Messages

To gspannu:  Thank you.  I'll give that a try tonight.

To Patrick Hausen:  Just to make sure I understand your reply and also to get a better understanding of how DNS works in opnsense, I have a couple of follow-up questions:

1) in Service->ISC DHCPv4->LAN->DNS Servers, if I set pi-hole's ip address on the first line, followed by 9.9.9.9 on the 2nd line, why wouldn't DHCP clients go to pihole first, and if pi-hole is unavailable, go to Quad 9?

2) If I leave both DNS and Gateway blank in the DHCPv4 area, would DHCP clients automatically go to opnsense and pick up the DNS setting from System->Settings->general?  If yes, and if I set pi-hole as the 1st DNS address and 9.9.9.9 as the 2nd there, would the client first use pihole, and if not available use 9.9.9.9?

I'm running opnsense version 24.1.2

I set DNS in: system->settings->general->DNS Servers to 9.9.9.9
I then set in DHCPv4 for my LAN interface in: service->ISC DHCPv4->LAN->ip of Pi-hole server

I can access the internet routing DNS requests through my pi-hole server without issues.  If I shut down the pi-hole server, I expected DNS access to revert to the general setting and send requests to 9.9.9.9.  But this didn't happen.  Instead, I'm unable to access the internet at all when the Pi-hole server is down.  I tried putting 9.9.9.9 after the pi-hole's ip address in service->ISC dhcpv4-LAN.  That didn't work either.

The behavior I want to setup is: use pi-hole as DNS if available.  If Pi-hole server is down, then use 9.9.9.9.  What's the proper way to do this?

I figured it out.  I cloned the rules incorrectly. 

I'm new to opnsense.  I set up a LAN interface with the static IP address of 192.168.31.1 during the opnsense installation process.  As expected, using a computer plugged in to LAN, I can access the internet and the opnsense UI at 192.168.31.1  I added a second lan interface (LAN1  - IP 192.168.41.1) using the opnsense UI.  To test my understanding, I want to make LAN1 behave the same as LAN.  I got DHCP to work on LAN1, but still haven't been able to get LAN1 to work like LAN.  I have the following questions:

1)   I cloned the two "Default allow lan to any" firewall rules from LAN to LAN1.  But I'm still unable to access the internet using a computer plugged into LAN1.  What additional LAN1 firewall rules do I need to make this happen?

2)   From a computer plugged into LAN, I can access the opnsense UI at both 192.168.31.1 and 192.168.41.1.  But I can't access the UI at either IP address using a computer connected through LAN1.  I noticed there's an anti-lockout firewall rule automatically generated by opnsense for LAN but not for LAN1.  Do I need to add this rule to LAN1 manually?

3)   Why is an anti-lockout rule even needed when I already have the "Default allow lan1 to any" firewall rule?

Can someone please help?