diff --git a/ansible/roles/podman/tasks/container-pihole.yml b/ansible/roles/podman/tasks/container-pihole.yml
index eca4f06..e4f338d 100644
--- a/ansible/roles/podman/tasks/container-pihole.yml
+++ b/ansible/roles/podman/tasks/container-pihole.yml
@@ -30,20 +30,19 @@
     cap_add:
       - CAP_NET_BIND_SERVICE
       - NET_ADMIN
-    network:
-      - host
     env:
       DNSMASQ_USER: "root"
+      INTERFACE: "tap0"
       PIHOLE_UID: 0
       TZ: "America/New_York"
+      VIRTUAL_HOST: "{{ pi_server_name }}"
       WEBPASSWORD: "{{ pihole_password }}"
-      WEB_PORT: 8082
     volumes:
       - "{{ pihole_path }}/config:/etc/pihole"
       - "{{ pihole_path }}/dnsmasq:/etc/dnsmasq.d"
     ports:
-      - 53:53/udp
-      - 53:53/tcp
+      - 1153:53/udp
+      - 1153:53/tcp
       - 8082:80
   tags: pihole
 
@@ -52,3 +51,22 @@
   vars:
     container_name: pihole
   tags: pihole
+
+- name: Redirect DNS, DHCP, HTTP and HTTPS to pihole
+  become: true
+  ansible.builtin.iptables:
+    table: nat
+    chain: PREROUTING
+    in_interface: eno1
+    protocol: "{{ item }}"
+    match: "{{ item }}"
+    destination_port: 53
+    jump: REDIRECT
+    to_ports: 1153
+    comment: Redirect DNS traffic to port 1153
+  loop:
+    - udp
+    - tcp
+  tags:
+    - pihole
+    - firewall
diff --git a/ansible/roles/podman/tasks/firewall.yml b/ansible/roles/podman/tasks/firewall.yml
index bfda749..4393564 100644
--- a/ansible/roles/podman/tasks/firewall.yml
+++ b/ansible/roles/podman/tasks/firewall.yml
@@ -4,16 +4,18 @@
   ansible.posix.firewalld:
     port: "{{ item }}"
     permanent: true
+    immediate: true
+    zone: "public"
     state: enabled
   loop:
     - 53/tcp
     - 53/udp
+    - 1153/tcp
+    - 1153/udp
     - 80/tcp
     - 443/tcp
     - "{{ syslog_udp_default }}/udp"
     - "{{ syslog_udp_error }}/udp"
     - "{{ syslog_udp_unifi }}/udp"
   notify: restart firewalld
-  tags:
-    - firewall
-    - http
+  tags: firewall
diff --git a/ansible/roles/podman/tasks/podman.yml b/ansible/roles/podman/tasks/podman.yml
index 18c22af..6d97c72 100644
--- a/ansible/roles/podman/tasks/podman.yml
+++ b/ansible/roles/podman/tasks/podman.yml
@@ -91,7 +91,7 @@
   become: true
   ansible.posix.sysctl:
     name: net.ipv4.ip_unprivileged_port_start
-    value: "53"
+    value: "80"
     sysctl_set: true
     state: present
     reload: true
diff --git a/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2
index 0659c94..045f4a9 100644
--- a/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2
+++ b/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2
@@ -22,9 +22,9 @@ server {
     allow 127.0.0.1;
     deny all;
 
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header Upgrade         $http_upgrade;
-    proxy_set_header Connection      $connection_upgrade;
+    proxy_set_header X-Forwarded-For  $remote_addr;
+    proxy_set_header Upgrade          $http_upgrade;
+    proxy_set_header Connection       $connection_upgrade;
 
     proxy_buffering off;
     proxy_pass http://pihole;