Discovery blocked by firewall configuration

psfales · March 28, 2017, 1:26am

I’m a new user just getting started with Home Assistant, but everything looks really nice so far.

I started out installation Hassbian on a Raspberry Pi. That was was amazingly simple and everything “just worked” including discovery of my Wemo switches and Chromecase devices. Next, I wanted to try to moving it my bigger Fedora 25 server, so I followed the virtualenv instructions and that also went amazingly smoothly and the GUI started up just fine on the new machine. It “felt” like everthing is working, and I can control the custom devices that were added to the configuration file except that nothing was discovered.

After lots of head scratching, I realized that is must the the restrictive firewall configuration that Fedora installs by default. I shut down the firewall (i.e. leaving everything wide open), restarted HA, and everything was properly discovered.

Does anyone know what kind of rules needed to be added to the firewall (iptables) rules to allow discovery to work while still keeping the rest of the firewall active?

Thanks!

fabaff · March 28, 2017, 7:01am

netdisco uses mDNS, uPnP, SSDP, and a couple of vendor-specific implementations (eg. Good Day Mate protocol) to detect devices. I guess that the savest way would be to evaluate what you have in your network and then adjust the rules.

psfales · March 28, 2017, 1:16pm

By trial and error. (And some google and wireshark work). I was able to get it working for my needs. This is probably not a complete list, but I found that all I needed was

Chromecast - Allow UDP with destination port 5353 (mDNS)
Wemo Switch - Allow UDP with source port 3084

Maybe with this starting point, others can add to the list!