Related post: No wireless internet for VLAN
Since above topic is marked solved, starting a new one.
I've realized the pihole setup is not working correctly. Previously, I was using multiple DNS servers in addition to pihole IP. When I switched it back to just using the pihole IP (192.168.1.5), DNS queries are not being served.
For now I'm just trying to get this work on my Guest network as I need my other devices to work. I added the traffic rule as @psherman pointed out (also as suggested in OneMarkFifty's firewall video)
No luck. I tried just forwarding guest zone to the pihole IP on port 53 to lan, but it still didn't work
When I'm connected to the Guest network, I'm able to ping the 192.168.1.5 and also access the pihole web interface. There is internet connectivity but no dns resolution i.e. I can ping 8.8.8.8 but not google.com
Attaching relevant details from
- /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,192.168.1.5,94.140.14.14,94.140.14.15,1.1.1.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config dhcp 'guest_interface'
option interface 'guest_interface'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.1.5'
Relevant Firewall:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config zone
option name 'guest_zone'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest_interface'
config rule
option name 'Allow-DHCP-DNS-Guest'
option src 'guest_zone'
option dest_port '53 67 68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-DNS-Guest'
option src 'guest_zone'
option dest 'lan'
option dest_port '53'
option target 'ACCEPT'
list dest_ip '192.168.1.5'
config forwarding
option src 'guest_zone'
option dest 'wan'