The officially official Devuan Forum!

Altoid

Member

Registered: 2017-05-07

Posts: 1,592  

[SOLVED] Pi-Hole and Devuan Chimaera

Hello:

Has anyone here at Dev1 installed/run Pi-Hole?
It would seem like I am the only one ...   8^°

Thanks in advance.

Best,

A.

Altoid

Member

Registered: 2017-05-07

Posts: 1,592  

Re: [SOLVED] Pi-Hole and Devuan Chimaera

Hello:

Hello:
It would seem like I am the only one ...   8^°

Said I because a search for 'pi-hole' or 'pihole' got me where it is mentioned but they were all mine.  8^°

Devuan is not a supported OS for Pi-Hole (but Debian is) so it's hard to figure things out when something goes wrong.

In any case, I have narrowed down the cause of a problem I am having.

After the last update, the DNS server is not starting and it looks like a permissions issue:

There was a problem applying your settings.
Debugging information:

PHP error (2): fsockopen(): unable to connect to 127.0.0.1:4711 (Connection refused) in /var/www/html/admin/scripts/pi-hole/php/FTL.php:44

Here is what is happens after I get this:

I opne a terminal on the VM where Pi-Hole is running and start pihole-FTL.
As it was stopped, it says so and then starts it:

root@chimaera:~# service pihole-FTL restart
Not running

FTL started!
root@chimaera:~#

I then immediately query the pihole-FTL status to check if this is so ...

root@chimaera:~#  service pihole-FTL status
[    ] pihole-FTL is not running
root@chimaera:~# 

... but no.
As you can see it reports as 'not running'.

Here are lines 28 to 47 from the FTL.php script mentioned in the debug output:

...
 28 }
 29 
 30 function connectFTL($address, $port) {
 31     if ($address == DEFAULT_FTL_IP) {
 32         $config = piholeFTLConfig();
 33         // Read port
 34         $portfileName = isset($config['PORTFILE']) ? $config['PORTFILE'] : DEFAULT_FTL_PORTFILE;
 35         if ($portfileName != '') {
 36             $portfileContents = file_get_contents($portfileName);
 37             if (is_numeric($portfileContents)) {
 38                 $port = intval($portfileContents);
 39             }
 40         }
 41     }
 42 
 43     // Open Internet socket connection                                       <-------             
 44     $socket = @fsockopen($address, $port, $errno, $errstr, 1.0);  <------
 45 
 46     return $socket;
 47 }
...

How can I troubleshoot / find the cause of this problem?
ie: unable to connect to 127.0.0.1:4711 (Connection refused)

Thanks in advance.

Best,

A.

delgado

Member

Registered: 2022-07-14

Posts: 217  

Re: [SOLVED] Pi-Hole and Devuan Chimaera

Has anyone here at Dev1 installed/run Pi-Hole?

I'm running a pi-hole on chimaera, installed before migration.
(beside the adaption of the changed network device name) no further issues so far, but I'm not frequently updating.

rbit

Member

Registered: 2018-06-12

Posts: 47  

Re: [SOLVED] Pi-Hole and Devuan Chimaera

root@chimaera:~#  service pihole-FTL status
[    ] pihole-FTL is not running
root@chimaera:~# 

What is the output of:

service lighttpd status

FYI, my (very-old) FTL.php contains this:

function connectFTL($address, $port=4711)
{
	if($address == "127.0.0.1")
	{
		// Read port
		$portfile = file_get_contents("/var/run/pihole-FTL.port");
		if(is_numeric($portfile))
			$port = intval($portfile);
	}

	// Open Internet socket connection
	$socket = @fsockopen($address, $port, $errno, $errstr, 1.0);

	return $socket;
}

The next place to look would be /etc/pihole/setupVars.conf... check if anything looks off in there.

Oh, and don't forget the log files: /var/log/pihole/FTL.log and /var/log/pihole/pihole.log

Last edited by rbit (2022-08-19 23:19:13)

Altoid

Member

Registered: 2017-05-07

Posts: 1,592  

Re: [SOLVED] Pi-Hole and Devuan Chimaera

Hello:

What is the output of:

service lighttpd status

Here it is:

root@chimaera:~# service lighttpd status
lighttpd is running.
root@chimaera:~# 

FYI, my (very-old) FTL.php contains this:

function connectFTL($address, $port=4711)
{
	if($address == "127.0.0.1")
	{
		// Read port
		$portfile = file_get_contents("/var/run/pihole-FTL.port");
		if(is_numeric($portfile))
			$port = intval($portfile);
	}

	// Open Internet socket connection
	$socket = @fsockopen($address, $port, $errno, $errstr, 1.0);

	return $socket;
}

I think that whatever is going on has been caused by some change in the Pi-Hole configuration.

... next place to look would be /etc/pihole/setupVars.conf... check if anything looks off in there.

Here it is:

root@chimaera:~# cat /etc/pihole/setupVars.conf
WEBPASSWORD=688cee6d6cc168f344644ff376482d3cd6894b5d294962dd41a514887f8972b2
BLOCKING_ENABLED=true
DNSSEC=false
REV_SERVER=false
PIHOLE_INTERFACE=eth0
PIHOLE_DNS_1=127.0.0.1#5335
PIHOLE_DNS_2=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
CACHE_SIZE=10000
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSMASQ_LISTENING=local
root@chimaera:~# 

At first sight it 'looks' OK.
Not that I'd have much idea ...   8^/

... don't forget the log files: /var/log/pihole/FTL.log and /var/log/pihole/pihole.log

These are the last two  lines in /var/log/pihole/FTL.log:

[2022-08-19 18:05:28.675 1140M] Listening on port 4711 for incoming IPv4 telnet connections
[2022-08-19 18:05:28.696 1140M] Error opening IPv6 telnet socket: Address family not supported by protocol (97)

As you can see, port 4711  is mentioned.

Surely related to this line in the debugging info:

PHP error (2): fsockopen(): unable to connect to 127.0.0.1:4711 (Connection refused) in /var/www/html/admin/scripts/pi-hole/php/FTL.php:44

/var/log/pihole/pihole.log is empty.

If fsockopen gets refused trying to connect to 127.0.0.1:4711, then there is a permissions problem with port 4711.

How do I troubleshoot that, specifically?

eg:
I cannot reach port 4711 on the VM from my box:

user@devuan:~$ telnet 192.168.1.3 4711
Trying 192.168.1.3...
telnet: Unable to connect to remote host: Connection refused
user@devuan:~$ 

[root@devuan ~]# telnet 192.168.1.3 4711
Trying 192.168.1.3...
telnet: Unable to connect to remote host: Connection refused
[root@devuan ~]# 

^^^ This ^^^ means that it is closed to outside access.

pihole-FTL      uses port 67 ( DHCP )       IPv4 UDP
pihole-FTL      uses port 547 ( DHCPv6 )  IPv6 UDP
lighttpd           uses port 80 ( HTTP )       TCP
pihole-FTL      4711                                TCP

But if pi-hole needs to use it for whatever, it should be able to.
ie: part of the installation (?) to make that happen.

FTL is our API engine and uses port 4711 on the localhost interface. This port should not be accessible from any other interface.

See https://docs.pi-hole.net/main/prerequisites/

Thanks for your input.

Best,

A.

rbit

Member

Registered: 2018-06-12

Posts: 47  

Re: [SOLVED] Pi-Hole and Devuan Chimaera

root@chimaera:~# service lighttpd status
lighttpd is running.

can you open the pihole web admin page? ( try http://192.168.1.3/admin ... or whatever the machine's ip address is)

root@chimaera:~# cat /etc/pihole/setupVars.conf
WEBPASSWORD=xxxx
BLOCKING_ENABLED=true
DNSSEC=false
REV_SERVER=false
PIHOLE_INTERFACE=eth0
PIHOLE_DNS_1=127.0.0.1#5335
PIHOLE_DNS_2=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
CACHE_SIZE=10000
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSMASQ_LISTENING=local
root@chimaera:~# 

Basically the same as mine, except for PIHOLE_DNS_1=127.0.0.1#5335
This might be valid, I'm not sure, but it's not how mine is set up at all.  My pihole goes out to other DNS servers for its non-piholed queries.  I also don't see IPV4_ADDRESS or IPV6_ADDRESS in your configuration.  Mine is:

PIHOLE_DNS_1=208.67.222.222
PIHOLE_DNS_2=208.67.220.220
PIHOLE_DNS_3=198.6.100.194
PIHOLE_DNS_4=9.9.9.9
IPV4_ADDRESS=192.168.1.4/24
IPV6_ADDRESS=

[2022-08-19 18:05:28.675 1140M] Listening on port 4711 for incoming IPv4 telnet connections
[2022-08-19 18:05:28.696 1140M] Error opening IPv6 telnet socket: Address family not supported by protocol (97)

As you can see, port 4711  is mentioned.

If fsockopen gets refused trying to connect to 127.0.0.1:4711, then there is a permissions problem with port 4711.

How do I troubleshoot that, specifically?

what happens when you run these:

root@devuan:/etc/pihole# ss -tnlp | grep 4711
LISTEN     0      5      127.0.0.1:4711                     *:*                   users:(("pihole-FTL",pid=2819,fd=10))
LISTEN     0      5          ::1:4711                    :::*                   users:(("pihole-FTL",pid=2819,fd=13))
root@devuan:/etc/pihole# telnet 127.0.0.1 4711
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
root@devuan:/etc/pihole# 

delgado

Member

Registered: 2022-07-14

Posts: 217  

Re: [SOLVED] Pi-Hole and Devuan Chimaera

root@chimaera:~# cat /etc/pihole/setupVars.conf
PIHOLE_DNS_1=127.0.0.1#5335

I have the same line for PIHOLE_DNS_1. There is an unbound running on my machine, configured for port 5335 to resolve DNS (setup as described in https://forum.kuketz-blog.de/viewtopic.php?f=42&t=3067 (german)).

Did you try  a "common" DNS server, like rbit suggested?
Or what is your local DNS resolver on port 5335 and is it working?

Altoid

Member

Registered: 2017-05-07

Posts: 1,592  

Re: [SOLVED] Pi-Hole and Devuan Chimaera

Hello:

Sorry for the delay ...

... can you open the pihole web admin page?

Yes, no problem with that.

Up at the top left I have this data:

Status
    DNS service not running
    Load:  0  0  0
    Memory usage:  3.1 %

Once I log in, the four screens (green, blue, ochre and red) have no information, just 'NaN'.
If I go to the 'Settings' page, I get the error message I mentioned in previously at the top:

Error
There was a problem applying your settings.
Debugging information:
PHP error (2): fsockopen(): unable to connect to 127.0.0.1:4711 (Connection refused) in /var/www/html/admin/scripts/pi-hole/php/FTL.php:44

The system tab reads:

FTL Information
The FTL service is offline!

re: /etc/pihole/setupVars.conf

... same as mine, except for PIHOLE_DNS_1=127.0.0.1#5335

This might be valid ...

It is.
I have Pi-Hole runninng as a recursive DNS server in a Chimaera headless VM inside my box.
So I use my own DNS server.

--- note start --->

If you want to check on how it is done, check this video: https://www.youtube.com/watch?v=FnFtWsZ8IP0
There are also a couple  of  web pages: here: https://opensourcelibs.com/lib/pihole-unbound and here: https://medium.com/nerd-for-tech/recurs … a766d4f703

<--- note end ---

My pihole goes out to other DNS servers ...

Mine goes to 192.168.1.3 which is the IP of the Chimaera VM.

This setup was working perfectly well until the last upgrade to Pi-hole v5.11.4 FTL v5.16.2 Web Interface v5.13.  8^°
Maybe it was a combination of that and some Devuan update?
Did we have a Devuan update involving access to port 4711? No idea ...

what happens when you run these ...

I think I tried this one the other day.

[root@devuan ~]# ss -tnlp | grep 4711
[root@devuan ~]# 

Nothing.

Same as if I try to telnet to the VM from my box:

[root@devuan ~]# telnet 192.168.1.3 4711
Trying 192.168.1.3...
telnet: Unable to connect to remote host: Connection refused
[root@devuan ~]# 

root@devuan:/etc/pihole# ss -tnlp | grep 4711

No ...
Can't do that.
Pi-hole is not installed up in my box, it is installed in the VM.

So it would be this:

root@chimaera:/etc/pihole# ss -tnlp | grep 4711
root@chimaera:/etc/pihole# 

Again, nothing.

root@chimaera:/etc/pihole# telnet 127.0.0.1 4711
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused     <----- this is it. But why?
root@chimaera:/etc/pihole# 

Thank you very much for your efforts.
Much appreciated.

Best,

A.

rbit

Member

Registered: 2018-06-12

Posts: 47  

Re: [SOLVED] Pi-Hole and Devuan Chimaera

[root@devuan ~]# ss -tnlp | grep 4711
[root@devuan ~]# 

Nothing.

Phooey.  I was hoping another process (the old pihole?) was holding on to that port.  You can't connect, because the service is not running.  The service won't start (or rather, won't stay running) because of... something yet unknown.
Earlier you had posted this from your log:

[2022-08-19 18:05:28.696 1140M] Error opening IPv6 telnet socket: Address family not supported by protocol (97)

Would you mind trying this, add this line into the file /etc/pihole/setupVars.conf

IPV6_ADDRESS=

Then run

# service pihole-FTL start

If it doesn't start properly, check /var/log/pihole/FTL.log for other clues.

Also, in the web interface, there is a section "Pi-hole diagnosis" under the "Tools" menu.  I'm not sure whether or not that is useful.

If all else fails, nuke it (including configs) and re-install.  Sometimes that is quicker (but less satisfying) than finding the actual problem.

Last edited by rbit (2022-08-20 23:38:13)

Altoid

Member

Registered: 2017-05-07

Posts: 1,592  

Re: [SOLVED] Pi-Hole and Devuan Chimaera

Hello:

... was hoping another process (the old pihole?) was holding on to that port.
... can't connect, because the service is not running.

Exactly ...

Would you mind trying this ...

Of course:

root@chimaera:~# cat /etc/pihole/setupVars.conf
WEBPASSWORD=688cee6d6cc168f344644ff376482d3cd6894b5d294962dd41a514887f8972b2
BLOCKING_ENABLED=true
DNSSEC=false
REV_SERVER=false
PIHOLE_INTERFACE=eth0
PIHOLE_DNS_1=127.0.0.1#5335
PIHOLE_DNS_2=
IPV6_ADDRESS=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
CACHE_SIZE=10000
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSMASQ_LISTENING=local
root@chimaera:~# 

root@chimaera:~# service pihole-FTL start
Not running

FTL started!
root@chimaera:~#

root@chimaera:~# service pihole-FTL status
[    ] pihole-FTL is not running

root@chimaera:~# 

It was doing this before.

... check /var/log/pihole/FTL.log for other clues.

These are the last six lines in the log:

[2022-08-20 22:04:12.618 1362M] Successfully accessed setupVars.conf
[2022-08-20 22:04:12.620 1362M] listening on 0.0.0.0 port 53
[2022-08-20 22:04:12.641 1362M] listening on :: port 53
[2022-08-20 22:04:12.655 1366M] PID of FTL process: 1366
[2022-08-20 22:04:12.657 1366M] Listening on port 4711 for incoming IPv4 telnet connections
[2022-08-20 22:04:12.668 1366M] Error opening IPv6 telnet socket: Address family not supported by protocol (97)   <------ the only error

... a section "Pi-hole diagnosis" ...

It has always read *No issues found*.

... nuke it (including configs) and re-install.

Yes.
Not too fond of that but as I was in a hurry, I did it.
Brings bad memories of Win95/98 ...   8^°

So ...
Been there, done that.
Full nuke, clean install.
No dice, same story.

I am  convinced that the problem lies with port 4711 not being accessible to Pi-Hole.

     ---> BREAKING NEWS <----

Check this:

https://discourse.pi-hole.net/t/ftl-v5- … e/57181/17

Caveat:
The web site does not work with Pale Moon, to them it is an unsupported browser. 8^|

We found the reason why it's failing when no IPv6 is available. We'll prepare a fix for this.

root@chimaera:~# pihole checkout ftl fix/no_telnet_is_okay
  Please note that changing branches severely alters your Pi-hole subsystems
  Features that work on the master branch, may not on a development branch
  This feature is NOT supported unless a Pi-hole developer explicitly asks!
  Have you read and understood this? [y/N] y

  [✓] Branch fix/no_telnet_is_okay exists
  [i] Switching to branch: "fix/no_telnet_is_okay" from "master"
  [✓] Downloading and Installing FTL
  [✓] Restarting pihole-FTL service...
  [✓] Enabling pihole-FTL service to start on reboot...
root@chimaera:~# 

That fixed it, seems you were on the right track.  8^)
Fortunately they move fast.
Once again, thank you very much for your efforts.

Best,

A.