Комментарии:
Thanks
Ответитьcan plex still work on this setup?
ОтветитьMay we see the rules from the other networks to get into IOT?
ОтветитьHello, how can i setup mdns “.local” domain on windows computer?
ОтветитьI appreciate this info, thanks! question about blocking traffic. if my sonos speakers are on my iot vlan and my inter vlan traffic is blocked, do I just need to allow private network to access sonos speakers, but sonos speakers don't need to access private vlan? if the request for music is made from private to sonos, they will answer, even when they are blocked on the lot side?
ОтветитьOnce again, a Lawrence Systems video helped me fix a problem I didn't realize I had. My ESPHome devices for Home Assistant were not quite working after putting them on an IoT subnet/VLAN. They could be configured and updated and I could read the logs, but they were remained in the "OFFLINE" state in Home Assistant. Turns out they depend on mDNS to find Home Assistant and Avahi was the magic that was needed to make that now work. Thanks again!
ОтветитьPhenomenal description of securing IoT devices while still allowing actual secured devices to initiate communication and requests. Wildly helpful
Ответить"if your refrigerator gets compromised, it [shouldn't] become an attack vector" is actually an odd sentence if you think about it
ОтветитьThis is a great explanation. However, a question; What's the point of setting the source to IOT net vs just using *? As IOT net is the whole subnet of that VLAN.
ОтветитьIs there a recent tutorial on Avahi the interface has changed again
ОтветитьAnother great video, thank you
ОтветитьI'd love for someone to go over "invert match" more extensively. I'm very curious.
ОтветитьSearches for refresher of securing iot vlan for my network overhaul. Of course, it's Lawrence. Thanks for all you do.
Ответитьthanks, can you do any update video on Network of things, pfsense rules for that and how they can communicate between IOT
ОтветитьI have a Synology NAS running a Plex server on my network and would like my firesticks & Nvidia shield devices on the IOT vlan but have access to plex. Is this possible?
ОтветитьOutstanding. Exactly what I needed and exactly the right detail.
ОтветитьWhat application is he using to graph his network?
ОтветитьThanks for the helpful video. This was exactly what I needed to set up my ADT system on OPT1. It has it's own Wi-Fi router for some of the sensors and who knows whether the firmware is ever updated. Keep 'em coming. Also, you might want to remind people to reset their state tables once in a while when a making changes. That really helped me out setting up my OPT1 configs.
ОтветитьHow would you go about preventing lateral movement inside the 172 network with unifi switches/ap's and pfSense as firewall? Isolating each device on separate vlans does not really scale
ОтветитьThank you, I’ve really needed answers on how to accomplish this for a long time. As a noob, it seemed daunting to try to manage the ports that IoT needs to work on a separate network, and still let devices work with them from my trusted net. Very clear explanation, and concise video!
Ответитьexactly what i needed. thanks for teaching me pfsense bro
ОтветитьOld video but super useful. Thanks Tom again
ОтветитьJust wanted to highlight something - even though you're right - The ping is an ICMP packet, and thus does not fall into the rule that you just made. (I know, it does fall into the implicit block however, but I guess a more apt test would be to test curl or wget towards one of the internal machines). Am I wrong in this?
ОтветитьDo you need a separate wireless AP when isolating iot devices?
ОтветитьHey Tom, great video, thanks!
ОтветитьAvahi recommends caution when enabling publishing settings, and has them all off by default; however they are all enabled in this video. I am having a hard time finding anyone that actually explains the scope, and necessity of these setting; why are they not even mentioned?
ОтветитьFor anyone having trouble with this over WiFi. Some WiFi systems default to filtering broadcasts, so you may have to disable this filtering. For me it was Aruba "Broadcast Filtering" that defaults to allowing ARP only. Once this was disabled it worked perfectly.
ОтветитьGood video! thank you
ОтветитьAs a ict/netwerk enthousiast I love your videos. For me they are a goldmine of information. Thnx for sharing all this knowledge 👍
ОтветитьBrilliant. A bit lengthy, but this is necessary, if you start from scratch. I was already watching a lot of videos in this direction lately and now thanks to this channel (and especially this video), my completely separate IoT Network with ~40 devices work perfectly. The missing bit was mDNS to make chromecast work across networks. Thank you!
ОтветитьI find HomeKit still doesn't work well correctly with this setup. Are there known bugs, etc for Avahi? Is there a method to do this without?
ОтветитьLove the video. However, do you have a video on the same configuration for untangle?
ОтветитьHey! Just followed you video, but I can't cast anyhing to my chromecast. I seted up Avahi, I hae rules in Smarthome firewall which let the chromecast to anywhere, and I have a rule in LAN firewall, to let anything to the ChromeCast. What am I missing?
Ответитьuh-VAH-hee
Three syllables, stress on the second.
Boom. Done.
Got into homelabing, and now I keep getting these videos recommended. And I never know that its the video Im looking for before I watch it, because it explained a concept that I'm not aware of. Then after I watched them I immediately have to go and implement it on my home network. Great work. Looking forward to the next recommended video of something exiting that im not yet aware of!
ОтветитьHi Lawrence, what about if you need to access DLNA content from a NAS located in a different VLAN but cast the video to smart TV's in the IoT network? Any Idea how to approach that?
ОтветитьThank you so much for all your videos!!!
ОтветитьDoesn't work, followed your instructions to the T and my IoT network can still see my trusted network.
ОтветитьThank you.
Can I skip unifi switch and achieve the same with pfsense box and unifi access point?
Cheers
I couldn't get it working until I allowed the IOT network to talk to the LAN. I had blocked this initially and only allowed internet access. Chromecast would not work and in my firewall logs, I saw attempts from the device to connect to the LAN on port 8010... It wasn't until I allowed this that I could cast movies on my TV
ОтветитьGreat Video! Quick question, how can I block access to LAN except for few machines with specific ports (Between Sonos Controller and Sonos speakers), not mDNS, while maintaining internet access
ОтветитьVery well done sir ! Thanks for sharing your knowledge :)
ОтветитьI was wondering if you have had to try and get casting to work with a roku tv with this setup. I have not had any luck. any suggestions would really be great.
ОтветитьI can't believe you said "Your refrigerator being attacked..." This is the world we live in now. Brings a whole different meaning when you say things like "It's got everything but the kitchen sink."
ОтветитьHi, Am a big fan of your channel. Thank you for posting. On this episode you only over the firewall side (Pfsense) but about the UniFi Controller. Do I have to do some changes there too? Like enable IGMP snooping?
ОтветитьAs soon as I activate the firewall rule I can see the AirPlay devices but not play them anymore. iTunes error something like can not connect. I have the same VLAN structure with UniFi hardware. Does anyone have an idea of what I can do?
ОтветитьA little late to the comments, but last week I decided to migrate my little linux box (failing, bad ram I suspect) with 2 unifi AP's and a netgate sg3100 based solely because of your excellent videos. You explain stuff VERY well (I actually understand what every option actually means), they are straight to the point, they actually work quite good and you have topics about... just everything! This was being a major PITA for me but the Chromecast works perfectly now! Thank you, thank you, thank you!!
Ответить