Smart TV - Mobile connection
-
The phone and the tv are connected to AP Wifi, so what matter Lan and wifi are on different subnets?.
-
Any idea?
-
Make sure your AP doesn't have some kind of Isolation feature. Some access points have an isolation feature to keep wireless devices from communicating with each other. Check your AP settings for this.
-
I don't see any kind of Isolation feature in the AP (TL-WA901ND). I think should be something stupid, but I have no idea.
-
I can't find the problem. I'm sure the problem is with pfsense because:
-
I can ping from my mobile to the tv
-
I created a "Wifi zone" with my phone and connected the tv and other mobile to that network. Everyting works without problem.
The firewall rules allow pass everything in that subnet (AP_Wifi).
Ideas?
-
-
If the TV and cell are on the same subnet, traffic will never pass through pfSense.
-
I don't understand that.
My mobile IP: 192.168.4.2
My tv IP: 192.168.4.3All traffic between both devices must be configured at Firewall > rules > AP_Wifi (interface)
??
-
As Tim suggested, since both devices are on 192.168.4.0/24 they don't need to talk to pfSense to talk to each other.
The traffic should be handled through the switch (and/or WAP) that has all the devices connected.
There's a thought - how have you cabled/WiFi'd these things together?
Can you do up a simple network diagram w/Ip's so we can see how this is all layed out? -
Here a network diagram: http://postimg.org/image/i2kp9qsjj/
TV and mobile are connected to AP_WIFI (vlan 10).
The AP is a TP-LINK Model No. TL-WA901ND.
Interfaces:
- Lan
- AP: 192.168.3.1/24 (an acces point)
- AP Wifi: 192.168.4.1/24 (this a vlan)
- AP wifi guess: 192.168.5.1/24 (another vlan)
- DMZFirewall rules for AP: Empty
Firewall rules for AP_Wifi: Allow *Thanks so much.
-
I don't understand that.
My mobile IP: 192.168.4.2
My tv IP: 192.168.4.3All traffic between both devices must be configured at Firewall > rules > AP_Wifi (interface)
??
Firewall rules affect traffic going between interfaces/subnets. If the devices are on the same subnet/interface, the traffic will never pass through pfSense for those rules to affect it.
-
Interfaces:
- Lan
- AP: 192.168.3.1/24 (an acces point)
- AP Wifi: 192.168.4.1/24 (this a vlan)
- AP wifi guess: 192.168.5.1/24 (another vlan)
- DMZFrom this and your initial diagram, I'm guessing your pfSense box has 4 physical Nics WAN,LAN,AP, and DMZ is that correct?
One thing that was not clear in your diagram is whether or not you have any switches attached to the pfSense box directly.
Do you connect your LAN computer and your DMZ server directly to pfSense?
Similarly is your TP-Link WAP connected directly to the AP NIC?
You also don't show your TV, I'm guessing it's attached via WiFi to the TP-Link directly?If so, then the VLAN setup and the 192.168.4.0/24 & 192.168.5.0/24 DHCP must be handled by the TP-Link, pfSense is not involved at all.
Similarly routing issues between devices are handled by TP-Link not pfSense, it will never see that traffic. -
I thought the traffic always goes to pfsense. So, if I want to deny traffic between 192.168.4.10 and 192.168.4.11?.
Yes, my pfsense has 4 physical Nics: wan, lan, ap and dmz.
I'm not using switches, so:
NIC 1: Internet (Interface WAN)
NIC 2: Cable to my PC1 (Interface LAN)
NIC 3: Cable to my server (Interface DMZ)
NIC 4: Cable to tp-link (interface AP): I have multi-ssid, each one in a differente vlan (interface AP_WIFI and interface AP_WIFI_GUESS).So, I have 5 interfaces.
Mobile and tv are connected to AP_WIFI (tp-link).
The DHCP in TP-LINK is disabled and it is handled by pfsense.
So, the problem must be in PFSENSE > Services > DHCP Server > AP_WIFI or in TP-LINK. What could it be? Maybe the VLAN?
Thanks so much!!
-
I think in your pfsense box you need to create vlans.
For NIC 4 create two vlan - One with vlan id 10 (AP_WIFI) with ip 192.168.4.1
Second with vlan id ??? (AP_WIFI_GUESS) with ip 192.168.5.1Create firewall rules accordingly.
In DHCP server for AP_Wifi , set the Gateway as 192.168.4.1
and for AP_Wifi_Guess, set the Gateway as 192.168.5.1Let me know if you have any doubts.
Good Luck,
Ashima -
I thought the traffic always goes to pfsense. So, if I want to deny traffic between 192.168.4.10 and 192.168.4.11?.
Traffic goes through pfSense when it's between NICs. LAN<->WAN, LAN<->AP, AP<->WAN, etc.
Everything else is handled by switches attached to the NICs.In your case you only have a single device tied to each NIC except the AP which has a wireless switch, your TP-Link.
There's no need for the TP-Link to ask pfSense anything about 192.168.4.10 <-> 192.168.4.11, it knows the MAC addresses of the devices and their wireless links.
So traffic goes through TP-Link directly and pfSense has no chance to block/redirect/analyze at all.Can you post a screen shot of your NIC configurations?
Also your DHCP Leases would be useful.I'd like to know how a device gets a 192.168.5.x address if there's no DHCP running on the TP-Link.
-
Hi,
Interfaces: http://postimg.org/image/u5cc35941/
Interface AP_Wifi: http://postimg.org/image/wleivb7zh/
DHCP Server for AP_WIFI: http://postimg.org/image/o7u4msus3/
Mappings (dhcp server ap_wifi): http://postimg.org/image/wx0kltdt9/
*AP_LinAP is AP_WIFI and AP_LinInvitados is AP_GUEST in the previous diagram.Both devices are connected to AP_LinAP.
I remember that I have internet connection in tv and mobile and I can ping the tv from mobile. The problem is connecting the mobile to the tv using the app.
Also, if I setup a wireless zone with my mobile, and I connect the tv and another mobile to that wifi, everything works, so TV and app is working properly.If the traffic never goes to pfsense, the problem must be in TP-LINK. But, the configuration in TP-LINK is very simple…
Thanks
-
Can you post your "Status->DHCP Leases" page?
-
DHCP Leases: http://postimg.org/image/sewvkn9kt/
Right now the tv is off, for that it appears as offline.
-
That all looks Ok.
If your TV is actually using the address assigned by pfSense (can you check the config on the TV menu?) and your phone is doing the same (again, check it) then the TP-Link is the only thing between that traffic.
It might be worthwhile moving the TV or your phone to the 192.168.5.x subnet, then you could log the traffic from one to the other through pfSense.
Unfortunately, it's entirely possible that your TV or your phone won't like it if they're on different subnets.
Can't hurt to try though.Other than that, get a different WAP (even a single SSID one) to try and prove the TV can work with your phone in this setup.
-
My mobile IP: 192.168.4.2
My tv IP: 192.168.4.3And if now the client isolation is activated the both devices could not connect or play nice each with another one!
Please be sure that the "WiFi client isolation is off". -
Hi,
well, I reset my TP-LINK. Now, without vlans and without security (open wifi).
pfsense -> TP-link: Interface AP (192.168.3.0/24).
I tried 2 ways: DHCP in pfsense and disabled in tp-link, and dhcp enabled in tplink and disabled in pfsense. I have internet connection and so on, but the app doesn't work.
AP isolation is disabled.
I don't understand what the hell is happening here…
-
I tried 2 ways: DHCP in pfsense and disabled in tp-link, and dhcp enabled in tplink and disabled in pfsense. I have internet connection and so on, but the app doesn't work.
If you setup DHCP on the TP-Link (and disabled on pfSense) then a full power cycle of all TP-Link attached devices should force them onto one subnet managed by the TP-Link.
In that case either the TP-Link is stopping traffic, or the "TV-app" has to communicate through the internet rather than directly to the TV, in which case you should see something from the phones app going out WAN (and an attempt back in through WAN that's probably blocked).What's the make and model of the TV?
I still think it's worthwhile trying to find another cheap/simple WAP and remove the TP-Link variable from the equation.
-
Well, I did a lot of test and I can't find the problem.
Definitely, it is not a problem of pfsense. As divsys said, I'm going to use another AP to see what happens.
I did these tests:
- No vlans
- No security in TPLINK
- DHCP in tplink or DHCP in pfsense
- Review of logs…
TPLINK allows these operation modes: (1)Access Point (2)Multi-SSID (3)Client (4)WDS Repeater (5)Universal Repeater (6)Bridge with AP
I tried with 1 and 2. Should I try with another one?
Thank you all for you help, I learnt a lot.
Regards.