pfsense and Rules For IoT Devices with mDNS

Thanks

can plex still work on this setup?

May we see the rules from the other networks to get into IOT?

Hello, how can i setup mdns “.local” domain on windows computer?

I appreciate this info, thanks! question about blocking traffic. if my sonos speakers are on my iot vlan and my inter vlan traffic is blocked, do I just need to allow private network to access sonos speakers, but sonos speakers don't need to access private vlan? if the request for music is made from private to sonos, they will answer, even when they are blocked on the lot side?

Once again, a Lawrence Systems video helped me fix a problem I didn't realize I had. My ESPHome devices for Home Assistant were not quite working after putting them on an IoT subnet/VLAN. They could be configured and updated and I could read the logs, but they were remained in the "OFFLINE" state in Home Assistant. Turns out they depend on mDNS to find Home Assistant and Avahi was the magic that was needed to make that now work. Thanks again!

Phenomenal description of securing IoT devices while still allowing actual secured devices to initiate communication and requests. Wildly helpful

"if your refrigerator gets compromised, it [shouldn't] become an attack vector" is actually an odd sentence if you think about it

This is a great explanation. However, a question; What's the point of setting the source to IOT net vs just using *? As IOT net is the whole subnet of that VLAN.

Is there a recent tutorial on Avahi the interface has changed again

Another great video, thank you

I'd love for someone to go over "invert match" more extensively. I'm very curious.

Searches for refresher of securing iot vlan for my network overhaul. Of course, it's Lawrence. Thanks for all you do.

thanks, can you do any update video on Network of things, pfsense rules for that and how they can communicate between IOT

I have a Synology NAS running a Plex server on my network and would like my firesticks & Nvidia shield devices on the IOT vlan but have access to plex. Is this possible?

Outstanding. Exactly what I needed and exactly the right detail.

What application is he using to graph his network?

Thanks for the helpful video. This was exactly what I needed to set up my ADT system on OPT1. It has it's own Wi-Fi router for some of the sensors and who knows whether the firmware is ever updated. Keep 'em coming. Also, you might want to remind people to reset their state tables once in a while when a making changes. That really helped me out setting up my OPT1 configs.

How would you go about preventing lateral movement inside the 172 network with unifi switches/ap's and pfSense as firewall? Isolating each device on separate vlans does not really scale

Thank you, I’ve really needed answers on how to accomplish this for a long time. As a noob, it seemed daunting to try to manage the ports that IoT needs to work on a separate network, and still let devices work with them from my trusted net. Very clear explanation, and concise video!

exactly what i needed. thanks for teaching me pfsense bro

Old video but super useful. Thanks Tom again

Just wanted to highlight something - even though you're right - The ping is an ICMP packet, and thus does not fall into the rule that you just made. (I know, it does fall into the implicit block however, but I guess a more apt test would be to test curl or wget towards one of the internal machines). Am I wrong in this?

Do you need a separate wireless AP when isolating iot devices?

Hey Tom, great video, thanks!

Avahi recommends caution when enabling publishing settings, and has them all off by default; however they are all enabled in this video. I am having a hard time finding anyone that actually explains the scope, and necessity of these setting; why are they not even mentioned?

For anyone having trouble with this over WiFi. Some WiFi systems default to filtering broadcasts, so you may have to disable this filtering. For me it was Aruba "Broadcast Filtering" that defaults to allowing ARP only. Once this was disabled it worked perfectly.

Good video! thank you

As a ict/netwerk enthousiast I love your videos. For me they are a goldmine of information. Thnx for sharing all this knowledge 👍

Brilliant. A bit lengthy, but this is necessary, if you start from scratch. I was already watching a lot of videos in this direction lately and now thanks to this channel (and especially this video), my completely separate IoT Network with ~40 devices work perfectly. The missing bit was mDNS to make chromecast work across networks. Thank you!

I find HomeKit still doesn't work well correctly with this setup. Are there known bugs, etc for Avahi? Is there a method to do this without?

Love the video. However, do you have a video on the same configuration for untangle?

Hey! Just followed you video, but I can't cast anyhing to my chromecast. I seted up Avahi, I hae rules in Smarthome firewall which let the chromecast to anywhere, and I have a rule in LAN firewall, to let anything to the ChromeCast. What am I missing?

uh-VAH-hee

Three syllables, stress on the second.

Boom. Done.

Got into homelabing, and now I keep getting these videos recommended. And I never know that its the video Im looking for before I watch it, because it explained a concept that I'm not aware of. Then after I watched them I immediately have to go and implement it on my home network. Great work. Looking forward to the next recommended video of something exiting that im not yet aware of!

Hi Lawrence, what about if you need to access DLNA content from a NAS located in a different VLAN but cast the video to smart TV's in the IoT network? Any Idea how to approach that?

Thank you so much for all your videos!!!

Doesn't work, followed your instructions to the T and my IoT network can still see my trusted network.

Thank you.
Can I skip unifi switch and achieve the same with pfsense box and unifi access point?
Cheers

I couldn't get it working until I allowed the IOT network to talk to the LAN. I had blocked this initially and only allowed internet access. Chromecast would not work and in my firewall logs, I saw attempts from the device to connect to the LAN on port 8010... It wasn't until I allowed this that I could cast movies on my TV

Great Video! Quick question, how can I block access to LAN except for few machines with specific ports (Between Sonos Controller and Sonos speakers), not mDNS, while maintaining internet access

Very well done sir ! Thanks for sharing your knowledge :)

I was wondering if you have had to try and get casting to work with a roku tv with this setup. I have not had any luck. any suggestions would really be great.

I can't believe you said "Your refrigerator being attacked..." This is the world we live in now. Brings a whole different meaning when you say things like "It's got everything but the kitchen sink."

Hi, Am a big fan of your channel. Thank you for posting. On this episode you only over the firewall side (Pfsense) but about the UniFi Controller. Do I have to do some changes there too? Like enable IGMP snooping?

As soon as I activate the firewall rule I can see the AirPlay devices but not play them anymore. iTunes error something like can not connect. I have the same VLAN structure with UniFi hardware. Does anyone have an idea of what I can do?

A little late to the comments, but last week I decided to migrate my little linux box (failing, bad ram I suspect) with 2 unifi AP's and a netgate sg3100 based solely because of your excellent videos. You explain stuff VERY well (I actually understand what every option actually means), they are straight to the point, they actually work quite good and you have topics about... just everything! This was being a major PITA for me but the Chromecast works perfectly now! Thank you, thank you, thank you!!