Hello
I’m running Home Assistant in a docker container attached to a docker network. This network uses the 172.22.0.0/24 subnet. The Docker host is attached to a network running in 192.168.1.0/24. My Tuya device is attached to a separate IoT interface running using 10.10.10.0/24 network range.
On the Firewall (OpenWrt) traffic from the LAN interface is allowed to access the IoT interface. Traffic from the IoT interface is only allowed for DHCP, DNS and SMB access for a couple of devices.
How can I get the Tuya-Local to discover my Tuya device(s) without attaching the Home Assistant container to the host network directly?
I ran nmap and I can see that the Tuya device is accessible on port 6668 from the LAN interface.
Are you using macvlan or host networking for docker
Look into mdns reflector
Discovery uses mdns which works poorly across vlans
IOT vlans are misused and misunderstood I believe. Some people just put the smart devices here but allow open access to the internet. This is not good since a hacked camera on seperate vlan willl eventually lead to whole network compromised. Probably not what you have and off topic
Set HA host on network port that gets all vlan traffic
Create macvlan interface for HA docker in IOT and any other desired network. You don’t need to expose ports in this case and HA has unique IP on each vlan.
Block all incoming from IOT to any HA port except 8123, mdns port and maybe any other port IOT devices are connecting to HA from. If HA is connecting OUT to device to retrieve data there is no need to open these.
With above HA will sit on IOT vlan with an IOT IP
OR
Look into mDNS reflector
Thank you very much for that recommendation. I’m already using mdns-repeater but I cannot honestly remember why but I remember something working when I installed it at the time. I will try reflector and feedback. Cheers
repeater and reflector may be the same.
avhi is another. I forget there relationship or difference
ultimately it may be best to utilize setup where HA is on IOT with limited access. I plan to move to this eventually but just changed a lot of my networking and not in mood. If Access to HA host is limited there there is no real difference from seperate vlan and firewall access allowed. Other than mdns will work well. I did this for a matter vlan I created, which may get combined with IOT.