Messages

I have same problem with the traffic graph as well. Only on Chrome it works properly.

On Firefox it simply does not load at all. When using Edge the graph appears but it is rather glitchy.

So I finally found the issue.

It seems unless I specify the DNS address, my source machine (which is Windows) was unable to find the DNS address by itself for some reason I would never understand. Despite reseting and flush the DNS would come as blank. I manually wrote the DNS address and it is working now.

I also tested other devices and they are working as intended (not routing to PiHole and have net connection).


Thank you for the help.

Not sure I follow. Your original post asked how to stop all devices in the network being forced to use the pihole for DNS, as opposed to just one host. The answer given did that. So how did it %u201Cmake no difference%u201D?

If you have another issue that you didn%u2019t explain originally, feel free to do so now and provide the necessary information to help diagnose it.

Well, that is... well, unsure whether it actually stopped all devices in the network or not. But let me clarify.


1) The Firewall rule I made seems to force all devices to PiHole, including PiHole machine itself.
2) The results seems to be that the internet no longer works.


I changed the subnet mask from 24 to 32. Now.


1) It "seems" all devices except the source no longer being forced to go PiHole.
2) The results seems to be that the internet no longer works.


I thought loss of internet connection is related to this issue. But even with the original issue fixed I am not still getting internet connection for source.

One thing I noticed was based on logs, it seems PiHole itself is still being forced to go itself despite the fact that only source should be the only one. This may be the cause of the issue.

Now, based on other devices' behaviour I am uncertain whether they are being blocked in the first place (thus no internet) or not. Now I have some time to test the network (other family members using internet for their WFH so can't risk too much downtime. The reason I barely made progress in the first place  :-X ) I will test more and try verify.

Thank you for the relies. Unfortunately none of your suggestion made any difference except setting correct subnet mask to 32 which indeed stopped opnsense from dragging everything to PiHole. But it is still not working.


I remember when PiHole was on different subnet the similar setup worked. It means I have high suspiction that this NAT somehow affect how PiHole interact to outside.

[want]

No, you want it to be /32 if you just want it to apply to one IP. At the moment it is applying to the whole network hence the behaviour you are seeing

It would also make sense to invert the destination so that the rule only applies where the destination is not already the pihole IP

I see, I was confused myself. See if I can tweak again when the internet is not in use.

You sure about inverting destination? As now it is configured as "any destination going DNS port". If I invert it then it would be "Any destination NOT going DNS port", which means I send all non-DNS query to PiHole. This is my understanding.

In source ip section you should change /24 to /32 if you only want it to apply to a single IP. /24 is the whole network.

Sorry for the confusion, it is supposed to be /24 not /32. I have no idea why it was shown /32 when I took the screenshot.

Yes, I am still having this problem. For some reason, out of blue, now at least Internet works (before that it was not the case) but still every single devices are forced to go pihole machine with this configuration (with /24 of course.)

I forgot to add the config of the firewall rule.



NAT Reflection is disabled, and Filter rule association is "Pass".

It should restrict DNS from the ip address 192.168.1.207 to 192.168.1.205 (which is pihole machine) but instead it applies the rule to ALL devices, including the pihole itself.

In short, I cannot properly set firewall Port Forward rule for a single host or network.

Even if I select "single host or network" and put ip address, the firewall tries to force the rule for ALL devices in the interface, screwing up connections.

With recent upgrade to 21.1 which now gives me some kind of error report, I noticed there is some problem with php.

Code Select Expand


[11-Feb-2021 18:40:25 America/Los_Angeles] PHP Warning:  implode(): Invalid arguments passed in /usr/local/www/firewall_nat_edit.php on line 216
[11-Feb-2021 18:41:17 America/Los_Angeles] PHP Warning:  implode(): Invalid arguments passed in /usr/local/www/firewall_nat_edit.php on line 216


Is there any way to manually configure firewall rule via CLI?, like using nano? I submitted report but I don't think I can wait for a long time to make this happen.