Results 1 to 5 of 5
  1. #1
    Join Date
    Mar 2018
    Toronto, Ontario

    Default Pihole install or any app on Untangle

    Here is how to install Pihole or any application available for Debian like letsencrypt, DOH, dnscrypt, speedtest-cli, ntp server, samba, nfs or even wireguard vpn! which is not available in homepro that i bought.

    On a high level we leverage the LXC Container which is part of untangle. install pihole on the container, create automatic startup for container when untangle boots up. This is pretty secure from a networking perspective since virtual switch of lxc is tied to the internal network rather than the WAN network.


    shoutout: jcoffin for confirming the lxc container can do it.

    1. enable ssh on untangle and run as root. Note that enabling it will expose ssh to the public internet. have a ruleset i made separately that will let it listen only on the private network.

    2. initialize the LXC Container. This will pull debian buster, install some deb packages.
    # /usr/share/untangle-lxc-client/bin/untangle-lxc-start

    3. login to LXC Container
    # /usr/share/untangle-lxc-client/bin/untangle-lxc-attach

    3.1 You are now inside the container. all commands below are done in LXC rather than untangle. Don't confuse running commands in untangle! create account. this useful if you want to manage the container remotely via ssh.
    # useradd -s /bin/bash -m balrog
    # passwd balrog

    3.2 install ssl certificates or else pihole install will fail. install curl as well.
    # apt install ca-certificates curl -y

    3.3 install pihole. note, won't dwell on how to configure pihole there are literally millions of howtos to do that in the internet.
    # curl -sSL | bash

    3.4 exit from lxc container.

    4. You are back on untangle. time to create startup for the lxc container so that when untangle reboots, the lxc container will also start. Have chosen to recreate startup the /etc/rc.local ala sysV init style back (love hate relationship with systemd.) instead of creating a service specific to lxc. gives me more flexibility to add startup scripts in the future.

    4.1 create service file. edit the file vi /etc/systemd/system/rc.local.service and add the following:

    ExecStart=/etc/rc.local start


    4.2 create the rc.local file by editing vi /etc/rc.local and add the following:
    #!/bin/sh -e
    # rc.local
    # This script is executed at the end of each multiuser runlevel.
    # Make sure that the script will "exit 0" on success or any other
    # value on error.
    # In order to enable or disable this script just change the execution
    # bits.
    # By default this script does nothing.
    # Balrog # have to insert sleep 60 here to prevent it from hanging.
    # Probably because of timing issue.
    sleep 60 ; /usr/share/untangle-lxc-client/bin/untangle-lxc-start

    exit 0

    4.3 set permission and ownership:
    # chmod 770 /etc/rc.local
    # chown root:root /etc/rc.local

    4.4 enable service and when untangle boots up.
    # systemctl enable rc.local.service

    4.5 start the service
    # systemctl start rc.local.service

    4.6 optional: if you want to see if the service is running.
    # systemctl status rc.local.service

    5. reboot untangle and the lxc should startup automatically. Please note that there is some delay for pihole due to some timing issue which i'm lazy to troubleshoot. have inserted 60 seconds of delay to fix this in rc.local file.

    6. access pihole web admin interface on attached screenshot below pihole_untangle.pngis proof it works. it has a hardcoded ip address of, and it does not matter if you set your internal ip to say, 192.168.1.x or 192.168.2.x. enjoy!

    7. if everything works fine, you can add the ip address as a DNS on the internal network dhcp.
    Last edited by balrog; 10-28-2020 at 05:41 PM.

  2. #2
    Join Date
    May 2020


    Any hint on how to use a new container and not Untangle's default container? I think this one is reserved for the support folks. Besides that, it is not confined:

    # cat /etc/lxc/default.conf = veth = br.lxc = up = =
    lxc.apparmor.profile = unconfined

  3. #3
    Join Date
    Mar 2018
    Toronto, Ontario


    Hi u_volto,
    All you said is correct. I'm using the Untangle lxc standards and riding on it. Like you said, tried the proper way of creating lxc, but did not work. This is more of a hack than anything else.

    If there is a proper way to do it, i'm all ears. but for now, this is the way for me to install pihole and other apps to work on, since Untangle = open source + "special source".

  4. #4
    Join Date
    Jul 2017
    Midlands, UK


    Am I correct in thinking that this LXC container will be subjected to any existing rules in place, eg in the Web Filter app etc?

    So it would be best to add it's IP to the list of Pass Clients?

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Lake Tahoe


    LXC client is the same as any other PC on the LAN.
    jim1985 likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2