From 9002edcf9a9e5776ed1efb26a816503947086314 Mon Sep 17 00:00:00 2001 From: kavren Date: Sun, 28 Dec 2025 21:53:40 -0500 Subject: [PATCH] add: Guest VLAN access to Jellyfin and Jellyseerr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added OPNsense firewall rules allowing Guest VLAN (10.4.30.0/24) to access media services: - Jellyseerr: 10.4.2.25 - Jellyfin: 10.4.2.26 đŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- docs/CHANGELOG.md | 4 ++++ docs/DECISIONS.md | 1 + 2 files changed, 5 insertions(+) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index f1f9e16..e1d93b1 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -4,6 +4,10 @@ ## 2025-12-28 +### Guest VLAN Media Access +- Added firewall rules allowing Guest VLAN to access Jellyseerr (10.4.2.25) and Jellyfin (10.4.2.26) +- Rules inserted before "Block Guest to LAN" to allow media streaming for guests + ### Guest VLAN Internet Fix - Fixed Guest VLAN (10.4.30.0/24) having no internet access - Root cause: OPNsense DHCP and firewall rules referenced non-existent 10.4.2.129 for DNS diff --git a/docs/DECISIONS.md b/docs/DECISIONS.md index 760400f..b0c8a66 100644 --- a/docs/DECISIONS.md +++ b/docs/DECISIONS.md @@ -117,6 +117,7 @@ All DHCP served by OPNsense: | Rule | Source | Destination | Action | |------|--------|-------------|--------| | Allow DNS | IoT/Guest | 10.4.2.11:53 | Pass | +| Allow Guest→Media | 10.4.30.0/24 | 10.4.2.25, 10.4.2.26 | Pass | | Block IoT→LAN | 10.4.20.0/24 | 10.4.2.0/24 | Block | | Block Guest→LAN | 10.4.30.0/24 | 10.4.2.0/24 | Block | | Block Guest→IoT | 10.4.30.0/24 | 10.4.20.0/24 | Block |