DHCP works, DNS does not (VLAN + Tomato AP)

    I have an access point running Tomato firmware using VLANs.

    Now I am facing a strange issue, maybe somebody can help me: The access point is connected to pfSense with a static IP address. The VLANs, DHCP and unbound are configured in pfSense to also listen on the VLAN interfaces.

    When I connect to the AP I can access pfSense via the VLAN-subnet and the "normal" LAN-subnet, also the wireless clients receive an IP address from pfSense. So the connection generally works fine.

    If I try to resolve a hostname, I don't get any reply. Also accessing the internet via IP addresses does not work. The firewall rules for the VLANs have a single "pass all from any to any" rule. NAT is set up automatically by pfSense and includes the VLAN's subnets.

    I guess it's a routing issue, but I can't figure out what's wrong. When I capture packets on pfSense I can see packets arriving on the VLAN interfaces but no reply is sent. Telnetting to the DNS server (port 53) doesn't give any reply either.

    Any idea what else I could check? I tried to ping directly from the AP as I thought there is some kind of packet filter active, but no use.

    Post the fierwall rules screenshot!

