I have a PiHole setup on a RPI3, connected to a Tomato-based router. The Tomato router has a primary network 192.0.1.1-99 and a guest network 192.0.2.1-5. After installing PiHole on the RPI3, I used the Tomato's Advanced>DHCP>DNS>Dnsmasq>dhcp-option=6,192.0.1.99 setting to access the PiHole’s DNS. This worked for the primary network, which can access the WAN and blocks adds. But for the guest network, it killed the WAN connection.
I have the primary and guest networks isolated so that the guest cannot access the router using the following firewall iptables:
## BLOCK br1 (GUEST) from being able to access br0's (PRIMARY) LAN
iptables -I INPUT -i br1 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p udp -m multiport --dports 53,67 -j ACCEPT
I tried to follow some suggested iptables on the router, but got no joy. Here is what I tried:
## Adding port forwarding for guest network post pi-hole
iptables -I FORWARD -i br1 -p tcp -d 192.0.1.99 -m multiport --dport 53,80,443 -j ACCEPT
iptables -I FORWARD -i br1 -p udp -d 192.0.1.99 -m multiport --dport 53,80,443 -j ACCEPT
If there is a way to both (A) have PiHole setup and working on the primary network using dnsmasq and (B) have a guest network that can access the WAN?
Expected Behaviour:
Guest network on router can access the WAN when the primary network on the router is using Pi-Hole and the dnsmasq setting dhcp-option=6,192.0.1.99.
Actual Behaviour:
Guest network on router cannot access the internet when dnsmasq is set to dhcp-option=6,192.0.1.99.