Messages

coffeecup25,

I agree about the Cisco switch but I got it cheap and needed at least 16 ports. Yes, it is factory reset and in dumb switch mode with the only change being to move the management GUI address to be within my DHCP range.

When I tried to use KEA, the MAC address binding table appeared to be ignored and all ports were assigned dynamically. Since I have spent many days just to get where I am now, I'm reluctant to attempt switching back to KEA again... Does dnsmasq allow for the same DNS override? What I want is for the DHCP portion of dnsmasq to tell the clients that PiHole (Statically positioned within my subnet) is the primary DNS serve. Right now, it is sending clients the OPNsense gateway address (192.168.1.1) which subsequently gets forwarded on to PiHole. Currently my only drawback is that PiHole's statistics are all pointing to the single gateway address instead of breaking up the statistics based on which client is requesting.

Another observation I made was that in order for the MAC address reservations to take effect, I had to power cycle every client. Rebooting OPNsense had no effect. I never had this issue or this much trouble when using the old Cisco router.

After 4 full days of fighting this system I finally have it ALMOST working the way I want it. This shouldn't be this hard!
Obtained a Cisco SG300-20 switch. System is Cable modem <-> OPNsense PC <-> Cisco switch <-> All clients (plus many static addresses).
1) Tried using DHCP server in switch. No-Go. Subnet crossing issues always prevented accessing one of the two GUI interfaces or internet.
2) Set up ISC-DHCP server in OPNsense No-Go. None of the static addresses would bind. And, Yes, I only enabled one server at a time.
3) Set up dnsmasq server, No-Go. Same issue, no MAC address binding would work.
4) Set up KEA-DHCP server. Everything local worked but no internet access.
5) Went back to dnsmasq server, imported my exported bindings but none worked. This is where I discovered that the cable modem had to be power cycled each time I inserted and removed the OPNsense PC or it would refuse to pass anything through
6) I finally got the MAC address binding to work by deleting all reservations entered under the hosts tab and adding them back one at a time via the leases page add button.
7) Configured and enabled the blocklist option in dnsmask and it would not block anything! Even manually entered block domains went right through. Using the test tab feature showed every attempt passed so I went back to my PiHole server.
8) Another day of trying to get OPNsense to point to my PiHole server as the only DNS pathway.  Now working... Almost..

My only remaining issue is that the OPNsense is sending all clients to 192.168.1.1 instead of the PiHole address. /etc/resolv.conf shows the PiHole
 address but the clients are receiving the gateway address instead. It looks like all DNS requests are passing through OPNsense to get to PiHole.
Any ideas on how to get the DHCP server to advertise the PiHole address to clients?

drosophilia,
So, if I understand you, my best option is to spin up the Kea DHCP server in OPNsense and port my DHCP configuration and MAC address binding tables to it. Then either demote or replace my Cisco RV325 small business router with a switch since it is no longer supported or receiving updates.  Question, does ONPsense replace the need for using  PiHole? It has been a wonderful addition to my network for years now and I immediately notice it's absence whenever I am not on my home network. I would still like to have the DHCP server point to PiHole as a pre-fiter if ONPsense does not keep updated advertising block lists.

I just installed OPNsense for the first time on a dedicated small form factor PC. After getting both WAN and LAN ports configured, it looked like everything was working from the console's point of view, but, I am finding that the majority of normal sites are being blocked. Zerohedge and Yahoo work perfectly but YouTube, eBay, and most other sites timeout attempting to load. Also, my IP phone (Ooma) won't connect either.
Details:
 - The OPNsense firewall PC is between my Cisco router (LAN) and the cable modem (WAN).
 - The Cisco router (Manages the full local LAN) and uses a PiHole server for DNS filtering. All DNS request go through PiHole.
 - FYI, PiHole has been in use for many years now with no issues.
 - I have not added any filters or rules, just whatever is included in the default install.

Any help is appreciated.  I've had to bypass the firewall until I can figure this problem out.