IoT device will work on one subnet but not another...............



  • Hi,

    I have a TV box (Humax BT) which resolutely will not re-connect to my subnet of choice (30.30.30.)

    I run a virtual pfsense box with dedicated NICs for the following subnets...

    WAN ................. Router in Modem mode
    10.10.10.x ....... Main LAN ... Servers/pc's
    20.20.20.x ....... Wifi AP
    30.30.30.x ........ IoT ................ AV receiver/DVD/TV/Hive etc

    Everything else on the IoT works fine, as did the Humax box once.... I can't recall at what point this has happened.

    If I plug the Humax box into my 10.10.10 subnet, it works fine..... Done factory resets etc....

    The routing for IoT goes;

    pfsense>>>> Netgear 752 switch >>>>>> IoT devices.

    All of the IoT devices, including the subject Humax box, show up on the 752 management page.

    However, the humax box alone does NOT show up on either the pfsense ARP table or DHCP leases, whereas the rest do.....

    I'm baffled.....!

    I do run pf-NG blocker and have tried disabling it with no change.

    I'm sure it's something really stupid/obvious but any pointers gratefully received.

    TIA

    Paul


  • LAYER 8 Global Moderator

    @pm1961 said in IoT device will work on one subnet but not another...............:

    20.20.20.x ....... Wifi AP
    30.30.30.x ........ IoT ................ AV receiver/DVD/TV/Hive etc

    Are you trying to hide what your actually using? You can not just pull IP address space out of thin air and use it..

    Use valid rfc1918 address space..

    10/8, 192.168/16, 172.16/12

    10.10.10/24
    10.10.20/24
    10.10.30/24

    Would be valid networks you could use, etc.

    There is more than enough space there for you to do whatever it is you want.. No reason to try and use public space on your local network that clearly is not yours..

    NetRange:       20.0.0.0 - 20.31.255.255
    CIDR:           20.0.0.0/11
    Organization:   Microsoft Corporation (MSFT)
    
    NetRange:       30.0.0.0 - 30.255.255.255
    CIDR:           30.0.0.0/8
    Organization:   DoD Network Information Center (DNIC)
    


  • Thanks for the quick reply John,

    I'm a bit of a novice here, so bear with me...

    Subnets are;

    10.10.10.1/24
    20.20.20.1/24
    30.30.30.1/24

    To paraphrase..... I thought what goes on in my LAN, stays in my LAN? i.e. it doesn't even know of anything outside of it?

    It has all worked perfectly fine in this format until recently, it's just this one device being a problem.

    Paul



  • @pm1961

    I'm only a novice myself, but my understanding of what you've got right there is that those are not 'three subnets' those are three 'unique networks' pointing to three individual single devices and whether they're internal only and have no reference to the internet (WAN) or not, they're never going to think they are related to one another in any way and indeed any device that anticipates being net-connected will be confused as heck since you're not using exclusively private addressing.

    Anywhere that a device or it's software refers to a DNS server for functionality, the public addresses that you've used are going to want to route outside your 'closed network' and thus will equate the IP's assigned to 'your' devices with public IP's as the previous poster pointed out.

    10.10.10.1 is not a subnet. It is an IP address for a device. 10.10.10.0 would be the subnet, with 10.10.10.1 as a device on the subnet. And then 10.10.10.2 would be another. And so on.

    The addresses you've given are just that - three totally separate IP addresses.

    One of them you're entitled to use. It's a private network address.

    Two of them belong to private organisations and your DNS servers will know that.

    As I understand it your three 'subnets' would be

    10.10.10.0
    10.10.11.0
    10.10.12.0

    Or I always use 192.168.X.X

    1.0
    2.0
    3.0

    would be your subnets.

    And the devices first assigned on each might be

    1.1
    2.1
    3.1

    But you're using three entire networks, two of which are public, and what subnet mask are you using? My guess is that it only accommodates the use of a private network with subnets, rather than multiple networks.

    I'm sure that's a terrible explanation, but it strikes me that this would be the obvious cause of problems....


  • LAYER 8 Global Moderator

    @pm1961 said in IoT device will work on one subnet but not another...............:

    I thought what goes on in my LAN, stays in my LAN?

    True - but OS and Applications can do stuff differently when they think they are on a public IP vs a rfc1918..

    While technically speaking sure if you want to use MS IP space internally have at it - other draw back is hope you don't actually want to go to any site using that public space.

    Do yourself a favor, and use the rfc1918 space as it was intended... The other benefit of that is anyone trying to help you isn't going to be rolling their eyes.. Which was exactly the first thing I did.. Along with facepalm... you got a twofur

    eyeroll-face.gif

    Also @SampleX is correct what you have given there is a host address.. If you want to call out a network the octet given would be the wire, not some host on that wire... So 10.10.10.0/24 would be the correct network address.. Anything else .1-.254 would be seen as host on that network..

    Also it makes it difficult for anyone trying to help you to know that those networks are actually just local and not some public space you have control over.. Since no sane person would just grab IP space out of thin air and use internally ;)


Log in to reply