Thank you for the community add. I’m a fan of all your videos. This is my first time posting so I’ll try to be concise.
I’ve watched many of the videos and I believe I have my network setup correctly but I just have some basic questions/confirmations:
PfSense is on 192.168.10.1 / Hostname: PfSense / Domain: Gothambeat
My main network is 192.168.10., VLANS are on 192.168.2. (lighting equip.), 192.168.40.(guest), 192.168.50.(Cameras), 192.168.60.*(IOT)
- PFSENSE/System/General Setup/ DNS set to my PiHOLE IP (192.168.10.62)
- PFSENSE/Services/ (LAN/VLANS) / DNS set to my PIHOLE IP (192.168.10.62)
- PFSENSE/Firewall/Filters/
allow LAN and VLANS access to port 53 on PiHOLE IP (TCP/UDP) (using PIHole alias)
BLOCK all VLANS from access to LAN and each other - PiHole / Settings / DNS/ Cloudfare IPv4 boxes checked
- PiHole / Settings / DNS / Allow only local requests box (Checked)
- PiHole / Settings / DNS / Never forward non-FQDN
AandAAAAqueries (Checked) - PiHole / Settings / DNS / Never forward reverse lookups for private IP ranges (Checked)
- PiHole / Settings / DNS / Use Conditional Forwarding
Local Network: 192.168.0.0/16 | DHCP Server: 192.168.10.1 | Local Domain: gothambeat
Questions:
- Does this all look correct
- Do I need to block port 53 on each VLAN from anything but the pihole? WHen I do this I lose internet access so I’m not sure if this ties to questions 3 and 4 below?
- In the PiHole should I have the PfSense DHCP server (192.168.10.1) listed as an upstream DNS server?
- Do I need any firewall rules specific to the PfSense host? (ex. Allow all destinations?)
- IF I want a specific VLAN to bypass PiHOle (ie IOT), do I just set the DHCP Server DNS to something like google or cloudfare (8.8.8.8, 1.0.0.1)?
- I don’t believe there are any UNIFI implications since it’s just serving up my wireless SSIDs
Thank you in advance