Across VLAN access

Hi this is my first time posting in this forum.

I have a Unifi Express Router configured with a default (tag = 0) and IoT (tag = 20) VLANs.

All my devices sit in the IoT VLAN and HA sits in the default VLAN.

I have firewalls rules that say, in order:

  • Default → IoT is allowed
  • IoT → DNS server (IP and port) is allowed
  • IoT → MQTT server (IP and port) is allowed
  • IoT → HA (IP and port) is allowed
  • IoT → Default is not allowed

HA is deployed as a VM in Proxmox and CAN access on my local IoT devices, woohoo!

What doesn’t work are requests from IoT devices (e.g. Google Home Hubs) to HA for Text-to-speech announcements.

I am sure this is a HA issue as the DNS and MQTT requests go through fine.

I “moved” HA into the IoT network which I should still be able to access from the Default network given the first firewall rule but it didn’t… hummm…

I’m tearing my hair out. Any advice?

Try turning off the firewall or adding a rule that allow everything through. If it starts working then it’s a firewall issue, if it doesn’t it’s a networking issue.

1 Like

How can you be sure, when you don’t know the difference in the way they communicate, MQTT / DNS & HA ( HTTP " SSL/TLS" )


Thanks for the suggestion Pete, neither have worked.

I have just tried allowing port 80 for the DNS server (AdGuard) which is accessible from the IoT network.

Also just setup a fresh instance of HA and updated the IP in the firewall rule… it works! So what could be the difference with my original instance?

Text to speech announcement would go from HA (source)to Google Home(destination). Pretty sure that is one way. If your thinking it is firewall issue it is helpful to understand source and destination.

I mean the play media service with a url e.g.

I figured it out… I had tailscale running!

Edit: it was because I had Userspace Networking disabled.