destinations. It always belongs to the current network (and at least to one more, of course).
Try "static routers=10.0.0.1"

The DHCP bit should be done by dnsmasq. I guess it is disabled in PiHole?
The official AP doc documents setting up hostapd and dnsmasq, that should give you an idea.
I'll tweak that in a bit although it does seem to work (if I statically set the clients IP details) , hey ho :)

As for DDNSmasq, yes PiHole uses a modified variant of it , have asked the question over on the PiHole discourse forums

mikeyw64
Posts: 20
Joined: Fri Sep 13, 2019 9:55 am

Re: PiHole + Guest Wifi

Fri Sep 13, 2019 6:08 pm

aha there's a thought.

Disable the DHCP part of PiHole

Install full DNSmaq and only use that for DHCP

IIRC you can have 2 or more instances of dnsmaq running bound to sperate interfaces (as long as only one of themis bound to the loopback address)

task for tomorrow I think :)

mikeyw64
Posts: 20
Joined: Fri Sep 13, 2019 9:55 am

Re: PiHole + Guest Wifi

Sat Sep 14, 2019 2:50 pm

98% working.

I say 98% as although my android phones all connect to the guest wifi on Sunnyside and work as expected for some reason my W10 laptop point blank refuses too (simply states "unable to connect to this network) .

So my final (for now lol) setup is/was

Install Raspbian

Set Static IPs in /etc/dhcpcd.conf

interface eth0
static ip_address=192.168.1.2/24
static routers=192.168.1.1
static domain_name_servers=1.1.1.1

interface wlan0
static ip_address=10.0.0.1/24
static routers=192.168.1.1
static domain_name_servers=127.0.0.1


Reboot

Install PiHole

Change /etc/dhcpcd.conf back to the below for eth0

static domain_name_servers=127.0.01

Create New conf file for guest network /etc/dnsmasq.d/09-guestnet.conf (happy for guests not to use pihole)

interface=wlan0
dhcp-range=10.0.0.100,10.0.0.200,4h
dhcp-option=option:dns-server,1.1.1.1,8.8.8.8
dhcp-option=option:router,10.0.0.1


Install Hostapd and configure as follows

Create /etc/hostapd/hostapd.conf

interface=wlan0
driver=nl80211
ssid=Sunnyside
hw_mode=g
channel=8
ieee80211n=1
wmm_enabled=1
#ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
auth_algs=1
#ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_passphrase=PASSWORD
rsn_pairwise=CCMP


Add the following to /etc/default/hostapd

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Edit /etc/sysctl.conf and uncomment

net.ipv4.ip_forward=1

Shell
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo sh -c “iptables-save > /etc/iptables.ipv4.nat”
sudo sh -c “echo 1 > /proc/sys/net/ipv4/ip_forward”
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd


add too /etc/rc.local
iptables-restore < /etc/iptables.ipv4.nat

Reboot :)

epoch1970
Posts: 3804
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: PiHole + Guest Wifi

Sat Sep 14, 2019 3:22 pm

static_routers is still wrong on wlan0.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

mikeyw64
Posts: 20
Joined: Fri Sep 13, 2019 9:55 am

Re: PiHole + Guest Wifi

Sat Sep 14, 2019 4:49 pm

epoch1970 wrote:
Sat Sep 14, 2019 3:22 pm
static_routers is still wrong on wlan0.
Will play with that later, at the moment its working ;o)

mikeyw64
Posts: 20
Joined: Fri Sep 13, 2019 9:55 am

Re: PiHole + Guest Wifi

Sat Sep 14, 2019 6:36 pm

or not :(

just spotted new clients connecting to Birdsnest are getting an IP from the correct pool but being given the wlan0 gateway and DNS servers .


Commented all the extra conf in the new file out for now so everything else but the guest wifi on Sunnyside still works properly.

Back to the drawing board I think tomorrow.

Return to “Networking and servers”