LAN to LAN FW rules blocking slingbox?



  • I'm really scratching my head here.  Probably missing something really simple..

    I just installed the slingbox (watch video remotely) on my Dish receiver.  I can stream video fine from my Wifi network, but when I try to watch from my LAN network, I get about 10-15 seconds in and it freezes.  When it freezes, I find these firewall log entries.

    I'm not 100% sure how Slingbox works, but it seems to set the connection up thru the internet, but the streaming gets setup directly between the two devices.

    I have a pretty much stock setup PFSense 2 (latest snapshot) box with 3 interfaces.

    WAN: DHCP
    LAN:  192.168.0.0/24
    WIFI: 10.10.10.0/24

    192.168.0.230 - Desktop PC
    192.168.0.150 - Dish receiver

    The explanation for the entries is

    The rule that triggered this action is:
    
    @1 scrub in on vr1 all fragment reassemble
    @1 block drop in log all label "Default deny rule"
    

    Log entries

    
    block Jul 10 09:23:43 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
    block Jul 10 09:23:33 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:FA
    block Jul 10 09:23:32 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:FPA
    block Jul 10 09:23:30 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
    block Jul 10 09:23:28 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:FA
    block Jul 10 09:23:27 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
    block Jul 10 09:23:27 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:FA
    block Jul 10 09:23:25 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
    block Jul 10 09:23:24 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:FA
    block Jul 10 09:23:24 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
    block Jul 10 09:23:24 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
    block Jul 10 09:23:23 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
    block Jul 10 09:23:23 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
    block Jul 10 09:23:23 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:FA
    block Jul 10 09:23:18 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
    block Jul 10 09:23:18 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
    block Jul 10 09:23:17 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
    block Jul 10 09:23:17 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
    block Jul 10 09:22:52 LAN 192.168.0.230:2932 192.168.0.150:5101 TCP:R
    
    


  • Out of curiosity, what interface is the slingbox connected to? There are no rules in place to allow connections between interfaces so Lan to Wifi is explicitly disallowed unless rules are put in place. You said watching over Wifi is fine so I suspect the slingbox is on Wifi as well which would be consistent with the "default deny rule" you saw in the logs when trying to watch on the Lan.



  • The slingbox is basically embedded into the Dish reciever.  It's off the LAN interface, same network as my desktop PC's.

    Thats why I'm so confused..  :)


Log in to reply