Text only | Text with Images

OPNsense Forum

English Forums => 26.1, 26,4 Series => Topic started by: sigma on March 28, 2026, 11:00:56 PM

Title: completely lost after switch to this new method.
Post by: sigma on March 28, 2026, 11:00:56 PM
Hi,

After switching to Dnsmasq DNS & DHCP, nothing I did before works now.

example.
-setup a vpn as the steps that i used before changed.
-have my network use a vpn service(all computers, wifi)
-I used to defer ips(static ip) from using VPN(like TVs, iot etc.)
-block iot devices from internet completely(I had it working but an hour later the iot's connected to the internet so, that is a big fail)
-have 2 different dhcp ranges(example 192.168.1.1, 192.168.2.1) each with its own dns service

I have tried so many different options(some things I could not find. like the manual dns for each dhcp range) that I have lost track of what I did. I have been trying to get this working(with my spare time that I have) since v26.

If anyone may help me to get the above working it would be most appreciated and many thanks.
Title: Re: completely lost after switch to this new method.
Post by: Patrick M. Hausen on March 29, 2026, 02:24:55 PM
What steps exactly with all details did you try that are not working? Your post contains ways too little information to help.
Title: Re: completely lost after switch to this new method.
Post by: sigma on April 04, 2026, 05:38:28 PM
Quote from: Patrick M. Hausen on March 29, 2026, 02:24:55 PMWhat steps exactly with all details did you try that are not working? Your post contains ways too little information to help.
Thank you for replying.

I guess I will start with the blocking internet for a range of IP's.
- fireware
   -rules(new)
   +(ADD)
   enable
   description
      -blockip
   interface
      -lan
   quick
      -on
   action
      -block
   direction
      -both
   version
      -ipv4
   protocol
      -any
   source
      -internet net, internet address
   source Port
      -any
   destination
      -IOT devices (I have set an aliase and direct IP)
   destination Port
      -any

I have tried different combinations with interface, direction, source, destination.
thanks
Title: Re: completely lost after switch to this new method.
Post by: Netlearn on April 05, 2026, 03:05:43 AM
Assuming that the alias has been created correctly:

Quote from: sigma on April 04, 2026, 05:38:28 PMinterface
      -lan

That implies that the IoT devices resides in the "lan" interface. If they are in a different network, choose accordingly.

Quote from: sigma on April 04, 2026, 05:38:28 PMdirection
      -both

Only direction "in" is needed if you want to prevent the IoT devices accessing outside.

Quote from: sigma on April 04, 2026, 05:38:28 PMsource
      -internet net, internet address

Source should be your IoT devices (the alias you created beforehand).

Quote from: sigma on April 04, 2026, 05:38:28 PMdestination
      -IOT devices (I have set an aliase and direct IP)

Destination should be "Any" if you don't want them to communicate outside their network.
Title: Re: completely lost after switch to this new method.
Post by: sigma on April 24, 2026, 04:43:03 PM
Hello,

after making the changes the iot devices are not blocked. the way I test this is load the app(wifi=off) and I can still control the iot devices.

the setup of the alias below
type: internal (automatic)
content: x.x.x.x - x.x.x.x

thanks for your help
Title: Re: completely lost after switch to this new method.
Post by: Netlearn on April 26, 2026, 01:01:00 AM
Try Alias with

Type > Host(s)

Content > The IP addresses of the devices you want to block as:
    1.2.3.4
    5.6.7.8
    ...
Text only | Text with Images