ok thanks - sorry I was getting a little overwhelmed here (not a coder if you couldn't tell )
status after following your prev instructions (basically copied off your screengrabs):
Ports and networks isolated. Comprehensively. The device on the isolated lan port is not getting dhcp address. Could this have to do with setting STP on br1? Did so according to your settings, but the wiki says it may break dhcp
Quote:
This can cause certain services on the client device (such as DHCP) to time-out.
awesome. My hat is off to you sir. Thank you for your patience and help!
Device on lan port now on subnet and all requests going via router to pihole and back. very nice.
Final question if I may: am I correct in my understanding that this setup requires one of the solutions that makes all traffic travel via the router to the pihole? (The only thing I would like to have more in this setup is the ability to sort dns traffic by devices).
[edit]ok two final questions: in this setup, running openvpn client on the router for most clients (untrusted subnet that you just helped create is excepted) - how do I direct DNS traffic to my pihole when using the vpn without breaking things? [/edit]
this is not possible with the setup as described in the sticky.
you always have to compromise
if the clients connect directly to the pi-hole then individual sorting is possible but this breaks other network functions.
For example no LAN names can be resolved.
I would rather do without the individual sorting and keep the other basic functions.
Edit: on your last screenshot there was an additional DHCP server for br0 - of course you can remove it, it is not needed
naturally, here you go: (also, Pihole IP in Static DNS 1, static dns 2-3 and local dns all 0.0.0.0)
[edit] of note: this is on a Netgear R7000 router running 50500. Seems this router has the physical ports numbered inverse to the interfaces (ie. the codes isolate port 1 which means physical port on the router number 4 is the isolated one). [/edit]
Last edited by khalfdan on Fri Oct 21, 2022 7:04; edited 1 time in total
it does, and it gets the router as the DNS so all works as expected. thanks again, applying the same formula now to identical router in my partner's flat
@ho1Aetoo Just a very nicely written guide. Thanks. I have mine configured as an Unbound (recursive DNS) Upstream DNS Server. I wanted to experiment with force redirect all DNS queries to the Pi-Hole using iptables. Will this code work for my config.? It will force all devices on Lan and WLAN to pi-hole?
Code:
## filter on br0 (usually includes LAN and WLAN)
iptables -t nat -I PREROUTING -i br0 ! -s 192.168.1.110 ! -d $(nvram get lan_ipaddr) -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr):53
iptables -t nat -I PREROUTING -i br0 ! -s 192.168.1.110 ! -d $(nvram get lan_ipaddr) -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr):53
If you have configured it as in example 2 and enter the correct IP address then yes
Thanks. As mentioned earlier I have unbound recursive configured.
on my R7800 router (r49934). What iptables (LAN/WLAN) can I use to force DNS redirections to Pi-Hole?
Setup>Basic Setup
Connection Type: Automatic Configuration - DHCP
Ignore WAN DNS: Enabled
Shortcut Forwarding Engine: Enable
STP: Disabled
Local IP:192.168.1.3/24
Gateway: 0.0.0.0
Local DNS: 0.0.0.0
DHCP Type: DHCP Server
DHCP Server: Enabled
Start IP: 192.168.1.100
Static DNS1: 192.168.1.80 (IP of Pi-Hole on LAN)
Static DNS2 &3: 0.0.0.0
DHCP-Authoritative: Enabled
Setup>Advanced Routing
Operating Mode - Router
Setup>Advanced Routing
Operating Mode: Gateway
Services>Services
SmartDNS Resolver: Disable
Enable Dnsmasq: Enable
(All others are set to diable)
Pi Hole:
Settings>DNS>Upstream DNS Servers: All unchecked
Upstream DNS Servers: 127.0.0.0.1#5335
Potentially dangerous options: Respond only on interface eth0
Advanced DNS settings:
Never forward non-FQDN A and AAAA queries: Checked
Never forward reverse lookups for private IP ranges: Checked
Use DNSSEC: Unchecked
Conditional forwarding: Unchecked