Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lifx needs port 4433 and 56700 enabled

    Scheduled Pinned Locked Moved Firewalling
    17 Posts 2 Posters 1.3k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Offline
      johnpoz LAYER 8 Global Moderator @eiger3970 0
      last edited by johnpoz

      @eiger3970-0 huh? Where did you read that lifx needs port 4443? 56700 is its standard port.. They send traffic to port 56700 via broadcast, its not going anywhere but the local network the devices are attached too.

      There is nothing you would need to do for this port in pfsense.. Are you trying to make something discover something across vlans?

      https://lan.developer.lifx.com/docs/communicating-with-device

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

      E 1 Reply Last reply Reply Quote 1
      • E Offline
        eiger3970 0 @johnpoz
        last edited by

        @johnpoz The Lifx support suggested this as the bulb won't complete a network setup.

        I also tried whitelisting v2.broker.lifx.co
        I followed the guide, but I usually don't get these things right.alt text

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator @eiger3970 0
          last edited by johnpoz

          @eiger3970-0 what would be the point of that rule.. There is no way that site would be making an inbound unsolicited connection.

          What guide did you follow?

          Your bulb/ap might be wanting to make a connection to that fqdn?

          v2.broker.lifx.co. 3600 IN CNAME lb.lifx.co.
          lb.lifx.co. 3600 IN A 104.198.46.246

          Do you block outbound connections? Do you do dns filtering where that fqdn might not resolve?

          I don't use lifx, but have used countless other smart blubs, etc.. and none of them require any inbound traffic to be forwarded.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 1
          • E Offline
            eiger3970 0
            last edited by eiger3970 0

            I followed this guide

            I'm confused, I just tried Lifx support's suggestions.

            pfSense is default setup, whilst running on a VM.

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator @eiger3970 0
              last edited by

              @eiger3970-0 what does that have to do with lifx? And where did it say to put it on your wan? A alias can be used in many different ways in firewall rules.. But what guide did you read for lifx that said you should "whitelist" or do anything with that v2.broker.lifx.co fqdn?

              What exactly is not working, are you trying to add a bulb to your app? Out of the box pfsense allows all traffic outbound, and does not filtering of dns.. If you can not resolve that fqdn or get to and you ened to then you turned on some sort of blocking? IPS, pfblocker? firewall rules?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

              E 1 Reply Last reply Reply Quote 1
              • E Offline
                eiger3970 0 @johnpoz
                last edited by

                @johnpoz Sorry, I misunderstood your question.

                The whitelist and the port enable is a suggestion from Lifx support.
                The Lifx guide doesn't say to do this, but the Lifx guide setup fails, so this is a step I'm at with Lifx support.

                The pfSense guide didn't say LAN or WAN, so I just followed the default pfSense led me to.

                Long story of almost a decade of Lifx not setting up.
                I've been having a 2nd attempt at it for weeks and months now.
                The Lifx bulb doesn't complete its setup, so Lifx troubleshooting has targeted the Wi-Fi AP and now the router.
                I tried the Lifx bulb at another person's house and same failure of completing 100% connection.

                Yes, I'm trying to add a bulb to the Lifx app.
                After that, the plan was to add multiple bulbs to Home Assistant, as using multiple apps to control multiple bulbs is silly.

                I haven't turned on any firewalls, just a default install of pfSense to a VM.

                The suggestion came from Lifx diagnosis.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator @eiger3970 0
                  last edited by johnpoz

                  @eiger3970-0 said in Lifx needs port 4433 and 56700 enabled:

                  The suggestion came from Lifx diagnosis.

                  diagnosis of what - they seem like idiots if they can not tell you exactly what is failing.. Do you have a lifx hub? Pretty much all of their devices require a hub of their making.. You said you tried it at someone elses house and it fails - do they also have pfsense?

                  Maybe the bulb is just bad, I have had smart bulbs fail..

                  What specific bulb do you have? I have many smart bulbs, different brands - While I use their app to add the bulb to the network - once its added alexa controls them.

                  If it just a wifi bulb, I believe lifx has started making those that don't require a hub to onboard via an app. I have never thought lifx was a good fit because of their hub requirement in the past.. But if they are moving away from that I might take a look into them - but their pricing has never been very good compared to other choices.

                  but unless you have put in some soft of filtering, its not a pfsense problem - maybe you have AP isolation setup on your AP that prevents wireless devices from talking to each other - like your app on your phone trying to talk to the bulb. Most of them also support a direct method where you connect to a wifi network the bulb creates after doing a specific set of power on/off things.. You would have to read the manual on how to do what with lifx, if they support it?

                  Most every bulb I have seen requires a 2.4ghz network, and your app needs to be on the same wifi network when you add the device. And your wifi can not be doing isolation.. But if you have some default setup of pfsense - its not going to be doing any filtering, so no need to "whitelist" anyway.. And if some support said to whitelist they would of meant outbound from your network.. But pfsense out of the box does not filtering - so everything is "whitelisted"

                  Onboarding of these smart bulbs is just a way to get the bulb to know the ssid and psk to connect to the wifi network.. Once they are on the wifi network then sure multiple different systems like alexa or google or smart assistant or apple home can control them.

                  If you let us know what specific bulb, model number etc.. I might even be interested in ordering one to play with if does not require a hub.. Like I said I have played with many different brands..

                  edit: when they mentioned whitelisting - did they maybe say port 443 and not 4433 ? Some idiot reading off a script - why would you have 443 blocked? The internet wouldn't work if you had that blocked that is for damn sure ;) And the bulb sure and the hell is not going to be doing udp broadcast on 56700 out to the internet..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  E 1 Reply Last reply Reply Quote 1
                  • E Offline
                    eiger3970 0 @johnpoz
                    last edited by eiger3970 0

                    @johnpoz Lifx asked me to run a diagnosis of the bulb and phone app.
                    The other person's house has no LAN. I used the other person's phone to connect phone Wi-Fi to the bulb.
                    The other person has no router, just a phone hotspot to the computer for Internet.

                    The bulb may be bad, but Lifx continues with support suggestions.

                    The Lifx bulb is:
                    Model:
                    MAC address:
                    D0:73:D5:00:2E:8B (Serial number on side of bulb).
                    Name:
                    BUL-11-A21E27-W

                    I have other bulbs too, but they are Bluetooth only and each needs their own app or remote control. It's such a mess and hassle. I would like to have control in once place. My understanding is I can control them in one place, via Home Assistant? Haven't figured out how yet, but Home Assistant is installed as a VM and traffic is working via the VM pfSense router.
                    I am so put off by Proprietary products and their exclusions of other brands, that I will work with FOSS.

                    I think the Lifx bulb is Wi-Fi or Bluetooth. I just bought it as a start up supporter decades ago, but it has never worked. I would only buy 'smart' bulbs that could work with Home Assistant in the future, although I haven't figured out how to connect multiple bulbs to Home Assistant yet.

                    pfSense has no filtering.
                    The Wi-Fi AP UAP-AC-HD is all default, so unsure about its potential filtering?
                    Lifx did some troubleshooting with the Wi-Fi AP, but I can't control the AP to set channels to 1 and 11. 2.4 GHz is being used though. I'm awaiting UniFi support to make the channel control thingy work...it's been weeks of no solution on that front.

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator @eiger3970 0
                      last edited by johnpoz

                      @eiger3970-0 said in Lifx needs port 4433 and 56700 enabled:

                      BUL-11-A21E27-W

                      This is what you have?

                      https://www.amazon.sa/-/en/Lifx-WiFi-Bulb-White-BUL11A21E27W/dp/B089NZFSHM

                      That is a really old model - looks like came out in 2014..

                      Get a new bulb.. Not exactly sure where your at in the world.. but I have had zero issues with <10$ cheap bulbs off amazon.. Here was last batch I ordered

                      blubs.jpg

                      After tax less than $7.5 each.. Not sure why you would spend any time at all troubleshooting a bulb that a 10 year old model?

                      I had some bulbs over my dining room table where the switch was a old dimmer, and it took me a few bulbs to figure out the dimmer switch even though wasn't using it as a dimmer was eating through bulbs... Once I changed out the dimmer switch for just normal toggle switch zero issues with any the bulbs in that fixture.. So I have gone through some bulbs - and trying different brands before it dawned on me it was the dimmer switch eating the bulbs ;) There are 5 bulbs in that light fixture ;)

                      I have some switches in walls that run off a hub from and special switches - they are nice because if the internet goes out - you can still control the bulbs the old fashion way. But what I like about the wifi ones is you can change colors and dim them.. And with the price being so cheap these days for bulbs - doesn't make sense to redo my switches on the wall - their not cheap.. And loos some functionality ;) I can control them via alexa - but can not change their colors or bright white vs soft white, etc. And the switches for the wall are not cheap.. I used the switches for where I have like recessed led fixtures in the ceiling etc..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                      E 1 Reply Last reply Reply Quote 1
                      • E Offline
                        eiger3970 0 @johnpoz
                        last edited by

                        @johnpoz Thanks, that looks good.
                        I do like the smart bulbs that have >1 feature, like colour or speaker or camera or who knows what.

                        I don't think I'll buy any more 'smart' bulbs until I can make either this Lifx bulb or the speaker bulb work via Home Assistant.

                        Maybe I need to take this planned set up to Home Assistant now.

                        Thank you for ruling out pfSense, so I can go back to Lifx support and move on with the Home Assistant attempt.

                        Then, maybe a smart home with your linked nice colour bulbs.
                        I've lost so much money I need to stop the bleed and get 1 product to work, then move forward.

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ Offline
                          johnpoz LAYER 8 Global Moderator @eiger3970 0
                          last edited by

                          @eiger3970-0 dude if that bulb is 10 year old model - just get another one and play with that to get it working with your assistant, etc.

                          Now if you had say one of their new models - I might of ordered one to play with.. Say something like this.

                          https://www.lifx.com/products/supercolor-1600lm-a21

                          If that that model is 10 years old - can almost promise it would require a lifx hub to work with anyway. I don't believe their old stuff had support for just wifi with stuff like home assistant..

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                          E 1 Reply Last reply Reply Quote 1
                          • E Offline
                            eiger3970 0 @johnpoz
                            last edited by

                            @johnpoz Yes, I saw the Lifx new bulb's in the shop and Lifx support knows the bulb and its age.
                            It did a firmware update so it has the latest, so I assumed that would make the world right again.

                            I'm not trying to setup this old bulb via Home Assistant. I'm just setting it up meat (not red) and potatoes, just like the guide says to a phone or Wi-Fi AP.

                            Alas, it seems to fail and have never worked.
                            Rather than lose more money, I'll focus on the speaker bulb to see if that works on Home Assistant.
                            Then your link looks like a good buy.

                            johnpozJ 1 Reply Last reply Reply Quote 0
                            • johnpozJ Offline
                              johnpoz LAYER 8 Global Moderator @eiger3970 0
                              last edited by johnpoz

                              @eiger3970-0 ok so your aware that bulb according to FCC filings is from like 2013

                              https://fccid.io/2AA53-LIFX01

                              Speaker bulb - how old is that one? As to date of the firmware when is that 2016?

                              Personally I couldn't waste 30 seconds of my time trying to get some 10 year old wifi bulb working with "support" - my time is worth too much to me than to sit on hold for some level 1 guy to tell me to whitelist xyz he read of some script..

                              But hey you do you - good luck.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                              E 1 Reply Last reply Reply Quote 0
                              • E Offline
                                eiger3970 0 @johnpoz
                                last edited by

                                @johnpoz unsure how old the speaker bulb is or how to find its details. It does Bluetooth connect to the phone to play music though.

                                I would have though technology is smart enough to still work, but perhaps not.

                                Anyway, thanks for ruling out pfSense.

                                johnpozJ 1 Reply Last reply Reply Quote 0
                                • johnpozJ Offline
                                  johnpoz LAYER 8 Global Moderator @eiger3970 0
                                  last edited by johnpoz

                                  @eiger3970-0 the problem is tech changes very quickly - something that was slick and cool and state of the art 10 years ago, doesn't always keep up.

                                  Now that I think about it a bit more, it might be the hue brand that needs hub.. But you say you have been trying to make this work for 10 years?

                                  Didn't lifx get bought out a couple years back by some other company?

                                  "Long story of almost a decade of Lifx not setting up."

                                  Did you have pfsense 10 years ago? Get another bulb to play with - setting up a bulb on your wifi should take all of like 1 minute.. Why would you continue to mess with something that you haven't been able to get work.. Try a different brand.. If you also have issues with something current it should at least help point out your problem.

                                  I just looked I currently have 16 wifi bulbs, none which took more than a couple of clicks to get connected. During xmas time with tree and lights inside and out I have like 6 different smart little plug things, again few different brands and models.. All of which are click and they are on the network for setup.. After they are connected I never have to use their app again because once they are on the network alexa controls them.

                                  Bluetooth working on the speaker is going to be different than the wifi part of the bulb..

                                  I have unifi APs - unless you have isolation turned on - I don't see how they would not work with them. I find it hard to believe its a channel related issue. Look in your unifi controller - do you have isolation enabled?

                                  isolation.jpg

                                  Are you trying to hide your ssid or something? Are you using a captive portal in unifi? Are you doing anything with mac address filtering?

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                  E 1 Reply Last reply Reply Quote 0
                                  • E Offline
                                    eiger3970 0 @johnpoz
                                    last edited by

                                    @johnpoz yes, I thought the Lifx update may have resolved the hardware's age.

                                    Yes, about 10 years I attempted and it failed.
                                    I assumed it was me messing up the network.
                                    Tried different computer OSes and network setups and routers.
                                    Now I'm settled and on top of a great OS, network and router, so I am confident to rely on my system and its controls.
                                    Hence this final attempt after 10 years to prove the hardware may be at fault.

                                    Used to have a standard TPlink or Telstra router, then moved to bridged routers, then built a DD-WRT hardware router, then a pfSense hardware router and finally settled on this pfSense VM router which is the best.

                                    Yes, I tried some different brands, such as the speaker bulb which connects easily to the phone.
                                    Although I have not tried connecting to the network, as it had phone and a remote control for controls.
                                    Now that I've learned about Home Assistant to handle multiple bulbs instead of multiple apps, I may have lost the speaker bulb control details.

                                    I'm hesitant to spend more lost money on bad items, hence the troubleshooting before taking the loss and trying my luck (bad) at a compatible smart bulb for Home Assistant.

                                    Yes, I don't even know if the speaker bulb has Wi-Fi, but Bluetooth might be able to connect to Home Assistant. I currently use a Zigbee coordinator to receive devices, so I might need a Bluetooth coordinator too.

                                    I checked the UniFi application/controller/server or whatever they call that thingy and Client Device Isolation is unticked.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.