Access to emby server by people on guest network in ubiquiti

[wearethenext 0]

I have a ubiquiti usg and a switch with emby running on a pc on my main lan network through the switch.

I recently created a guest network and guest wifi on my UAP AC M but cant access my emby server on the guest network. I access it well on my main wireless network but need a way to provide access to it for guests to watch movies without connecting to my main network.

What firewall rules should i set up

[wearethenext 0]

I have a ubiquiti usg and a switch with emby running on a pc on my main lan network through the switch.

I recently created a guest network and guest wifi on my UAP AC M but cant access my emby server on the guest network. I access it well on my main wireless network but need a way to provide access to it for guests to watch movies without connecting to my main network.

What firewall rules should i set up

[Luke 37010]

Hi there, what happens when you try to access it?

[Luke 37010]

I would also suggest taking a look at our Connection Troubleshooter:

https://support.emby.media/support/solutions/articles/44001849007-connectivity

Please try the steps listed there and let us know which ones succeed and which ones do not. Thanks !

[rbjtech 4223]

Your guest network will be on a separate VLAN to the main network - thus as you have concluded, you need to provide a way for the traffic to flow from the guest to the main network.

You need to allow ANY SOURCE IP on the GUEST (IN) network using TCP 8096 and TCP 8920 (assuming you are using the default emby ports) to be allowed to reach the EMBY DESTINATION SERVER IP on the main (LAN Out) network.

I don't use a USG f/w myself - but have a look here - https://help.ui.com/hc/en-us/articles/115003173168-UniFi-UDM-USG-Introduction-to-Firewall-Rules#4

 

[wearethenext 0]

On 4/12/2021 at 1:37 PM, rbjtech said:

Your guest network will be on a separate VLAN to the main network - thus as you have concluded, you need to provide a way for the traffic to flow from the guest to the main network.

You need to allow ANY SOURCE IP on the GUEST (IN) network using TCP 8096 and TCP 8920 (assuming you are using the default emby ports) to be allowed to reach the EMBY DESTINATION SERVER IP on the main (LAN Out) network.

I don't use a USG f/w myself - but have a look here - https://help.ui.com/hc/en-us/articles/115003173168-UniFi-UDM-USG-Introduction-to-Firewall-Rules#4

 

Am not a network pro or something so i needed a straight forward answer on how to do it from someone that has done it before. A breakdown step by step easy guide would be great help.

I have tried reading through the article but i dont make much sense of anything.

Thanks

[wearethenext 0]

On 4/12/2021 at 12:32 AM, Luke said:

Hi there, what happens when you try to access it?

I just cant access the server. But when connected to my main lan wifi i can.

[wearethenext 0]

On 4/12/2021 at 1:37 PM, rbjtech said:

Your guest network will be on a separate VLAN to the main network - thus as you have concluded, you need to provide a way for the traffic to flow from the guest to the main network.

You need to allow ANY SOURCE IP on the GUEST (IN) network using TCP 8096 and TCP 8920 (assuming you are using the default emby ports) to be allowed to reach the EMBY DESTINATION SERVER IP on the main (LAN Out) network.

I don't use a USG f/w myself - but have a look here - https://help.ui.com/hc/en-us/articles

Hey

To get a better picture of my setup.

I have a USG a Unifi switch mini and an Ap M.
I have two networks the Main Lan and Guest Network both with Wifi.

I have configured Guest portal on my Guest wifi. Now my problem is i cant access my emby server running on my Main Lan. I need a way for devices on guest Wifi to access my emby Server on my Lan Network.

Lan Network 192.168.1.0/24
Guest Network 192.168.10.0/24

Emby server ip address 192.168.1.10

Your Help would be highly Appreciated.

[rbjtech 4223]

Hi - Sorry, I can't really help anymore beyond what I've already said - as I don't run a ubiquiti firewall (but the concept should be the same for all firewalls..)

Your best course of action is to logon to the ubiquiti forums and ask the question there - provide them with the same info as above (include the fact you only want TCP 8096 and TCP 8920) and they should be able to help you.

 

 

[Happy2Play 8242]

Since you want access to Emby on two networks on your LAN, have you added those networks to LAN Networks?  Dashboard-Network

LAN networks:

Comma separated list of IP addresses or IP/netmask entries for networks that will be considered on local network when enforcing bandwidth restrictions. If set, all other IP addresses will be considered to be on the external network and will be subject to the external bandwidth restrictions. If left blank, only the server's subnet and common private IP subnets (10.0.0.0/8, 192.168.0.0/24, etc.) are considered to be on the local network.

 

[rbjtech 4223]

I don't think that is going to help - the GUEST network is isolated from the LAN network by design - the only way you are going to get traffic from one to the other is via a firewall which will allow (and route) the traffic.

A simple f/w rule such as 'Allow ANY IP on GUEST to Emby IP on LAN using TCP 8920 or TCP 8096' will work - but the OP just needs to translate that into Ubiquiti f/w logic..

This is my internal emby f/w rule (on my Sophos XG f/w) - it allows traffic from my Core and Mobile networks (the source) to the Emby Destination on the IoT network.  In your case, you would substitute the GUEST network as the Source and your main LAN as the destination.

I hope this helps.

 

Edited April 19, 2021 by rbjtech

[yaksplat 58]

I put a static route in for VPN traffic to get to emby while on the VPN.

VPN traffic came in on 192.168.2.0/24 and then the next hop was on 192.168.1.0