Sharing device between two LANS
I would like to be able to have my music available from my server on both my main network and my VLAN. I have everything running through a smart switch to my pfSense. The VLAN is working perfectly to keep my IoT separate from my main network. So how would I set it up to be able to get to the music on my server from both my main network and VLAN?
pfSense will route between those subnets by default. You should only need to add firewall rules on the VLAN interface to allow traffic from devices there to the server on the main LAN.
Of course if you have devices on the VLAN that do not allow you to enter the server IP address things get more complex. Other than complaining to the developers of those devices that it's ludicrous you can't enter an IP you might be able to allow them to 'discover' the server using either the IGMP proxy or the Avahi package. Your mileage may vary.
I'm an extreme newbie when it comes to pfSense. Could you please provide me with some additional guidance on how to set up this rule to allow me to "see" the server on devices on my VLAN side.
For example, I have my Apple TV connected to my VLAN (let's say 18.104.22.168). My LAN (let's say 22.214.171.124) has my server connected to it. So how do i set up a rule that would allow my server with my music, etc. (with an ip of say 126.96.36.199) to be "seen" by my Apple TV?
Thanks for the assistance. I know I'll get there.
For Apple gear you will almost certainly need to install the Avahi package:
You will need at a minimum a firewall rule on the VLAN interface allowing access from the AppleTV source address to the server destination address. You will probably also need to allow access to the Avahi daemon on pfSense.
I would check the firewall log to see what traffic from the AppleTV is being blocked.
There are threads here on the forum detailing configuring Avahi in this way.
Great. I'll give that a shot. What about other devices (like my Sony Android TV, FireTV Box, etc...
It depends how they 'discover'. But most use either mDNS which Avahi should cover or they using the SSDP component of UPnP which can be made to work using IGMP proxy. But it is by no means guaranteed. It's worth pointing out that the UPnP component in pfSense is only for Internet Gateway Device protocol and does not help at all with this. So don't enable it.
Unfortunately all these manufacturers cater only for a single flat layer 2. If you attempt to add some security to your network by separating devices into different subnets you're outside their target audience and on your own. They could easily allow this by just giving you a box to enter the server IP but..... IMO.