No Connectivity With Shield TV, Roku, or Fire TV
-
I have an odd issue with both pfSense and opnSense (tried both in the same type of deployment) where my TV boxes obtain IPs but cannot connect to the internet. I have an Nvidia Shield TV, a Roku Ultra, and Fire TV. They all exhibit the same issue. I created a topology to give a visual aid, but my setup is as follows; my cable modem goes to the pfSense VM on the server (two network ports are passed through to the VM) and then out of the server to my Netgear switch. All of my wired devices land on that switch, including my Shield TV. The Fire TV and Roku are connected to my TP-Link router which has it's DHCP handler disabled and is acting only as a wireless access point. pfSense is acting as the DHCP server and assigning IPs to dynamic devices. The TP-link is connected to the switch as well using one of it's normal ethernet ports, not the modem connection. All the devices on my network work just fine (my Mageia server, my wired Windows PC, a wireless Windows laptop, two Android phones on the wifi), minus the TV boxes. I have tried both static and DHCP configurations on the Shield TV. I set firewall exceptions for it and when that didn't work I just entirely disabled the firewall. I also tried an exception for the ethernet MAC address of the Shield which had no effect. I read that it could involve an issue with Android TV and IPv6, so I attempted to disable any settings relating to IPv6 but have had no luck there either. I disabled IPv6 in the settings on the Shield as well. Once I normalize my network and put my modem straight to the router and restore it's settings, cutting out pfSense, the TV boxes connect to the internet and work immediately. It definitely seems to be a setting or incompatibility with pfSense, so I was hoping someone had some idea as to exactly what may be causing this. Thanks in advance.
-
@jblkstne said in No Connectivity With Shield TV, Roku, or Fire TV:
The Fire TV and Roku are connected to my TP-Lin
My TV does Roku, among others and works OK with pfsense. Is that TP-Link router actually configured as an AP? Or router?
-
@JKnott It's configured as an access point, no DHCP server running on it and everything is plugged into the switch. To be sure I also ran everything with the TP-Link turned off and unplugged and the same issue persisted.
-
I asked about the router function, DHCP is irrelevant. Do you connect to it through the WAN port, so that the clients are on a different subnet? If so, it's in router mode and that could be causing your problems.
-
@JKnott The TP-Link router is connected to the switch by a regular ethernet port, not by the WAN port. The devices connected to it wirelessly obtain their IPs from pfSense and are on the same subnet. The Shield TV, which is wired directly to the switch, still has issues even when the TP-Link is disconnected and turned off.
-
Make sure you are allowing ICMP through... Roku requires ICMP to work.
Best regards,
-dt -
@jblkstne : you have the perfect LAN firewall rule :
( the default rule when installing pfSense works just fine also ).
You did not change any DNS Resolver settings ?
( the default DNS settings when installing pfSense works just fine - aka : don't touch it and you'll be happy ).
@jblkstne said in No Connectivity With Shield TV, Roku, or Fire TV:
I have an odd issue with both pfSense and opnSense (tried both in the same type of deployment) ...
You forgot something : you really think you are the only one use a "Fire" or "Rocku" device in your "pfSense" network ?
Also : you, @JKnott and I use the same code .... only our settings are different.@jblkstne said in No Connectivity With Shield TV, Roku, or Fire TV:
where my TV boxes obtain IPs but cannot connect to the internet
They obtain an IP (important) and a gateway (== pfSense == important) and a DNS (== pfSense == important).
Right ?Did you install any packages has can change IP traffic ?
Btw : I do not own or use "Shield TV, Roku, or Fire TV:" devices, so I'm just posting the generic things to check.
Consider this : if X doesn't work, you would find a lot of posts on this forum asking why X doesn't work.
Also : pfSense is just a router/firewall as any other router on this planet. It just has far more options and gadgets (and most of them are just perfect to nicely f*ck up everything ;) ), so again : by default, pfSense should work. -
Thanks everyone for the replies! Definitely plenty of options to f-up like you said, but that's the thing that confuses me. This is a new deployment, I haven't been able to leave it up because of this issue. Everything is set to the default settings, any changes made are attempted fixes. When the changes don't fix anything, I load a backup xml to restore the default settings and try something else so I don't have all these changed settings left behind as I troubleshoot. No packages are installed either. I searched around and the only thing I could find was the potential issue involving IPv6, but like I mentioned disabling any settings involving IPv6 on in pfSense as well as unchecking IPv6 on the Shield didn't help. As far as IP, DNS, and gateway I've tried the dynamically obtained settings and configured them as static as well. I tried Google DNS when setting the static settings as well as pointing to the pfSense LAN for DNS. No luck in any of that. Very odd that these devices can't connect, all three are tv boxes but running different software, two wireless and one wired directly to my switch. Especially in light of all other devices both wired and wireless, Windows and Android working. I know I'm not the only one to use these devices, that's my hope in posting this, lol. I just didn't have much luck searching around, and have had even less luck fixing the problem. I'll look into the suggestion of checking ICMP when I next try again. Any suggestions as far as how to make sure ICMP is allowed, or suggestions for other things to check?
-
@jblkstne said in No Connectivity With Shield TV, Roku, or Fire TV:
Any suggestions as far as how to make sure ICMP is allowed
See my example firewall rule above.
Or the default LAN firewall , present on the LAN interface (only) after installing pfSense. This will allow any protocol, to any address, using any port. -
@Gertjan Thanks for the reply. Wouldn't that be the equivalent of when I disabled the entire firewall and tried it?
-
What rules do you have exactly on pfsense? Your not trying to do any static arp stuff? Or policy routing out some vpn? You running blocking software like IPS or pfblocker that could be messing with IPs these devices are trying to talk to?
Your saying your other clients all work?
I have multiple roku devices, all work just fine. There is nothing special to do.. 2 wireless sticks, and my roku tv is wired..
Pfsense doesn't care what your device is. tcp/ip is tcp/ip..
Can you ping your roku devices IP? I can ping both a wired and wireless device.
Pinging roku-kitchen.local.lan [192.168.7.99] with 32 bytes of data: Reply from 192.168.7.99: bytes=32 time=3ms TTL=63 Reply from 192.168.7.99: bytes=32 time=1ms TTL=63 Pinging tcl-tv.local.lan [192.168.7.3] with 32 bytes of data: Reply from 192.168.7.3: bytes=32 time=1ms TTL=63 Reply from 192.168.7.3: bytes=32 time=2ms TTL=63So I know the rokus should answer ping.
edit: Btw completely disable firewall not going to be same as any any rule, because that would turn off nat feature. So without nat your rfc1918 IP devices not going to be able to talk to the internet.
-
@Gertjan @johnpoz Everything was default, fresh install. No VPN, no blocking software. I was able to successfully ping from my desktop PC to the Shield with no issue. I will try the rule when I can and see if there is any change, since when I disabled the firewall temporarily it disabled NAT. Thanks for pointing that out. (Will have to wait for an opportunity to try again, probably Friday. My girlfriend works from home so she wouldn't be too happy if I started messing with the network, lol)
-
if everything was default then the default rule would of been there with any any.. And if you were not using any blocking software like ips or pfblocker then pfsense doesn't know if your client is your pc or a phone or roku..
-
Hey, @jblkstne . Did you find a resolution to this yet? I have a similar issue to you. Kodi on my Shield (connected via wire to a TP Link router in AP mode, which is then connected via wire to pfsense in the basement) in our living room cannot access my server/Windows shares. The PC running Kodi in my bedroom, connected via wifi to the AP, is able to. My laptops connected via wifi can access the shares.
I'm taking a break from this at the moment and removed pfsense and put back my Asus router for now, which is working fine.
Thanks!
-
Hi @thearm!
I unfortunately never did find a solution. I actually broke it all down and moved, I have a whole new setup I just put up in the last week in a new house with a whole network rack. I'm running a TP Link Omada controller and two Wifi 6 access points, one for each floor in the new house fed by a T-Mobile 5G gateway and two 4x4 antennas I just mounted on the side of the house (two Waveform MIMO kits, there is only one cable ISP in my area and they are horribly unreliable and ridiculously expensive, so I'm on 5G for the new house). I'm about to rack mount my server in the rack I set up, but I'm debating just getting a $60 Omada firewall instead of running PF Sense on my server like I was in the old house since it will seamlessly integrate with my Omada controller. If I end up trying PF Sense again with the new setup though I'll follow up and let you know how it goes although I'm not sure I'll feel like fighting that really strange issue when there's a pretty inexpensive solution that will seamlessly integrate with my with my new gear.
-
If both those things are connected to the TP-Link just using wifi vs Ethernet it must be something the TP-Link is doing. pfSense does not see that traffic any differently and treats it all the same.
Steve
-
How would pfsense even see that traffic? Device A talking to device B on the same network pfsense has nothing to do with that..
-
@johnpoz said in No Connectivity With Shield TV, Roku, or Fire TV:
How would pfsense even see that traffic? Device A talking to device B on the same network pfsense has nothing to do with that..
Very true... But once I put my Asus router back in place, Kodi on my Shield in my living room starts talking to my server in the basement. Not sure why yet. Once I get the mental energy to look into it further, I will and I'll let you guys know what I figure out.
Thanks and have a nice holiday!
-
@thearm how are you trying to access kodi? what url or fqdn, ip how extactly do you access it http://ipaddress:port?
-
@johnpoz It is via computer name. I added the computer name to the sources list in Kodi when I got the Shield a few years ago. I could try by IP, but it would be nice to know what the problem actually is with using the PC name.
On my Win10 laptop, I can access the servers shares just fine via computer name on wifi from the TP Link AP. Granted, that is Win10 compared to Android, so maybe not a good comparison. Just an FYI.
