Connect to Tablo across VLANs/Subnets - Not Remote

Hello,

I have my home network separated into multiple VLANs/subnets. For example, 192.168.1.0/24 for laptops, 192.168.2.0/24 for media devices (e.g. TVs, Roku, Tablo), and 192.168.3.0/24 for guest network access.

Let’s say I want to watch the Tablo (in VLAN2) from my laptop (in VLAN1). What ports would need to be opened between VLANs/subnets to enable this?

Would I need to set up port forwarding on the same ports that I would for remote access, except across VLANs instead of through the router? Or would the ports be different when connecting as if it is on the same subnet/local network?

I am not trying to set up remote access from the Internet.

Being new to Tablo, I don’t know how different remote access is from local access - other than the obvious part of going through a router of course.

Thanks!

1 Like

if I’m not mistaken, Tablo client does a broadcast on it’s subnet and listens for responses…so, if you can configure broadcasts across subnets, you should be good to go.

Implement inter-VLAN routing to allow VLAN1 nodes to communicate with VLAN2 nodes. There are a few methods to employ the configuration depending upon hardware capabilities.

Thank you both for the suggestions, but I was hoping for a more precise solution.

Traffic between VLANs is blocked intentionally. I can open specific ports and protocols for specific IPs between VLANs, which is what I was hoping to do.

Or less technical not-as-easy-as-it-sounds, or what you want… When using you laptop to watch media on your tablo… laptop becomes “media device” and connects to VLAN2 …along with other media devices.

Thank you for the suggestion, that would be easier. The issue is that it also breaks that intentional separation.

I know some may say this is being paranoid…

You could forward broadcasts from the Tablo’s IP address (only) to VLAN 1. That’s pretty specific. There are protocols for device discovery, and if you break those, well, you got what you wanted.

Thanks, that sounds promising. So does the broadcast come from the Tablo device or the client looking for the device?

What protocol do I need to look at?

Darned if I know. Wouldn’t be hard to put a sniffer on the LAN and see what’s coming out of the Tablo. Or out of the streaming box when you start up the Tablo app.

From the client looking for the Tablo

Try poking holes like:
Src: VLAN1.client:any Dst: VLAN2.tablo:80 Proto: TCP
Src: VLAN1.client:any Dst: VLAN2.tablo:8887 Proto: TCP
Src: VLAN2.tablo:80 Dst: VLAN1.client:any Proto: TCP
Src: VLAN2.tablo:8887 Dst: VLAN1.client:any Proto: TCP

This may depend on a lot more questions. Do you intend to watch tablo on all swiches? If so, you may have want to put Tablo on the default VLAN for all switches, VLAN 1. If not, then you may have to link the Tablo VLAN to the other required VLAN(s), at the router level. If Tablo is on VLAN 2, you may also have to link it to your public port to stream outside the network. If, however, you want to stream Tablo only back to other ports of the same switch it is connected to, then you only have to allow both VLANs on the required ports. This is a complex question with many possible answers. This depends on the network setup, routers, switches, etc, and the specific flow of data required, all the way down to the swithports; the devices connected to those ports, and the setup that those devices must have to correctly interact with the VLANs.

We would love to understand the network protocols utilized between the APP and the TabloTV tuner appliance. Is is using a multicast protocol similar to Apple AirPlay/Bonjour? Or is there a list of tcp/udp ports that that we can forward so we can use this between a Firewall? This is important especially for newer networks where segmentation is a must.

Ok - here is what I discovered when performing some Packet Captures via two different methods.

When accessing http://my.tablotv.com via a web browser, the following happens:

  • a DNS lookup to my.tablotv.com retrieves a list of some Public IP addresses (hosted in Cloudflare) which then provides the local IP address of the Tablo TV Tuner on the internal network via an HTTP refer.
  • Your Web browser then communicates directly to the local network IP address of your Tablo Tuner over TCP port 80

When accessing the TabloTuner via the Tablo App (iOS, Windows Store):

  • a DNS lookup to api.tablotv.com retrieves a list of some Public IP addresses (hosted in Cloudflare) which then provides the local IP address of the Tablo TV Tuner on the internal network via an HTTP refer.
  • Your Web browser then communicates directly to the local network IP address of your Tablo Tuner over TCP port 8887 (for Control/navigation throughout the Tablo App) and TCP port 80 for Video/Audio data streams.

After this research, it seems like the Tablo TV Tuner registers it’s “local network” address with Tablo Servers on the internet so when the Web Browser or Tablo APP queries my.tablotv.com or api.tablotv.com, a local IP addresses is returned to via HTTP refer to communicate to the client. I’m probably missing some details here - but if you need to firewall your TabloTV Tuner from the rest of your network, ensure you open from client (pc/app) to the TabloTV Tuner IP the following TCP ports: 80 and 8887.

Feedback/Thoughts?

There’s more out there, and on Tablo Community forums, try the :mag: in the upper left.

I believe the browser, too uses https://api.tablotv.com/assocserver/getipinfo/ as a network discovery method as well. From what I’ve seen it returns a JSON response not really header data.