unable to access ips on vlan after changing Gateway/dns
-
forgot to add
managed switch(in attic) to to the Tplink For Wifi Vlan20 that part works
-
@comet424 Why are you giving HA 3 IP's?
You have vlans setup, use them. Put HA on the IoT vlan only. Then set rules to access anything it needs to on the other vlans. -
well orginally i had 1
192.168.0.x as Home Assistant runs as a VM under unraid....... and access my network
and i had swapped out this 4 port card from my pfsense as i ehard from others instead of vlans they used individual ports for HA
so then i set up Vlan Cameras and Vlan IoT
and i have rules set to be open but still nothing so if i change to 1 port for HA on IoT then Ha going to see all the ips on Iot Cameras and lan then automaticlly?
cuz i figured it should have detected so far but doesnt
so for now i by pass my rules and just opened it up
-
@comet424 You're only allowing TCP, change it to any,
and i have rules set to be open but still nothing
What does that mean? What have you been trying to do? If just pinging, then that wouldn't work since you've been blocking ping.
-
@jarhead open it up as means
Source *
Port *
Destination *
Port *
Gateway *means it has no restrictions above any of my other rules like port 123
is what i meant to say.. sorry my disylexia gets best of me...so you can see Lan Camera Iot Devices have 0 restrictions now.. and still HA cant detect anything on the IoT or Cameras
also forgot i have a 3rd Location as the Attic is my Shop on my property..
but ya still unable to get HA to see the IoT Devices and Cameras just anything on LAN is the only thing it can detect
-
like is there other rules i need to get the HA to see it.. how come it can see things on LAN but not Camera or IoT Devices.. do i need to add something under NAT?
oh i tried PING in terminal of HA
i can ping 192.168.0.1
but i cant ping
192.168.10.1
192.168.20.1so i must still need something else right?
-
@comet424 Again, you're only allowing TCP, pings are, and are supposed to be, blocked by your rules.
Change the protocol to IPv4* -
@jarhead oh ok my bad as with my dislexia i read it as just ip4 i had set..
ill try that and see if it detects.. thanks for help so far i appreciate it
-
so i can ping now
192.168.10.1 and 192.168.20.1but i cant ping hostnames under the arp table..
so i have a camera called "cam1" like 192.168.10.21 i can ping the ip not the name
and HA still cant detect iot devices or cameras.. just whats on LAN network.. i made sure to change the TCP to *
-
Where are you testing from? What DNS server is that using to resolve those hosts?
-
@stephenw10 im testing from home assistant terminal, Home assistant Devices where it should pop up things
i also cant ping them from my desktop pc
the dns hosts are
192.168.0.1 for Lan
192.168.10.1 for cameras
192.168.20.1 for iot devices
nordvpn uses whatever dns .. from setting up per there setup..all i know
-
Ok and those IPs are the pfSense interface addresses in those subnet? So both the HA host and your desktop are using pfSense for DNS?
Are the hosts you're trying resolve all configured as static dhcp leases? Is the DNS resolved configured to resolve those?
Steve
-
so not sure 100% what you mean since i dont really change pfsense much and i recently just setup these virtual lans prior i broke up my 192.168.0.1-254 into segments to simulate vlans
so like 1-50 lan 51-100 cameras 101-200 iot devices.. so everything fit under 192.168.0.1 dnsright now i have
192.168.0.1 as a static ip and 192.168.0.3 as my unraid static ip address and HA ip address is 192.168.0.12192.168.10.2 static ip for the unraid card for HA to pass through and 192.168.10.12 for static ip of HA for the Camera side
192.168.20.2 satic ip for the unraid card for the HA pass through and 192.168.20.12 for static ip for the HA for the IoT Devices side
if you mean the dns resolver for dns resolved.. i have it set network interfaces to All and Outgoing network is setup to NordVPN to there instructions
if there is something else i need to configure.. i have no idea.. thats all i know
and at moment the Vlans Cameras and IoTs its setup for DHCP starting range at 20 and only static ips i have are what i mentioned above..
other then that i dont know... hopefully it helps.. sorry if it doesnt and i try to find more info you ask of me
and sorry if i dont make sense my disylexia it sounds ok in my head but may not explain it right
-
and i also tried adding some NAT settings for cameras to LAN and iotdevices interface to LAN and that didtn help... so wasnt sure
and i was looking at dns dnsmaq in Home assistant but wasnt sure how to set that up incase that could do the dns for the 192.168.10 and 20
-
The DNS resolver in pfSense does not resolve DHCP hostnames. To include either static or dynamic DHCP leases so other clients can resolve them you need to enable that in the resolver settings.
-
@stephenw10 and what resolver setting is that? i thought pfsense resolved all the host names least thats what i thought so if i camera is labled cam1 and you ping cam1 then pfsense resolves that.. least thats how i thought it to work
so only settings i know network interface i have set to ALL
and for outgoing network interface.. i went from the nordvpn network that was selected
and i selected nordvpn, camera,iotdevices,, so those 3 networks be selected.. as LAN automaiclly gets resolved
which i dont 100% really understand
if i plug HA directly into Cameras Switch HA can detect the cameras.. but if i go through the VLan it cant...and still unable to get camera and iotdevices to detect with HA... i saved. and rebooted all my pfsense and all the switchs and rebooted HA still cant get it to resolve so it can find all the devices on the 2 Vlans so i know im doing something wrong or missed a step
do you need pics? or is there a check box i need to check off?
-
@comet424 said in unable to access ips on vlan after changing Gateway/dns:
i thought pfsense resolved all the host names least thats what i thought so if i camera is labled cam1 and you ping cam1
well would need to be a fqdn query, cam1.yourdomain.tld etc. that your using, default is home.arpa for a while that is domain pfsense uses out of the box.
But if you want dhcp to be registered you have to enable that in the resolver settings, if you want dhcp reservations also needs to be set.
dhcp registrations has been problematic for many, since every time a dhcp lease is renewed, created, etc. it causes a restart of the resolver, so depending on how fast that happens, etc. Some people have reported issues with that settings. And been common to not to register dhcp clients. Reservations don't have the issue because they are only loaded when unbound starts, so no restart all the time. If you have lots of dhcp clients, and short leases you could have unbound having to restart every few minutes, etc.
If you want to make sure something on your network resolves, its prob best to create a reservation for it, and register those - or just create a host override for the device.. Keep in mind cam1 wouldn't resolve unless your client was adding the suffix in its query, etc. dns queries need to be fully qualified.
-
@johnpoz ok so kinda confused... how come i can ping host names static names or dhcp names under LAN but when it comes with 2 Vlans it doesnt work the same way...
ill try that add static ips for the cameras in the dhcp server... and see if Home assistant pops up automaticlly the cameras
as if i plug a camera on the LAN Home assistant detects that dhcp right away... but when its on the Vlan Camera it cant see it
so i figured when i made 3 ethernets into Home assistant 1 for Lan 1 for Cameras 1 for Iot devices.. that Home assistant would automaticlly detect everything ... or least pfsense would dns it all.. since its doing it for LAN but its avoiding cameras
cuz if i use Shelly Devices Tplink ESP32 (Esphome ) devices on the LAN HA finds it automaticlly no problem... i put them on the IoT Devices Vlan it cant be found..
so i no expert and its almost like you need 4 pfsense
1 for Lan
1 for Vlan Camera
1 for Vlan IoT Devices
and 1 be the parent that all 3 connect to for internet and all dns resolving work but problably that doesnt work...but ill try the register static ips and ill manaulyl add them at the bottom then maybe HA will pop up with all the devices like it does on LAN
-
@comet424 I have no idea what you asking.. Are you resolving via discovery??
I can resolve any host on my network that is in my dns from any network, or even my vpn.. From any client that is pointing to pfsense for dns..
$ dig ntp.local.lan ; <<>> DiG 9.16.36 <<>> ntp.local.lan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16777 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ntp.local.lan. IN A ;; ANSWER SECTION: ntp.local.lan. 3600 IN A 192.168.3.32 ;; Query time: 0 msec ;; SERVER: 192.168.9.253#53(192.168.9.253) ;; WHEN: Mon Feb 13 15:55:19 Central Standard Time 2023 ;; MSG SIZE rcvd: 58So for example my client here on 192.168.9 network - and clearly I can resolve something in a different vlan..
3 ethernets into Home assistant 1 for Lan 1 for Cameras 1 for Iot devices.. that Home assistant would automaticlly detect everything
No not if they using some discovery protocol to find stuff.. Which doesn't work across networks.. Unless for say are doing mdns, and setup avahi to broadcast that across your networks.
mdns - is for local networks, it sends a query to a multicast address, that all devices on the network see, and will send back their names, etc. this does not work across networks because multicast is limited to the layer 2 network. Unless you setup something like avahi..
-
@comet424 Yeah, you're barking up the wrong tree here.
Hostname has no effect on the cameras being found.
What are you trying to find them with? Just HA?
Well, did you add them in with LAN ip's, and now when you put the camera back on the LAN it gets that same IP again maybe?
Check in HA, there has to be some kind of camera configuration in there. Even if it just keeps the IP's of the cameras, this would be enough to block them with a new IP on it.https://www.home-assistant.io/integrations/generic/
https://www.home-assistant.io/integrations/mjpeg/
