ISC DHCP to dnsmasq Migration: NAS VLAN loses internet access while other VLANs

Started by JustNo1, Today at 01:17:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 01:17:40 AM Last Edit: Today at 01:44:49 AM by JustNo1
After migrating from ISC DHCP to dnsmasq DHCP on my OPNsense firewall, my NAS VLAN (10.32.13.0/24) stopped having internet access. Devices receive IP addresses from dnsmasq but cannot reach the gateway (10.32.13.1) or external addresses like 8.8.8.8. Interestingly, this only affects the NAS VLAN – my WLAN and other VLANs continue to work fine with dnsmasq. Before the migration, internet access worked on all VLANs.

Current Configuration (NAS VLAN):

dnsmasq DHCP Range Settings:
Interface: NAS
Start Address: 10.32.13.2
End Address: 10.32.13.6
Subnet Mask: automatic
Mode: Nothing selected
Lease Time: 86400
Domain: (empty)

dnsmasq Global Settings (relevant):

Interface [no DHCP]: Nothing selected
DHCP FQDN: ✅ Enabled
DHCP local domain: ✅ Enabled
DHCP authoritative: ❌ Disabled
Router advertisements: ❌ Disabled
DHCP register firewall rules: ✅ Enabled

Firewall Rules (NAS):

IPv4 → NAS address (Zugriff NAS)
IPv6 → ! RFC4193_Networks (IPv6 Internet)
IPv4 → ! RFC1918_Networks (IPv4 Internet)

Comparison with Working VLAN (WLAN):

The WLAN VLAN works perfectly with dnsmasq and has these settings:
Start Address: 10.32.11.3
End Address: 10.32.11.62
Subnet Mask: 255.255.255.192

Firewall Rules: Similar structure with internet access enabled

Troubleshooting Performed:
✅ Firewall rules exist for internet access
✅ Devices receive IP addresses (DHCP works)
❌ Ping to gateway 10.32.13.1: 100% packet loss
❌ Ping to 8.8.8.8: 100% packet loss
✅ Devices can ping each other within the VLAN
✅ NAS VLAN interface and VLAN configuration unchanged since migration
✅ Other VLANs with dnsmasq work fine

Observations:

The issue appears to be DHCP-related (ISC DHCP worked, dnsmasq doesn't for this VLAN)
Gateway/Router and DNS Server options are not explicitly set in the dnsmasq DHCP range configuration
DHCP authoritative is enabled – could be causing conflicts
Subnet mask is set to 255.255.255.248 (/29)

Questions:

Why does this only affect special VLANs while most work fine?
Any help would be greatly appreciated. I can provide additional screenshots or configuration details if needed.

System Info:

OPNsense 25.7.10
Multiple VLANs (NAS, WLAN, Banking, DNS, etc.)
Migrated from ISC DHCP + Router Advertisement to dnsmasq

Edit: Nameserver and interface address (both 10.32.13.1) getting recognised by the Clients
Print
Go Up Pages1
User actions