Accessing Xbox from different subnet
-
Yes those are the correct address pools. The xbox app allows you to put in an IP address, so there shouldn't be a reason why my iphone can't find it as per the second rule. I have IOTnet to IOTnet so devices within that subnet can talk to each other and specifically the gateway as pfsense is doing DNS. Plex_access is a list of IOT IP's that can access plex. Airplay_devices are all the IOS device IP's that the TV can access. So it is strange to me my Samsung TV can't se the airplay_devices when the Apple TV connected to a TV upstairs did when I had it. The last rule allows access to anywhere but my 10.0/8 network. And it is also why I added IOTnet to IOTnet.
-
So you don't need a rule for IoT devices to access each other, they do that directly without going through the firewall.
The IoTnet to IoTnet rule you have is only allowing access to the IoT interface address as you say.I assume the Plex server is in the LAN and the xbox is in IoT, where is the phone you are trying to control it from?
What is failing? The phone to the xbox or xbox to the server?You probably need Avahi to get airplay working across subnets.
Steve
-
If I disable the rule of IOTnet to IOTnet, devices on that network cannot reach 10.10.61.1 for DNS. I have a few DNS servers available on the DHCP service. The first is pfsense. The other are my VPN's DNS servers in case I want to use the VPN on the network. I don't want to force pfsense to do DNS like I do on my LAN. Perhaps that's what you mean when you say it allows IOT to access the interface address.
Plex is on LAN and xbox is on IOT. The iphone is on LAN. Both xbox to my iphone and to Plex is failing. And I don't know why as it is allowed by the rule I created in IOT. I do not have a similar rule in LAN because LAN can access anywhere.
Regarding airplay, I hooked up my old apple TV to at TV upstairs. I put it on IOT. I can airplay from my iphone on LAN to ATV on IOT with a rule allowing 10.10.61.12 (ATV) to access 10.10.60.12 (iphone). So I don't think it is an airplay across subnets issue unless it is the way Samsung implemented it in their TV. (Edit: So I disabled this rule to see what happened, and I can still access my ATV on IOT from my iphone on LAN. Only by changing the rule from pass to block am I not able to access the ATV. This doesn't make sense as if the rule is disabled this rule, IPv4 * IOT net * ! private_ip * Internet access, should take over and block access.)
-
Yes that rule is what is passing the DNS traffic as I said but it could be destination IoT-address. It is not passing any other traffic in the IoT subnet.
I would not expect the AppleTV or the Samsung to need a rule to your phone. The phone is initiating the connection there and that is passed on the LAN. They would only need a connection out to the internet to pull media once the phone has told them what to play.
You should add allow all rules on IoT as a test and see what still fails.
Steve
-
I figured out the airplay issue. I had band steering enabled on my WAP, and I broke out the networks to 2g and 5g. That recognized the TV for airplay. I thought that might fix my xbox issue but no.
I tried IOTnet to any, and I still can't get my iphone to connect to my xbox.
-
Nice catch on the airplay.
OK, so as I suspected it's not firewall rules preventing that traffic between the subnets. Very likely something is using some local discovery protocol that doesn't span subnets there. Try putting your phone in the IoT subnet if you can.
I would try using Avahi as that's easy to configure. Really need to know what protocol(s) the phone app to xbox connection requires.
Steve
-
Thanks for your help. I have Avahi installed, but it is not making this situation work. It seem as though xbox does not want to communicate with anything other than the Internet. Because it is not just the remote but also Plex that cannon connect, which is on the LAN. I've read some other forums that it uses mDNS, which Avahi should be able to make that work.
-
Yes, that should work with Avahi if it needs mDNS. It may just not be configured correctly.
None of this stuff is ever expected to work across subnets. Home users just have a flat network and anything else is advanced level wizardry.... right?
Unfortunately that's how developers of media players/servers seem to think.Steve
-
@mlaustin
You need a SNAT on the IOT network so the Xbox see's the traffic as coming from the same subnet. At least that's what I ended up having to do and it works.
Here is what I did.
Please upvote if it helps, I've see a number of others trying to get this work. But threads were locked.
-
Interesting. So the xbox just doesn't allow connections from outside it's subnet? And there's no way to set it to do so?
Steve
