Forums

meazz1
meazz1
Offline
Resolved
0 votes
This is what I'm trying to setup but I think I need to do something in the firewall to allow PiHole DNS and another devices from Lan to VLAN10 access.

LAN 192.168.4.0/24 -MGT
VLAN10- 10.0.10.0/24 -0 family use, laptop, PC etc
HOTLAN20- 10.0.20.0/24 - IoT
PiVPN 192.168.4.0/24 subnet. I want to open for 51826 in the firewall and port forward to PiVPN IP address.

I have the following setup using static IP in 192.168.4.0/24 network - Route, Unifi switch, 2 Unifi AP-AC Lite access points, Pihole, printer.
2X Unifi access points have already been setup with Vlan10 & Vlan 20 profile. One SSID for home use another for IoT.

I want to use the Pihole from my management subnet to Vlan 10 for it's DNS and ad blocker. The Lan and Vlan10 can talk to each other, I don't need to restrict this. I'm trying to make it simple.\
IoT Vlan20 will use DNS 8.8.8, no need for PiHole access.

Now, what would be the most simplest way i Can implement this? I probably need some firewall rules but not sure how to.
Sunday, June 06 2021, 09:12 PM
Share this post:

Accepted Answer

Monday, June 07 2021, 07:23 AM - #Permalink
Resolved
0 votes
I am not sure what PiVPN is doing and, if you want to route via it, I am not sure how to achieve it. Are you aware that ClearOS can use OpenVPN as a VPN server?

You can use PiHole as your DNS for your whole network. The easiest way to do this is to point to the PiHole device in the DNS settings in the IP settings screen. Then you can hand out the ClearOS LAN IP as your DNS server in the DHCP server for all subnets. If you want vlan20 to use a different DNS server, just configure the DNS server in that LAN's DHCP settings. No special firewall rules are needed for this.

An alternative configuration would be to use a regular DNS server for ClearOS IP settings. In vlan20 configure ClearOS as the DNS server in the DHCP server and in the other DHCP servers configure the PiHole IP as the DNS server in the LANs' DHCP servers. No special firewall rules are needed for this.

The only obvious firewall rule needed is the port forward to 51826. Nothing is needed between the LAN and vlan10 as LAN subnets are open to each other.
The reply is currently minimized Show
Responses (1)
  • Accepted Answer

    meazz1
    meazz1
    Offline
    Monday, June 07 2021, 10:30 PM - #Permalink
    Resolved
    0 votes
    Thanks, it was easier than I thought.
    I misquoted, I meant I use WireGuard, don't know where pivpn came from.
    The reply is currently minimized Show
Your Reply