I am using an rpi 4 with Openwrt as a routed wireless access point, as per this tutorial.
Everything works just fine.
Recently, I have altered my DNS settings to running a local Unbound DNS on my OPNSense firewall at internal IP 10.0.0.254. I have 3 devices, where 'n' in the wireless interface address below is either 10, 20, or 30. All other devices i.e. workstations etc within the internal VLAN networks can access the 10.0.0.254 unbound address. There are no ingress or egress rules on my switch ports, they have been removed for testing this problem.
The network is as follows:
local device -> (wifi) -> 192.168.n.1 -> 10.0.40.0/24 -> (static route on switch to firewall) -> 10.0.0.254
I cannot get DNS on the wireless interfaces, regardless of how I set the forwarding or whether the DNS address on the device is the wireless interface itself (192.168.n.1) or the unbound instance on the firewall (10.0.0.254), or the VLAN inteface on the firewall (10.0.40.1). DNS does work when setting to 184.108.40.206 on the device.
Is there a way to forward DNS queries from the wireless interface to the internal VLAN? Do I need to set the DNS address on the device to the wireless interface or the internal 10.0.0.254 interface?
Here are my firewall settings for all devices, is there some kind of issue with port forwarding across networks? I have tried all combinations of network routing, including changing the firewall routing away from the VLAN and forwarding to the 10.0.0.254 interface.
This is my usual firewall routing:
The following post replies show an example of using the 10.0.0.254 interface. In my normal configuration, the "Interfaces" do not change only difference is the firewall route from the wlan0 to vlan40dhcp instead of wlan0 to lan.