"
After migrating from ISC DHCP to dnsmasq DHCP on my OPNsense firewall, my NAS VLAN (10.32.13.0/24) stopped having internet access. Devices receive IP addresses from dnsmasq but cannot reach the gateway (10.32.13.1) or external addresses like 8.8.8.8. Interestingly, this only affects the NAS VLAN – my WLAN and other VLANs continue to work fine with dnsmasq. Before the migration, internet access worked on all VLANs.
Current Configuration (NAS VLAN):
dnsmasq DHCP Range Settings:
Interface: NAS
Start Address: 10.32.13.2
End Address: 10.32.13.6
Subnet Mask: automatic
Mode: Nothing selected
Lease Time: 86400
Domain: (empty)
dnsmasq Global Settings (relevant):
Interface [no DHCP]: Nothing selected
DHCP FQDN: ✅ Enabled
DHCP local domain: ✅ Enabled
DHCP authoritative: ❌ Disabled
Router advertisements: ❌ Disabled
DHCP register firewall rules: ✅ Enabled
Firewall Rules (NAS):
IPv4 → NAS address (Zugriff NAS)
IPv6 → ! RFC4193_Networks (IPv6 Internet)
IPv4 → ! RFC1918_Networks (IPv4 Internet)
Comparison with Working VLAN (WLAN):
The WLAN VLAN works perfectly with dnsmasq and has these settings:
Start Address: 10.32.11.3
End Address: 10.32.11.62
Subnet Mask: 255.255.255.192
Firewall Rules: Similar structure with internet access enabled
Troubleshooting Performed:
✅ Firewall rules exist for internet access
✅ Devices receive IP addresses (DHCP works)
❌ Ping to gateway 10.32.13.1: 100% packet loss
❌ Ping to 8.8.8.8: 100% packet loss
✅ Devices can ping each other within the VLAN
✅ NAS VLAN interface and VLAN configuration unchanged since migration
✅ Other VLANs with dnsmasq work fine
Observations:
The issue appears to be DHCP-related (ISC DHCP worked, dnsmasq doesn't for this VLAN)
Gateway/Router and DNS Server options are not explicitly set in the dnsmasq DHCP range configuration
DHCP authoritative is enabled – could be causing conflicts
Subnet mask is set to 255.255.255.248 (/29)
Questions:
Why does this only affect special VLANs while most work fine?
Any help would be greatly appreciated. I can provide additional screenshots or configuration details if needed.
System Info:
OPNsense 25.7.10
Multiple VLANs (NAS, WLAN, Banking, DNS, etc.)
Migrated from ISC DHCP + Router Advertisement to dnsmasq
Edit: Nameserver and interface address (both 10.32.13.1) getting recognised by the Clients
Current Configuration (NAS VLAN):
dnsmasq DHCP Range Settings:
Interface: NAS
Start Address: 10.32.13.2
End Address: 10.32.13.6
Subnet Mask: automatic
Mode: Nothing selected
Lease Time: 86400
Domain: (empty)
dnsmasq Global Settings (relevant):
Interface [no DHCP]: Nothing selected
DHCP FQDN: ✅ Enabled
DHCP local domain: ✅ Enabled
DHCP authoritative: ❌ Disabled
Router advertisements: ❌ Disabled
DHCP register firewall rules: ✅ Enabled
Firewall Rules (NAS):
IPv4 → NAS address (Zugriff NAS)
IPv6 → ! RFC4193_Networks (IPv6 Internet)
IPv4 → ! RFC1918_Networks (IPv4 Internet)
Comparison with Working VLAN (WLAN):
The WLAN VLAN works perfectly with dnsmasq and has these settings:
Start Address: 10.32.11.3
End Address: 10.32.11.62
Subnet Mask: 255.255.255.192
Firewall Rules: Similar structure with internet access enabled
Troubleshooting Performed:
✅ Firewall rules exist for internet access
✅ Devices receive IP addresses (DHCP works)
❌ Ping to gateway 10.32.13.1: 100% packet loss
❌ Ping to 8.8.8.8: 100% packet loss
✅ Devices can ping each other within the VLAN
✅ NAS VLAN interface and VLAN configuration unchanged since migration
✅ Other VLANs with dnsmasq work fine
Observations:
The issue appears to be DHCP-related (ISC DHCP worked, dnsmasq doesn't for this VLAN)
Gateway/Router and DNS Server options are not explicitly set in the dnsmasq DHCP range configuration
DHCP authoritative is enabled – could be causing conflicts
Subnet mask is set to 255.255.255.248 (/29)
Questions:
Why does this only affect special VLANs while most work fine?
Any help would be greatly appreciated. I can provide additional screenshots or configuration details if needed.
System Info:
OPNsense 25.7.10
Multiple VLANs (NAS, WLAN, Banking, DNS, etc.)
Migrated from ISC DHCP + Router Advertisement to dnsmasq
Edit: Nameserver and interface address (both 10.32.13.1) getting recognised by the Clients
