Ring Doorbell Pro, VLANs, and DNS



  • Hi, I am a new pfsense user and decided to create two VLANs, one for Guest Wireless and one for IoT devices. I put my Ring Doorbell Pro on my IoT VLAN and it is working correctly, however, I see it is constantly trying to use my LAN DNS server, instead of the VLAN interface. For example:

    LAN 192.168.1.0/24
    LAN DNS 192.168.1.1

    VLAN3 192.168.3.0/24
    VLAN3 DNS 192.168.3.1

    I see that pfsense is blocking UDP requests from the ring doorbell pro to 192.168.1.1:53 and I don't understand why it isn't using 192.168.3.1 for DNS like all of the other IoT devices are.

    My VLAN3 firewall rules are shown below:

    8a31021c-a528-4838-9193-dfe3ec871cc9-image.png

    and a screen shot where pfsense is correctly blocking the VLAN3 to LAN connection attempt:

    18fbdb91-b6ee-4039-b26f-54843950bd5b-image.png

    Does anyone know how I can figure this out?

    Thanks



  • @jefftee

    What's your DHCP server configured for? You need it to be configured for each interface according to the desired address range.



  • @jefftee said in Ring Doorbell Pro, VLANs, and DNS:

    I see it is constantly trying to use my LAN DNS server, instead of the VLAN interface

    The DNS server to use is set on the device itself, either via DHCP or manually.
    So you have either to correct / update the network settings on the device or configure the DHCP server correctly.

    @jefftee said in Ring Doorbell Pro, VLANs, and DNS:

    My VLAN3 firewall rules are shown below

    Your "Allow VLAN3 to VLAN3" rule allows any access to pfSense! This is strictly not recommended on an interface which untrustworthy devices are connected to. There is no need for a rule to allow traffic between other VLAN3 devices, such traffic won't pass pfSense. So allow only, what you need, like DNS.

    The "Allow LAN to VLAN3" rule makes no sense on the VLAN3 interface at all. Rules on pfSense have to be defined on the incoming interface. So if you want permit access from LAN devices to VLAN3 devices, you have to put this rule on the LAN interface. To do so, just edit the rule and change the interface.



  • @JKnott Hi, thanks for the response... I've tried specifying only public DNS servers (Google 8.8.8.8 and 8.8.4.4) or only 192.168.3.1 in the DHCP configuration for DHCP/VLAN3, but it seems that the ring doorbell IP, and only the ring doorbell IP, continues to try to use 192.168.1.1, which is my pfsense LAN interface/DNS server.



  • @viragomann Hi, thank you for your reply and recommendations. I'll remove the VLAN3 to VLAN3 rule entirely, as well as the LAN to VLAN3... My LAN rules already allow any to any for LAN, so presumably that will allow connections from LAN to any other VLAN, correct?



  • Did you already restart the doorbell?

    @jefftee said in Ring Doorbell Pro, VLANs, and DNS:

    My LAN rules already allow any to any for LAN, so presumably that will allow connections from LAN to any other VLAN, correct?

    Yes, any is really any. So that rule allows access to any address, inside your network or outside.



  • @viragomann Great, thanks for the recommendations! I have restarted my ring doorbell as I made changes, but I'll try again once I have made my firewall rule changes.



  • @viragomann I made the recommended changes to my VLAN3 firewall rules and once completed, I re-ran setup for my Ring Doorbell Pro... Seems to be working correctly now!!! I suspect in my many iterations of changes, I had not re-run setup on my Ring Doorbell Pro and it may have worked straight away had I just restarted it...

    Thank you so much for your help!


Log in to reply