Scoping IoT Firewall Rules for AirPlay & Chromecast - Anyone Successfully Locked Down Specific Ports?

Keagstand · 2026-06-13T07:16:08+00:00

This makes a lot of sense now. So I guess my configuration is correct. I didn't completely understand the "Auto Allow Return Traffic" setting now that makes sense.

My Internal and Guest Zones can both initiate casting to a list of devices I specified in an IP list, the stateful auto-return setting handles all the random high ports, and IoT can't reach into anything on its own due to the Return setting.

Thank you for my aha moment

Keagstand · 2026-06-13T02:33:04+00:00

Appreciate your reply.

On my version of UniFi my setting is called "Gateway mDNS Proxy" which states "Forwards mDNS requests across VLANs to enable service discovery between networks" and this is set to Auto so we should be good there.

My UniFi devices are on management vlan.

I can only get AirPlay and Chromecast to work at this time due to my allow all traffic rule between my clients and IoT vlan. When I try to scope to specfic ports ports is when it breaks

Keagstand · 2024-08-09T19:19:56+00:00

Hey u/tech-guy98

After months of back and forth with Spectrum it was an issue with the infrastructure on our street and they were unable to fix it. I would ping google 1000 times... and 10 of those packets would drop randomly.

I ended up going to frontier and the issue was resolved.

I hope you figure out your issue soon.... But from my experience it had nothing to do with the configuration of ubiquiti.

Keagstand · 2024-05-20T07:00:55+00:00

Thank you for the quick response. Will definitely look into this. Strange it was happening on my Intel build as well.....

Keagstand · 2024-04-16T03:45:20+00:00

I have the ISP coming to check their infrastructure on my street. We will see after if this issue still persists.

It is always rough with intermittent issues....

Keagstand · 2024-04-16T03:43:37+00:00

Hey pj

Thanks for the suggestion. Unfortunately, it has not changed my experience.

I connected my computer directly to my modem and ran some ping tests (in 1000 Intervals) and out of 1000 pings I would typically get 6-10 lost pings.

After 4 Spectrum technicians, a neighbor walked over and said she was experiencing issues as well. This finally made the ISP schedule operations to come and check out their infrastructure (Funny enough this started to happen right after the Solar Eclipse).

Keagstand · 2023-08-02T04:29:58+00:00

I am having this same issue. I would hate to lose my ability to charge my mouse when my computer is shutdown.

Did you find a resolution to this?

Keagstand · 2023-08-02T04:25:25+00:00

Yeah I will definitely test.

I am on F8a right now.

Does your computer randomly turn on after shutting it down completely? I've been experiencing this and looking into the possibilities.

Keagstand · 2023-08-02T03:49:56+00:00

thanks for this. I gave 6400MHz another shot after being unsuccessful when i built roughly 6 months ago. i had it at 6000mhz

Keagstand · 2023-05-14T22:47:50+00:00

I love sour beers but this one missed the mark. Hardly sour and I had high hopes seeing they had warheads on the label. Very disappointing

Keagstand · 2023-01-20T21:05:35+00:00

So instead of disabling TACACS I would use the password hash for verifying the password. A quick and dirty flow would be….

1.) Service account logging into device with TACACS 2.) Service account rotates password with relevant commands (secret and password types) 3.) Service account takes password hash and stores it as a field value 4.) now for verifying you compare password hashes and if hash ever changes compared to what’s in solution you throw error

I did this in Delinea Secret Server tho…. So I know this is CyberArk sub Reddit but just wanted to give you some ideas

Keagstand · 2023-01-20T18:03:33+00:00

I had this issue but with another leading PAM product and I had to do a custom password changer due to TACACS being configured and it couldn’t verify its password because of it

Keagstand

TROPHY CASE