I did not use the new DNSMasq method (yet) because it would mean more work for me but will be done later if needed.
So i have this isolated Guest network on br1 with subnet 20.0.0.1 /24
And my private network 192.168.1.0/24 (br0)
I was reading some guides and iptable documents and i thought it should look something like this but it doesn't seem to work and have no idea how to easy troubleshoot this.
# Allow Guest Network to access Pi-Hole
iptables -I FORWARD -i br1 -o br0 -d 192.168.1.130 -p udp --dport 53 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br1 -o br0 -d 192.168.1.130 -p tcp --dport 53 -m state --state NEW -j ACCEPT
Are you sure the pi-hole knows how to route back to the Guest network? When the pi-hole is on the same network as the client, that's not an issue. The pi-hole and client are bridged; no routing required. But in order for the pi-hole to work w/ the guest network, that requires routing. And that's only going to work if the pi-hole is using the same default gateway as the rest of the network.
Thanks eibgrad for this post it worked.
Also thanks for your explanantion.