![\"A](\"https:\/\/www.lguruprasad.in\/blog\/wp-content\/uploads\/2025\/01\/My_Network.png\")
<\/a>As shown in the above diagram, I also have a Pi-hole<\/a> instance that acts as the DHCP and DNS server for my home LAN. It works well to provide network-level ad-blocking services for all devices in the LAN. However, some devices, Android devices in particular, often ignore the DNS server provided by DHCP and use the hard-coded Google DNS instead, bypassing ad-blocking. Even that is okay in many cases, except a few. We have a Sony X90H smart television that runs the Android TV operating system. Without network-level ad-blocking, it shows a lot of non-dismissible advertisements for content from apps that we haven’t installed or used. So I have always used a firewall device of some sort to force the usage of Pi-hole as the DNS server in my LAN. I have done this in the past with a Netgear Nighthawk R7000 router running the FreshTomato firmware<\/a>, a Seeed Studio reRouter, and a GL.iNet Beryl AX travel router since last evening.<\/p>\n\n\n\n Speaking of that, the reRouter device, which I have used for 2+ years now, has been crashing and boot-looping frequently in the past few months and causing internet disconnections. I have been planning to replace that with a more reliable and powerful x86 mini-PC with OPNsense<\/a> on it. I ordered the Skullsaints Onyx Intel 12th Gen N100 Mini PC <\/a>last night for this new project. This was an easy choice since I have been hearing good things about N100 mini PCs on the Late Night Linux<\/a> family of podcasts. While I waited for the delivery, I set up the GL.iNet Beryl AX travel router as a stop-gap replacement. <\/p>\n\n\n\n I bought this specific product because it has 4 2.5G Ethernet ports, which would allow me to do internet load balancing too in the future and simplify my networking setup. It came with a no-name brand 256 GB M.2 NVMe SSD preloaded with Windows 11 Pro and 8 GB of RAM. As I had read reviews about this device heating up due to lack of\/dried thermal paste, I checked and confirmed that the thermal paste was intact.<\/p>\n\n\n\n Then I downloaded the latest OPNsense image, In the above page, I configured the hostname, domain and the DNS servers used by OPNsense. I specified I configured my timezone in this page.<\/p>\n\n\n\n This page had a lot of options for configuring the WAN interface (I will need to revisit these when doing the multi-WAN load balancer setup in the future). I set up a static IP for the WAN interface in the In this page, I configured the LAN interface address to be the same as what I had in the previous setup. In the following page, I configured the root password and completed the wizard to apply the configured changes. With this setup, I had a working router between my LAN and the load balancer. <\/p>\n\n\n\n Since the metal top of the mini PC’s case acts as a passive heat sink, I could feel it getting very hot even though the OPNsense thermal sensors showed a low, static temperature. I will monitor this in the coming days to make sure that there are no thermal issues.<\/p>\n\n\n\n<\/a>dd<\/code>‘ed it to a USB flash drive and installed it on this device. Then I opened up the OPNsense web interface and went through the setup wizard to configure the firewall. When I installed it in place of my previous firewall, nothing worked and I had no idea why. I took help from the friendly folks on the #OPNsense<\/code> IRC channel on libera.chat to correct my mistakes and get the configuration working the way I wanted it to. Below are the details of how I did it.<\/p>\n\n\n\n<\/a>192.168.2.3<\/code>, the IP address of my Pi-hole instance, as the primary DNS server and added the Google DNS address as the secondary. Even though it wasn’t necessary, I left the built-in Unbound resolver enabled.<\/p>\n\n\n\n<\/a><\/a>192.168.0.0\/24<\/code> subnet, since that is what I had used in the previous setup. I also disabled the blocks for accessing RFC1918 networks and bogon networks (this was not necessary) from the WAN-side, since this device doesn’t directly connect to the internet.<\/p>\n\n\n\n<\/a>