Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ATV4 wants to connect to an "unknown" ip on TCP/7000

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bingo600B
      bingo600
      last edited by

      I have an Apple TV 4K , that works fine. But i'm seeing a lot of connect requests to :

      Oct 8 07:09:40 	MMEDIA_STREAMING_IGB2_VL30 	Deny any from this net to Local lans (RFC1918) (1582989127) 	10.xx.yy.107:54331		192.168.1.128:7000		TCP:S
      

      192.168.1.128 is nowhere to be found in my network , 192.168.1.0/24 neither.
      It is not in the pfsense routingable. It's always that ip addy, i see deny's for.

      I do have avahi enabled and active on some of my vlans , but none have any 192.168.1.x ranges.

      aa7a26fd-e6db-4642-8df9-48d66110b425-image.png

      I don't see any avahi interface def for wan (would not have selected that anyway) , but could it be picking something up there ?

      I have tried to see if i could find any avahi database in the pfSense gui but i can't find anything there.

      Could anyone come with a few hints for persuing this ?
      Where does the ATV4 get that ip from ??

      I don't mind ssh ... for AVAHI debugging.
      I have a feeling that it must be learned via mDNS.

      I do have a "mini-dlna" server (linux) , but i have not specified anything that resembles 192.168.1.128.

      TIA
      Bingo

      If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by NogBadTheBad

        @bingo600 said in ATV4 wants to connect to an "unknown" ip on TCP/7000:

        192.168.1.128

        192.168.1.128 won't be on the internet.

        Your pfSense box isn't behind another router is it.

        https://www.speedguide.net/port.php?port=7000

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        bingo600B 1 Reply Last reply Reply Quote 0
        • kiokomanK
          kiokoman LAYER 8
          last edited by

          10.xx.yy.107:54331 192.168.1.128:7000 TCP:S

          ^^^^^^^^^^^^^^ you need to check this device, TCP:SYN, it's the one initiating the connection
          who/what is 10.xx.yy.107 ? the apple tv? maybe some misconfigured program inside the apple tv?

          Ģæ' Ģæ'\̵͇̿̿\Š·=(ā—•_ā—•)=ε/̵͇̿̿/'Ģæ'Ģæ Ģæ
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the šŸ‘ button for any post you find to be helpful.

          bingo600B 1 Reply Last reply Reply Quote 0
          • NogBadTheBadN
            NogBadTheBad
            last edited by

            https://discussions.apple.com/thread/250472145

            Airplay to a device on the local lan with an incorrect IP address I'm guessing.

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            bingo600B 1 Reply Last reply Reply Quote 0
            • bingo600B
              bingo600 @NogBadTheBad
              last edited by

              @NogBadTheBad
              No the ATV4 is directly connected via a L2 Vlan to the pfsense , and te pfsense is directly connected to the @

              If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

              pfSense+ 23.05.1 (ZFS)

              QOTOM-Q355G4 Quad Lan.
              CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
              LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

              1 Reply Last reply Reply Quote 0
              • bingo600B
                bingo600 @kiokoman
                last edited by

                @kiokoman
                Thats my ATV4 ip

                If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                pfSense+ 23.05.1 (ZFS)

                QOTOM-Q355G4 Quad Lan.
                CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                1 Reply Last reply Reply Quote 0
                • bingo600B
                  bingo600 @NogBadTheBad
                  last edited by

                  @NogBadTheBad

                  I won't disagree here.
                  But i have (AFAIK) , nothing announcing that ip or range.

                  That's why i would like to see what avahi (pfsense) has picked up.
                  But i can't seem to list the db on the pfsense, it just says client not running.

                  It's not super important , but annoying that spooky things happens on my net.

                  The ATV4 tries to connect to that ip , after a power off too.

                  /ingo

                  If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                  pfSense+ 23.05.1 (ZFS)

                  QOTOM-Q355G4 Quad Lan.
                  CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                  LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                  IsaacFLI 1 Reply Last reply Reply Quote 0
                  • NogBadTheBadN
                    NogBadTheBad
                    last edited by

                    @bingo600 said in ATV4 wants to connect to an "unknown" ip on TCP/7000:

                    The ATV4 tries to connect to that ip , after a power off too

                    Try an avahi-browse -r -a not sure if it's in the pfSense package.

                    You may see it, from my homebridge box:-

                    =   eth0 IPv6 70-35-60-63.1 Living Room Apple TV            _sleep-proxy._udp    local
                       hostname = [Living-Room-Apple-TV.local]
                       address = [172.16.4.12]
                       port = [57806]
                       txt = []
                    

                    Andy

                    1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                    bingo600B 1 Reply Last reply Reply Quote 0
                    • IsaacFLI
                      IsaacFL @bingo600
                      last edited by

                      @bingo600

                      I have seen this Apple traffic also. I use 10.0.0.0/24 subnets for my local network, but Apple devices (apple tvs, ipads, iphones) still send traffic to 192.168.0.0/16 port 7000. I finally made a rule to not log it.

                      Screenshot 2020-10-11 084304.png

                      bingo600B 1 Reply Last reply Reply Quote 0
                      • bingo600B
                        bingo600 @NogBadTheBad
                        last edited by

                        @NogBadTheBad said in ATV4 wants to connect to an "unknown" ip on TCP/7000:

                        avahi-browse -r -a

                        Avahi still gives client not running.

                        [2.4.5-RELEASE][admin@..]/root:  avahi-browse -r -a
                        Failed to create client object: Daemon not running
                        
                        [2.4.5-RELEASE][admin@..]/root: ps aux | grep avahi
                        avahi   29428   0.0  0.0    7504    2836  -  I    Thu08        5:17.06 avahi-da
                        [2.4.5-RELEASE][admin@..]/root: 
                        
                        

                        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                        pfSense+ 23.05.1 (ZFS)

                        QOTOM-Q355G4 Quad Lan.
                        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                        NogBadTheBadN 1 Reply Last reply Reply Quote 0
                        • bingo600B
                          bingo600 @IsaacFL
                          last edited by

                          @IsaacFL
                          Thanx for that info , i might end up doing the same

                          /Bingo

                          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                          pfSense+ 23.05.1 (ZFS)

                          QOTOM-Q355G4 Quad Lan.
                          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                          1 Reply Last reply Reply Quote 0
                          • NogBadTheBadN
                            NogBadTheBad @bingo600
                            last edited by NogBadTheBad

                            @bingo600 said in ATV4 wants to connect to an "unknown" ip on TCP/7000:

                            @NogBadTheBad said in ATV4 wants to connect to an "unknown" ip on TCP/7000:

                            avahi-browse -r -a

                            Avahi still gives client not running.

                            [2.4.5-RELEASE][admin@..]/root:  avahi-browse -r -a
                            Failed to create client object: Daemon not running
                            
                            [2.4.5-RELEASE][admin@..]/root: ps aux | grep avahi
                            avahi   29428   0.0  0.0    7504    2836  -  I    Thu08        5:17.06 avahi-da
                            [2.4.5-RELEASE][admin@..]/root: 
                            
                            

                            So it looks like avahi-browse doesn’t get installed with the avahi pkg, i don’t have it installed and ran avahi-browse from a raspberry pi.

                            For the life of me I can’t see the Apple TV’s trying to Airplay to a device without it seeing a source via MDNS.

                            Andy

                            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                            bingo600B 1 Reply Last reply Reply Quote 0
                            • bingo600B
                              bingo600 @NogBadTheBad
                              last edited by bingo600

                              @NogBadTheBad

                              I did install avahi-daemon + utils on my Deb-10 mini-dlna server on the same Vlan.

                              And used : avahi-browse -r -a -t -v

                              I see announcements from my ATV4 + my ATV3 + the pfSense
                              None of these announces anything in the 192.168.x.x range

                              Maybe IsacFL is right , apple does strange things in the 192.168.x.x range.
                              Could be that 192.168.1.x id the most used home lan-range out there

                              If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                              pfSense+ 23.05.1 (ZFS)

                              QOTOM-Q355G4 Quad Lan.
                              CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                              LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                              1 Reply Last reply Reply Quote 0
                              • NogBadTheBadN
                                NogBadTheBad
                                last edited by NogBadTheBad

                                Just added a block & log rule, lets see if I see anything.

                                Do you both have an ATV3, I just have 2 x ATV4s?

                                Screenshot 2020-10-13 at 09.42.31.png

                                Andy

                                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                                bingo600B IsaacFLI 2 Replies Last reply Reply Quote 0
                                • bingo600B
                                  bingo600 @NogBadTheBad
                                  last edited by bingo600

                                  @NogBadTheBad

                                  That rule ought to catch "it" , if any traffic šŸ‘
                                  I have an ATV4-4K + an old ATV3 (guest room).
                                  The ATV3 is still fine for NetFlix , and i actually like the UI + Remote better than on the 4's.

                                  /Bingo

                                  If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                                  pfSense+ 23.05.1 (ZFS)

                                  QOTOM-Q355G4 Quad Lan.
                                  CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                                  LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                                  1 Reply Last reply Reply Quote 0
                                  • IsaacFLI
                                    IsaacFL @NogBadTheBad
                                    last edited by

                                    @NogBadTheBad said in ATV4 wants to connect to an "unknown" ip on TCP/7000:

                                    Just added a block & log rule, lets see if I see anything.

                                    Do you both have an ATV3, I just have 2 x ATV4s?

                                    I have 2 of the Apple Tvs just prior to the 4K (so 1080P)

                                    I noticed though that it is not just the AppleTVs. The iphones and and ipad are also talking back and forth using 192.168.x.x. You have to use something like WireShark to see it and it is not a lot of traffic.

                                    If you google enough you will find others have seen this also, but since most common home net is using the 192.168, it goes unnoticed.

                                    NogBadTheBadN 1 Reply Last reply Reply Quote 0
                                    • NogBadTheBadN
                                      NogBadTheBad @IsaacFL
                                      last edited by NogBadTheBad

                                      @IsaacFL

                                      I still haven’t seen any hits to a 192.168.0.0/16 address.

                                      By ā€œ I have 2 of the Apple Tvs just prior to the 4K (so 1080P)ā€ do you mean you have 2 1080 non 4K Apple TV 4’s ?

                                      Andy

                                      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                                      bingo600B 1 Reply Last reply Reply Quote 0
                                      • bingo600B
                                        bingo600 @NogBadTheBad
                                        last edited by bingo600

                                        @NogBadTheBad

                                        I just noticed this one "sigh" ...
                                        https://www.reddit.com/r/HomeKit/comments/bk1ee9/home_app_tries_to_communicate_with_random_ip_on/

                                        I live in an appartment , and have lot's of neighbours within BT range

                                        Could be the culprit.

                                        Edit:
                                        As i have both an ATV3 (VPN to US) + an ATV4 in the livingroom , i had ATV3 remote control issues. The ATV4 was picking up the ATV3 remote IR signals.

                                        I blocked the ATV4 IR sensor by covering the ATV4 left front with "Black tape", and now rely on the ATV4 to get the commands via BT (working fine).

                                        That makes disabling BT on the ATV4, "not an option".

                                        Well ... The "loveliness" of wireless , and "ease of use" before security

                                        Edit2: Enabling "on same Lan" would prevent my iPhone/iPad on the "Phone Vlan" to Stream to my ATV4 on the "Mmedia Vlan" .

                                        I guesst i should just learn to live with those TCP:7000 packet blocks.
                                        /Bingo

                                        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                                        pfSense+ 23.05.1 (ZFS)

                                        QOTOM-Q355G4 Quad Lan.
                                        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                                        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                                        1 Reply Last reply Reply Quote 0
                                        • bingo600B
                                          bingo600
                                          last edited by

                                          Now my ATV4 has "Fallen in love with 192.168.1.14 TCP:7000"

                                          Well i have had it ...
                                          Made a deny rule targeting ATV4 -> 192.168.1.0/24 (I dont have that range) , and disabled logging.

                                          /Bingo

                                          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                                          pfSense+ 23.05.1 (ZFS)

                                          QOTOM-Q355G4 Quad Lan.
                                          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                                          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.