Connect to Tablo across VLANs/Subnets - Not Remote

Ok - here is what I discovered when performing some Packet Captures via two different methods.

When accessing http://my.tablotv.com via a web browser, the following happens:

  • a DNS lookup to my.tablotv.com retrieves a list of some Public IP addresses (hosted in Cloudflare) which then provides the local IP address of the Tablo TV Tuner on the internal network via an HTTP refer.
  • Your Web browser then communicates directly to the local network IP address of your Tablo Tuner over TCP port 80

When accessing the TabloTuner via the Tablo App (iOS, Windows Store):

  • a DNS lookup to api.tablotv.com retrieves a list of some Public IP addresses (hosted in Cloudflare) which then provides the local IP address of the Tablo TV Tuner on the internal network via an HTTP refer.
  • Your Web browser then communicates directly to the local network IP address of your Tablo Tuner over TCP port 8887 (for Control/navigation throughout the Tablo App) and TCP port 80 for Video/Audio data streams.

After this research, it seems like the Tablo TV Tuner registers it’s “local network” address with Tablo Servers on the internet so when the Web Browser or Tablo APP queries my.tablotv.com or api.tablotv.com, a local IP addresses is returned to via HTTP refer to communicate to the client. I’m probably missing some details here - but if you need to firewall your TabloTV Tuner from the rest of your network, ensure you open from client (pc/app) to the TabloTV Tuner IP the following TCP ports: 80 and 8887.

Feedback/Thoughts?