Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Websockets and Firewalls

    Firewalling
    1
    1
    206
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      piatho
      last edited by

      Hi experts,
      i have installed pfsense in my network with a very simple setup to allow me finetuning and securing once i have a full understanding of all demands. However although i currently have a an "allow all traffic" rule on all my interfaces, i struggle with websocket support. I spend weeks to understand the concepts but realized that with without some human help, i will not be able to get closer to the solution.

      My setup consists of 3 networks (interfaces) to separate smart home, wlan and servers. E

      • Each of the network has its own DHCP and DNS set; DNS is set to host and google as 2nd
      • Each network currently have an "allow all traffic rule" active
      • I am using pfsense behind a fritzbox, There are also machines out of my control on the WAN segment.
      • Since i have a reverse proxy, i have routed in pfsense (NAT) some ports in the 5000-range to some servers in my server network,

      My problem:

      • I want to connect with my smart tv via websocket communication. For testing i am using wscat. (wscat -n -c wss://192.168.XX.XX:8002/api/v2/channels/...)
      • Expected behaviour would be that the API returns a token. That also works as long as the the machine that initiate the communication is in the same network.
      • However, when i bring the machine that initiate the communication to another network, lets say the server network, i am getting immediately an error message
      Connected (press CTRL+C to quit)
< {"event":"ms.channel.timeOut"}

error: Invalid WebSocket frame: invalid status code 1005

      I have not really experience with the pfsense logging capabilities, but i suspect there must be somewhere a log to see what has caused the timeout?

      I really appreciate your support and guidance here.

      Best regards
      Thorben

      1 Reply Last reply Reply Quote 0
      • First post
        Last post