XboxOne SmartGlass functionality on bridged interfaces

  • Hi guys, first time posting in the forums, as I have finally come across something I haven't been able to figure out on my own  :P

    With my XboxOne, I make use of the SmartGlass app for streaming and remote control of the console, and am having an issue issuing the shutdown command to the console.

    I originally had 3 interfaces on my pf box, WAN, LAN and Wireless.
    The console was behind the LAN interface, and other LAN devices could automatically discover the device, and stream/shutdown no problem.
    Wireless devices could not discover the device, as they were on a different subnet and the discovery was done (I believe) using broadcast traffic.
    I decided the best option was to try and bridge my LAN and Wireless interfaces to allow a single subnet, and then have all devices able to discover the console.

    I now have my LAN and Wireless interfaces bridged, and came across the DHCP traffic being blocked problem.
    Workaround for this being to have a rule on each of the bridged interfaces, allowing DHCP traffic (I don't understand why I need seperate rules on the interfaces if I have bridged them, as I would like the firewall to just apply to the bridged interface itself).
    To start with, I have just done a blanket rule saying anything to anything is allowed.

    I can now pickup DHCP addresses from all interfaces, and can discover my console on the network.
    Odd issue now, is that when I issue a shutdown command to the console from any device behind any interface, it fails to shutdown.

    Looking in my firewall logs, I can't see anything obvious that is being blocked, other than IPv6 traffic.
    Might anyone know how the shutdown command is being issued, and what I would need to do on the firewall to allow that command to pass through to the LAN interface?

    Many thanks

    EDIT Looks like it is just a direct UDP packet sent to the IP of the console. I'm not too great with Wireshark, but think source port is 62114 and target port is 5050. The console responds and in the data I can see the name of my console and some reference to "XBL Smart Glass Issuing". I still can't see anything logged as blocked on the pfSense firewall, so no idea what's happening!

    EDIT 2 Seems that the power on command works fine, and it uses the same ports by the looks of things.

  • I don't know if you still need help, but, First, I wanted to say that I was going to bridge the connections on my system, I found several posts saying basically "Shame on you, bridges are bad" and after researching, yes, bridges are bad. They are forcing software to act like a switch, which will never work as well as a switch. What most people DON'T tell you, ( I think they expect you to work out) is that the only thing stopping your other networks (subnets) from communicating is the firewall rules (or lack thereof) for that interface, I duplicated the default "Lan to any" rule on my second network, because I wanted that network to be able to communicate, and it worked fine, it does mean doing every firewall rule twice, but it works! So consider doing this.

    If you want to be a bridge troll (kidding) them I do have one question. PFsense filters traffic in the interfaces that are bridge members by default, NOT in the bridge itself, you can change this behavior, if you edit some lines in system tunables. Here is the quote from pfsense docs

    By default, traffic is filtered on the member interfaces and not on the bridge interface itself. This behavior may be changed by toggling the values of and under System > Advanced on the System Tunables tab

    Has this been done?