OPNSense is a full blown firewall/router, but in one case, we needed to disable everything except the dhcp and dns servers. This is very inefficient, from what I can see, but there were not any DHCP/DNS appliances that I had found, and the stability and usability of OPNSense made it the choice.
To do this, we performed the following steps:
Basically, our client had an existing network set up with Cisco hardware, including a firewall/router. This device was also responsible for an N2N connection to a satellite office. While OPNsense could easily replace this, the client was very resistant to doing so.
However, the firewall had, at best, a basic DHCP/DNS server, at least as far as the IT people involved were able to determine. The original engineer was no longer available, so we were in a situation where we would need to hire a third party to do this, figure it out ourselves, or simply get a DHCP/DNS server to add to the network. The original setup had included a poorly engineered system using Webmin/DHCP/Bind.
The original engineer had over-designed the system with 5 VLAN's, whose paths were defined by rules in both the network switch and the firewall. Thus, we needed to build the replacement DHCP/DNS server with as little impact on the existing structure as possible.
We did a basic install of OPNSense on a Protectli FW2 firewall NUC. After installation, we left the WAN interface alone, and set up VLAN's necessary for the network. It was determined that one VLAN was actually the primary, so that was chosen as the “LAN” interface at this stage. All of this work was done from the CLI.
At this point, we moved to the WebUI. The first task was to disable the WAN interface completely, then set the LAN primeVLAN interface to use the Cisco router as it's gateway.
We then created networks,default routes and DHCP for the remaining VLAN's.
Finally, we went in and set up Unbound to serve as the DNS server for the all of the LAN networks.