I have a guest interface that is isolated from the Lan network. I have had trouble forcing the Guest network to use the local DNS server that is being blocked by adguard home. I figured out a way to redirect traffic from port 53 on the GUESTZone to Lan on my router (192.168.1.1).
I believe I have set this up correctly. I am asking you all to see if there are any security flaws or anything that needs to be revised. Hopefully this can help out other people who are having the same issues with adguard home and/or pihole. Also, when I connect to nordvpn, I am able to access websites that were previously blocked. How can you fix this?
Let me know if there is anything I can revise
What I want resolved:
1. Verify setup and security
2. Block websites even if nordvpn is enabled
Network structure:
IOT Network (Access to Lan / No access to Wan)
Guest Network (No access to Lan / Access to Wan)
Main network (Access to Lan / Access to Wan)
/config/firewall
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Forced DNS - Guest'
option src 'GUESTZone'
option src_dport '53'
option dest_ip '192.168.1.1'
/config/DHCP
config dhcp 'GUEST'
option interface 'GUEST'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.1.1'
