Hi,
I have this setup:
internet
|
router (openwrt)
/ \
br-lan br-pve
| \
(this lan pfsense-lan
has access \
all networks) homelab network
All devices that are connected to br-lan has access to any network in the openwrt.
I have a wireguard client on openwrt that tunnels to the pfsense-lan, I can ping the ips and connect to the hosts behind pfsense lan without any issues.
What I'm trying to do is to have the pfsense-lan dns resolving the hostnames from that network on my openwrt lan without having to map each hostname in openwrt.
nslookup is working and able to resolve the ip from a hostname if I pass the pfsense ip:
nslookup host.example 192.168.0.1
Server: 192.168.0.1
Address: 192.168.0.1#53
Name: host.example
Address: 192.168.0.10
I have adguardhome installed and my dnsmasq is using port 54. I tried some of the examples in this page https://openwrt.org/docs/guide-user/base-system/dhcp_configuration but was not able to make it work.
Here are my configuration files:
Network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix '----'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan2'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'guest'
option proto 'static'
list ipaddr '192.168.3.1/24'
config interface 'work'
option proto 'static'
list ipaddr '192.168.4.1/24'
config interface 'bootcamp'
option proto 'static'
list ipaddr '192.168.5.1/24'
config device
option name 'wlan0-1'
config device
option name 'wlan0'
config device
option name 'wlan0-1'
config device
option name 'eth0'
config device
option name 'lan1'
config device
option type 'bridge'
option name 'br-homelab'
option ipv6 '0'
option mtu '1500'
option macaddr '----'
list ports 'lan1'
config interface 'homelab'
option proto 'static'
option device 'br-homelab'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
config device
option type 'bridge'
option name 'br-pve'
list ports 'lan3'
option macaddr '-------'
option ipv6 '0'
config interface 'pve'
option proto 'static'
option device 'br-pve'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
config interface 'pfsense_vpn'
option proto 'wireguard'
option private_key '------'
list addresses '192.168.69.2/24'
config wireguard_pfsense_vpn 'wgserver'
option public_key '---'
option preshared_key '---'
option endpoint_host '192.168.20.10'
option endpoint_port '-----'
option persistent_keepalive '25'
option route_allowed_ips '1'
list allowed_ips '192.168.0.0/24'
config interface 'vpn'
option proto 'wireguard'
option private_key '---'
option listen_port '-----'
list addresses '192.168.9.1/24'
config wireguard_vpn 'wgclient'
option public_key '----'
option preshared_key '-----'
option private_key '-----'
list allowed_ips '192.168.9.2/32'
DHCP
config dnsmasq 'lan_dns'
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option cachesize '1000'
option rebind_protection '1'
option rebind_localhost '1'
option port '54'
option noresolv '1'
option domain 'lan'
list server '192.168.1.1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
list dns 'fd9f:2821:4eb6::1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '1h'
list dhcp_option '6,192.168.3.1'
list dhcp_option '3,192.168.3.1'
config dhcp 'work'
option interface 'work'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.4.1'
list dhcp_option '3,192.168.4.1'
config dhcp 'bootcamp'
option interface 'bootcamp'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.5.1'
list dhcp_option '3,192.168.5.1'
config dhcp 'pve'
option interface 'pve'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.20.1'
list dhcp_option '3,192.168.20.1'
Firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'vpn'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config zone
option name 'guest'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'guest'
config forwarding
option src 'guest'
option dest 'wan'
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '-----'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow-DNS-Guest'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Allow-DHCP-Guest'
list proto 'udp'
option src 'guest'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'Allow-DNS-Work'
option src 'work'
option target 'ACCEPT'
option dest_port '53'
config zone
option name 'work'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'work'
config forwarding
option src 'work'
option dest 'wan'
config rule
option name 'Allow-DHCP-Work'
list proto 'udp'
option src 'work'
option target 'ACCEPT'
option dest_port '67-68'
config rule
option src 'concentra'
option target 'ACCEPT'
option name 'Allow-DNS-bootcamp'
option dest_port '53'
config rule
option name 'Allow-DHCP-bootcamp'
option src 'concentra'
option target 'ACCEPT'
option dest_port '67-68'
list proto 'udp'
config zone
option name 'concentra'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'bootcamp'
config forwarding
option src 'concentra'
option dest 'wan'
config zone
option name 'homelab'
option output 'ACCEPT'
option forward 'REJECT'
option family 'ipv4'
option input 'REJECT'
list network 'homelab'
config forwarding
option src 'homelab'
option dest 'wan'
config rule
option src 'homelab'
option dest_port '53'
option target 'ACCEPT'
option name 'Allow-DNS-homelab'
config rule
option src 'homelab'
option target 'ACCEPT'
option name 'Allow-DHCP-homelab'
option dest_port '67-68'
option family 'ipv4'
list proto 'udp'
config forwarding
option src 'lan'
option dest 'homelab'
config zone
option name 'pve'
option output 'ACCEPT'
option family 'ipv4'
option input 'REJECT'
option forward 'REJECT'
list network 'pve'
config forwarding
option src 'lan'
option dest 'pve'
config forwarding
option src 'pve'
option dest 'wan'
config rule
option name 'Allow-DNS-pve'
option src 'pve'
option target 'ACCEPT'
option dest_port '53'
config rule
option name 'Allow-DHCP-pve'
option src 'pve'
option dest_port '67-68'
option target 'ACCEPT'
list proto 'udp'
option family 'ipv4'
config zone
option name 'pfsense_wg'
option input 'DROP'
option output 'DROP'
option forward 'DROP'
option masq '1'
list network 'pfsense_vpn'
config forwarding
option src 'lan'
option dest 'pfsense_wg'
Thank you very much