OPNsense Forum
Archive => 20.1 Legacy Series => Topic started by: forgotmytowel on February 28, 2020, 07:52:20 pm
-
Hello all,
I'm brand new to OPNSense as of 3 hours ago, but had been using PFSense for about 2 years.
Some hiccups in getting started, mostly because I was moving too fast I think, but I have internet and DHCP leases working now for the basics, as long as I utilize a public resolver first.
I've been using Pi Hole for years as well, and have it configured on my network with a StaticIP, but every time I try to change OPNSense to utilize it, my name resolution (and therefore internet access) break.
How can I start to troubleshoot this? I would appreciate any guidance! I can see the queries leave the box in the firewall, and I can see them get forwarded successfully in pihole, but it's not making it back to the clients somehow?
Also, I have no gateway setup for my LAN, I can't remember if that's right -- I think it is.
-
Can you ping the pihole? I have that setup (actually running dual), no issues. You may need firewall rules if it's on a different subnet, that's no different than it would have been in pfSense though. Did you verify the IP address?
I specify my pihole addresses in the DHCP page in services. I also run the Unbound service (not on the Rpi) for local device resolution. I have checked Register DHCP leases and Register DHCP mappings. DNSmasq is not enabled. Hopefully that helps some.
-
Hey!
I appreciate your response. I think this is what I'm doing.
The PI IP is on the same subnet. I can ping it, and view the webgui.
I attached some screenshots in the hope they can shed some light where I'm going wrong.
Thanks!
-
one more for system
-
Yeah that looks fine. On pihole (log into command line) can you ping a web page, say "ping www.example.com" and does it resolve it? If not, the problem in on pihole.
Did you set up the default rules for outbound traffic from the LAN (i.e., LAN NET) to WAN (i.e., ANY)? Could be that.
Check your firewall log to make sure you're not getting blocked.
-
It's the pihole.
It can't ping.
I haven't set up any rules, it's only using the auto-generated rules at the moment. Should I need a rule to allow outbound access from LAN? Internet works fine with 1.1.1.1 -- do I need a rule to allow outbound on 53 from a source IP other than the firewall itself?
Thanks!
-
If you can get out you're fine. Are you on the pihole beta? It's solid and I've been running it for a couple weeks. Some nice new features. Might fix your issue too. Or if not interested in the beta you can try to do a repair:
sudo pihole -r
https://pi-hole.net/2020/01/19/announcing-a-beta-test-of-pi-hole-5-0/
-
First off, thanks so much for leading me to the resolution. I'm very appreciative!
So I got to thinking about what you said, and I had an epiphany right as I was falling asleep last night that the gateway address for my pf box is different than what I set for this opn box! So this morning I logged into the pi, did a repair, and set the static IP settings correctly.
It still did not work. Hmmm.
Eventually I had to manually edit the dhcpcd.conf file in /etc to get it to click -- but it did! Maybe I'll open a bug for the pi-hole guys. I would figure the static assignment screen in the setup/repair config would take care of it.
I've used the 5 beta and enjoyed, I'll set it up on this one soon too.
Once again, thanks so much for your help!