Amazon Fire TV not working
-
Hi!
I'm using pfSense 2.1.5 and my Amazon Fire TV is not working. I have a classic setup, so: Modem – pfsense -- Switch -- Clients (Fire TV also). Every client is working well, but not the Fire TV. I also testet to create a new interface DMZ and allow all in the rules tab, same problem. I can't get any connection with the Fire TV, but I can ping it.
If I plug it directly to the modem, it is working fine.Here's a screen of my firewall log:
Whats the problem, what can I try to do?
Thanks!
-
Do you have the uPNP service running on the interface (LAN)?
-
No I don't have. But I also testet it with it running. What I found out: if I go to Advanced - Firewall/NAT and check "disable all packet filtering" and uncheck it again, Fire TV works fine for a short period of time. But at least after 1 hour, it's not working anymore. Is this a bug from pfsense, or what's happening there?
-
What is showing up as blocked in the firewall logs?
-
Nothing, thats the problem.
-
You know what. I bet manual outbound NAT with static port need be set up on basically the entire LAN… (WAN... technically)
Perhaps maybe just 49000 - 65535...
But I'd do the whole LAN at first to see if that fixes the issue and then narrow the ports.
It is a UDP stream after all. Might be the issue, as it so often is.
-
You may use other protocols, like some games amongst other things, that do not work properly when the source port gets rewritten. To disable this functionality, you need to use the static port option. Click Firewall -> NAT, and the Outbound tab. Click "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and click Save. You will then see a rule at the bottom of the page labeled "Auto created rule for LAN". Click + to copy that rule. Change the rule so it only covers the source IP of your device that needs static port, and any other settings you need. Check the "static port" box on that page, and click Save. Move the rule to the top of the list. Apply changes and this behavior will be disabled.
(copied)
I'd just do the entire 1-65535 at first, just to see if that changes things. Then try to narrow it to only what your service needs.
Be sure to put your rule with static port on top of the list(-;If this makes no difference, its easy to change back to automatic outbound nat.
-
Wich rule do I have to copy and edit?
http://imgur.com/Bu416t5
My LAN is the 192.168.1.0/24, there also is the Fire TV connected to.
-
You see the very first rule? Hit the + button to the right of it. Then change destination port to 1 - 65535
Then change the description to something like "static port entire lan". Then save the rule. After that, move that rule to top of list.
Be sure to save/apply.
See if it works. Might need a reboot.
Its easy to go back and delete if doesn't work.
-
P.S. Looks like where there was 500, you should make that blank to catch all ports.
No idea if this will work. Could also be a dlna issue. I hope its this "easy" for you.
-
Is there a possibility that I lock out myself with that? I'm connected via WAN right now :D
Trying to set the destination port range to 1-65535 it says "You must supply either a valid port or port alias for the destination port entry."
EDIT: thanks for the tip! I've edited now the first rule and leave the port empty, for cover all ports. Will try that later at home if its fixed. Will report then, thanks a lot till now!
-
Where it had 500, just make it blank to catch all ports. No - You will not be locked out.
-
See edited post above, thanks!
-
Don't thank me unless it works. Good chance its no effect at all.
-
You're right, let's see.
As I setup DMZ yesterday, I let the firewall log everything and found out that Fire TV only connects via port 80 and 443 and (I think it was) 2289 TCP. Also uses 53 as well. But even with everything allowed, it didn't work.
Maybe it's realy an UDP stream problem, don't know. Also requested the Amazon support, they can't help me right now and gave it to the technicals.Is there any possibility to see whitch ports the Fire TV is using, or trying to use?
-
I think you are going to find out fire tv will use a ton of random udp ports, but lets see.
Your pfsense setup is far from simple - its possible you have other issues.
-
Hm, first issue is if I set the NAT outbound from automatic to manual, IPsec isn't working anymore. So I edited the first rule to any port, and set back to automatic. Is that ok, or whats the difference to manual? Now IPsec is working fine again.
-
automatic totally ignores any rules you set.
when you get home try it with manual.
If it works, you might want to make a LAN segment just for fire tv.
-
I'm being stupid - duh…
You can change your first rule to the single IP of fire tv instead of the entire LAN
like 192.168.1.100/32 (replace 100 with whatever your amazon fire device is)
Then static ports will only apply to that 1 device.
-
Well I think I need automatic for the IPsec, or not?