Full form submission
What’s happening?
I need help with something else
How can we help?
How do I ...?
Port Filtering
Hi folks. I am currently in the process of setting up VLAN’s for my network and I am trying to find out what ports Roon needs in order to communicate with devices on my network but only allow access to the Roon apps installed on my Windows computers and Synology NAS. This is for internal use and not ARC, which I already have configured. Essentially I am looking to cordon off my dedicated Roon NUC from other VLAN’s with port filtering since the NUC does have an externally exposed port to the internet.
I have checked Roon knowledge base and tried searching the forums but cannot find out what specific ports Roon needs to be open to communicate with my Synology and computers. VLAN is already setup and working but all ports are currently open. I know this is advanced network stuff, but not being able to find what ports are needed to be open is frustrating.
Thanks!
I would say TCP ports 445 since the NAS mounts as a smb share.
Roon doesn’t support crossing VLANs / broadcast domains. It’s not as easy as routing some packets. Search multiple vlans in the community. It can work but its well into tinkering.
Thanks! That’s exactly where I got and gave up. No worries as I have it cordoned off from other services on the main LAN so if the Roon NUC got attacked from external port, it can’t traverse and infect other devices. Just wasn’t sure if I was missing something.
It seems Roon will work on a VLAN as long as all the other devices are also on that VLAN. That’s good enough for me.
At that point it’s not a VLAN as none of the frames are tagged. It’s just an ethernet segment / broadcast domain as far as all the “access” devices are concerned. By default / definition every unconfigured switch is set to all ports Access mode in VLAN 1 
But, yes, you got it. Glad you didn’t spend too much time on it. I spent way to much time on it only to realize I was exposing my “protected” segments far too much to make it work. Locked it all back down, put all the Roon stuff on 1 segment, and am happy.
You are right, it’s an untagged Ethernet segment, which is good enough for me,That’s I really needed anyways was some protected segments to separate iSCSI and backup traffic from rest of the network along with an IoT segment. The whole digging down in the deep with VLAN’s was bonus and for a home lab, I don’t need it.
Thanks for your help ipeverywhere!
2 Likes
Moved to tinkering as this is beyond the scope of support.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.