kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Guest VLAN internet - DNS pointed to non-existent IP

Browse Source 
Root cause: OPNsense DHCP and firewall rules referenced 10.4.2.129
for Pi-hole DNS, but that IP doesn't exist. Pi-hole is at 10.4.2.11.

Updated all references in OPNsense config.xml and documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
kavren
2025-12-28 21:45:29 -05:00
parent 24728729f2
commit 1cfd87f450
2 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/DECISIONS.md
View File

@@ -107,16 +107,16 @@ Unmanaged Gigabyte switches pass VLAN tags through (they just don't understand t
#### DHCP Configuration
All DHCP served by OPNsense:
- LAN: 10.4.2.100-200, DNS: 10.4.2.129 (Pi-hole)
- Trusted: 10.4.10.100-200, DNS: 10.4.2.129
- IoT: 10.4.20.100-200, DNS: 10.4.2.129
- Guest: 10.4.30.100-200, DNS: 10.4.2.129
- LAN: 10.4.2.100-200, DNS: 10.4.2.11 (Pi-hole)
- Trusted: 10.4.10.100-200, DNS: 10.4.2.11
- IoT: 10.4.20.100-200, DNS: 10.4.2.11
- Guest: 10.4.30.100-200, DNS: 10.4.2.11
#### OPNsense Firewall Rules (Implemented)
| Rule | Source | Destination | Action |
|------|--------|-------------|--------|
| Allow DNS | IoT/Guest | 10.4.2.129:53 | Pass |
| Allow DNS | IoT/Guest | 10.4.2.11:53 | Pass |
| Block IoT→LAN | 10.4.20.0/24 | 10.4.2.0/24 | Block |
| Block Guest→LAN | 10.4.30.0/24 | 10.4.2.0/24 | Block |
| Block Guest→IoT | 10.4.30.0/24 | 10.4.20.0/24 | Block |