This is my first post. I’ve been watching Will and a few others on YouTube and got a lot of good information and lots of future plans for my network. I have a question to everyone out there who has set up a VLAN and has experience with cross VLAN DLNA connectivity. First a quick backstory.
I am in the process of setting up my VLAN. I’m using a “Router on a Stick” setup. I have a Synology RT2600ac and a Linksys LGS528 L2 managed switch. I set up three new VLANS beyond the default primary and guest subnets. I moved all of my printers, my 2 TVs and a BluRay player to my IoT network. I moved my wife’s MBP and my Dell Desktop to a network I call “Secure” and I have a third network called “Storage” where I plan to migrate my 4 Synology NAS’s (a DS207 yep, still kicking, DS213, DS720+ and a DS923+ that I just bought but have not setup yet). The 3 connected NAS’s are still on my primary subnet, 192.168.1.0/24; and so is my Dell Laptop where I do all of my network admin. Before the VLAN I could use my NAS to play my music and video libraries to my BluRay or TVs. After moving my 2 TVs and BluRay to the IoT I can’t get a DLNA connection to my media devices. I can send print jobs from any other subnet to the printers (also in IoT) but I can’t play a movie. Has anyone been able to get their movies & mp3’s stored on their Synology NAS to play on their media devices when the NAS is in one subnet and the media devices are in another? There’s more to the story but for now I just need to know if it’s possible. Thanks!!
This may not the most helpful, but every bit helps…
I tried smoothing similar temporarily for another reason DNLN over VPN … I didn’t have a sophisticated enough router to enable ports through VPN for DLNA …
First DLNA is not a bulletproof technology. Make sure your router and/or switch has the appropriate ports and multicasting set up across your Vlans. Make sure the following ports (double check as it been a while) 9001,50001 & 50002 of the media server are open across your Vlans. And of course make sure your devices can see each other. You may have to create a rule to punch a hole through you router/switch. Set up a rule based on Mac addresses as punching a hole may defeat the hole purpose of setting up your Vlans .
If you can use the NAS’s second ethernet port that might be easier. Easy being a very relative term …
Good luck
Ports are open. Firewall rules are in place and Wireshark shows that router and media player are communicating. No communication between NAS and media player. The NAS I’m using is a DS213. There is no 2nd LAN port but when NAS and media player are in the same subnet everything works fine. I actually tried that with my DS720+. One interface is in my default subnet (192.168.1.x) and the other in IoT. No connectivity through DLNA.
I needed to open my DS720+ Media Server package. From there in the General Settings tab you can assign which interface will have the ability to stream UPnP / DLNA . The default setting is LAN 1. In my case, my media devices and my NAS LAN 2 port were all on my IoT subnet. Changing my Network Interface setting from LAN 1 to LAN 2 enabled my BluRay, smart TV and other media devices to “see” my NAS. I also added separate firewall rules on my NAS for LAN 1 and LAN 2. LAN 1 has full access to the Management UI (aka DSM) and all services and LAN 2 was denied access to the Management UI and to the SSH port. This way there is no backdoor access to my primary network (on LAN 1) from my IoT network (LAN 2).
This is a fix for any Diskstation that has at least 2 LAN ports. If you have an older NAS with only one interface there is still no fix that I can find. If anyone has one please post it.
I plan to write up a procedure and post it here for others who experience the same problem. Migrating from a simple LAN setup under a single subnet (192.168.1.0/24), to a VLAN creates a whole host of unanticipated problems. Since my network has a Synology router and NAS, it should be applicable to most people in this forum. Right now my DiskStations are still on my primary (default) network. I plan to migrate them to their own subnet and then verify that my fix still works.
I will. I already have it setup on my DS720+ and I am in the process of installing and setting up a new DS923+. I will also set up DLNA/UPnP cross VLAN access for the DS923+. Let me first verify that it works the same before I write up.
Connect the LAN 2 interface port to the same VLAN as the media devices are on.
Set up the NAS firewall rules to create separate rules for your LAN 1 interface and your LAN 2 interface. Basically, LAN 1 is going to be the VLAN that you want to keep safe and will have all of the capabilities/permissions you want to protect. LAN 2 is you insecure VLAN and will only have permission to the NAS ports for audio, video, pictures; UPnP and DLNA access; everything else is denied. This step is the most complex. If you do it wrong you will lose access to things you now have access to. You will need to wait for the instructions. You can hold off on this step and still be functional but you will be vulnerable. (In the short term you should be OK.)
You re-route the DLNA/UPnP cability from LAN 1 (default) to LAN 2. That’s done from the Media Server package in the General Settings tab. Change Network Interface from LAN 1 to LAN 2.
To use your media ASAP skip step 2. Make sure that all of your media has been transferred and all media files have been indexed (Control Panel > Indexing Services). Make sure you set the indexing paths for your movie, music and audio folders. File indexing will not be completed as long as you have files still transferring to your video, music and photo folders. Indexing must be completed before your media devices can fnd your media. You need indexed files for your media devices to be able to read them from your NAS (at least my BluRay does). I think it’s a DLNA thing.
I forgot to mention. The default firewall settings (no rules) should be OK to use in the interim. But if you have any rules in any of the 3 firewall interface settings, namely, All interfaces, LAN 1, LAN 2 you might not get some or all three media types (video, audio, pictures) working. For example, if a Management UI- Deny rule appears in any of the 3 firewall interfaces, you will not get audio and pics. That’s because the 3 services share common ports. Denying for any one service denes for all service listed with it.
Steve, I posted my setup instructions. If you have media devices spread out over a few VLANS I don’t think at this time it will be possible to provide UPnP/DLNA service to all. I was told by Synology Support that the developers said there is no way to pass UPnP/DLNA to any VLAN you choose. It’s something about DLNA not being the same as other DSM services. DSM Media Server restricts choice to one interface or the other. Unfortunately it’s unlike internet access that is immediately available across all VLANS. If you look at the media server package you can only feed DLNA/UPnP through one of the two interfaces on your NAS. If I hear about a way to do it I’ll let you know. It might make more sense just to bundle your media devices into one VLAN. Cheers!
Hi All,
I have been continuing to “play” with my network setup now that I have VLANs set up and running. I have an IoT VLAN on which I have my TV’s in various rooms in the house. As I mentioned in an earlier post, now that I have VLANs and my NAS is on my Primary (trusted devices) VLAN I cannot get DLNA services to work between my IOT and Primary VLANs (i.e. the same problem as others are having).
I have however has some success! DLNA doesn’t work across different networks (i.e. VLANS) but Plex does. I have now got access to my NAS media from my IOT network devices. I installed the Plex server on the NAS. I also have all my “permanent” devices on the various VLANs using a fixed IP address (i use “address reservation” on the router to achieve this), with the NAS having a fixed IP address (192.168.50.x) and my TV also having a fixed IP address (192.168.10.x) I have added a rule in my router firewall to allow my TV to access the NAS on port 32400.
On the TV I also installed the Plex app (my TV is a Samsung), and I set up PLEX on the TV to point to a media library by giving it the IP address of my NAS.
It works because unlike DLNA, Plex allows you to specify the IP address for media sources, so all you need is a suitable rule in the Firewall and you’re away.
Of course this solution does not help in situations where the client device does not allow you to install Plex such as (in my case) “streaming amplifiers”. I have had to relucantly put those devices onto my Primary LAN (the same one as the NAS) for them to access music media using DLNA, but at least the TV’s are not on my trusted devices network.
If you are streaming media to a Samsung TV, there is yet another way to stream data from a DiskStation and the TV. Synology had released (several years ago) a Synology App on the Samsung AppStore that can be installed onto your Samsung TV or BluRay. This App allows one to connect to your NAS and stream movies from a DiskStation to a TV or BluRay player. These are the Pros and Cons
PROS
You can stream movies using older model Diskstations that are running DSM 6.2.4-25556 Update 7. Slightly older versions of DSM 6.2.4 will also work. I am streaming from a DS213 to my Samsung Smart TV across VLANs (Primary to IoT) without a problem.
No need to install Plex server or client.
CONS
You cannot stream audio or view photos with this app. Only video.
You are limited to only certain models of Samsung TVs.
