Hi, I'm having a little issue, first my setup:
R4S (router) -> R7800 (OpenWrt AP) + RPi (Unbound DNS)
Now I created another Guest WLAN from the R7800 (in another subnet), where I set the connected clients isolated from the main LAN and it works, the clients can ping and everything is working except for the routing of the DNS, because the guest clients can't solve the DNS addresses using my Unbound RPi server (if I set manually a DNS on the guest WLAN clients they work, but it's annoying to tell the friends "insert your DNS to browse web"), so I tried to forward the request of the guest interface to the unbound server, but something doesn't work, here are my settings on the R7800:
root@R7800:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd09:48e4:ec4a::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
list dns '192.168.1.4'
list ipaddr '192.168.1.3/24'
option gateway '192.168.1.2'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5'
option vid '2'
config device
option name 'pppoe-wan'
option type 'tunnel'
config device 'guest_dev'
option type 'bridge'
option name 'br-guest'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option type 'bridge'
option device 'wlan0-1'
list dns '192.168.1.4'
root@R7800:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list device 'br-guest'
config zone 'guest'
option name 'guest'
list network 'guest'
option input 'REJECT'
option forward 'REJECT'
list device 'br-lan'
option masq '1'
option output 'ACCEPT'
option family 'ipv4'
config forwarding
option src 'guest'
option dest 'lan'
config rule
option name 'Guest-DHCP'
list proto 'udp'
option src 'guest'
option src_port '67-68'
option target 'ACCEPT'
config rule
option name 'Guest-DNS'
option src 'guest'
option target 'ACCEPT'
option src_port '53'
option family 'ipv4'
config rule
option src 'guest'
option dest 'lan'
option name 'Block-Guest-LAN'
list dest_ip '192.168.1.1/24'
option target 'REJECT'
root@R7800:~#
Thanks