Howdy. I have HAOS running in a Virtualbox VM on a computer on my private subnet (let’s call it the .150 subnet). All my IoT devices are on my .151 subnet. HA can see most of my IoT devices because I’m not currently isolating the subnets, but my vacuum is defying discovery because of UDP crossing the subnets. I’m sure there’s a way to configure the router to allow cross-subnet discovery, but it would just be better all around if HAOS was on the IoT subnet.
Is it possible to make HAOS think it’s on the .151 subnet, even though the host computer for the VM running HAOS is on the .150 subnet?
I’ve read briefly about Virtualbox’s networking features, but I not only know nothing about them, I don’t even know generally whether a VM can be configured to be on a different subnet than it’s host. I would think not, because when I do isolate the subnets, nothing that’s physically on the .151 subnet would be able to see the host computer on the .150 subnet to get to the VM that thinks it’s on the .151 subnet. But I’m guessing.
Also, HA has some network configs:
I changed these from .150 to .151 but simply lost connectivity to HA (thankfully, it’s super easy to restore from a VM snapshot!).
I’d appreciate any help.
If you’re not isolating the subnets, then you don’t really need separate subnets.
All I did was put my home on a /16 subnet and gave each room in the house 256 IPs (my old router turned AP wouldn’t allow me to have a non-standard subnet).
If you are isolating the subnets, then you need to set up your firewall to only allow your HA instance to access your private subnet. You might need to program in a static route as well, but your router might do that out of the box.
I intend to isolate the subnets once I figure out this issue.
I don’t understand static routes yet, but this sounds like a good way to go. I use pfsense.
With a static route and firewall rule you should be able to keep HA on your personal subnet, then.
Basically tell the IoT subnet how to get to the personal subnet, then have the firewall drop all traffic from the IoT subnet that isn’t going to the HA server (assuming you’re wanting to prevent the IoT devices from calling home). You might need to put in exceptions for devices that require a cloud account to work, though.
But don’t take my word for gospel, because it’s been a hit minute since I got my CCNP, and I don’t configure network hardware in my career (although I’m learning again since I’m switching to MikroTik network hardware).
I’m not super familiar with PF sense, but there should be guides out there.
Thanks for the explanation!
A left field suggestion, but you could move hass to the IoT subnet.
That way, you can block almost everything but the port for hass at the gateway.I’m planning to do that, but the host must stay on the private subnet so I’ll need new hardware. This is probabliest the easiest/best approach, but costliest. Thanks.
If the host is a hyper visor, and you trust your config, you could always put a second nic on the host, and patch that into hass’s environment.
Buy a second network card for the host
Have the second network card on the IOT subnet
Attach the second network card to Home Assistant
my vacuum is defying discovery because of UDP crossing the subnets.
This is likely more to do with broadcast addresses. The vacuum would be broadcasting it’s presence on its own subnet’s broadcast address (x.x.151.255), but homeassistant is only listening on it’s subnet broadcast address (x.x.150.255). As routers don’t usually let broadcasts cross subnets, I don’t think there’s a way for the host or VM to listen for them like this.
You could setup vlans and hopefully VirtualBox supports passing through vlans, so that homeassistant would have multiple interfaces. Or like other people have said, just increase the size of the home assistant subnet so that it’ll overlap with the IoT subnet and the broadcast address would be the same, but some devices might not like responding to a device that’s on a different subnet to them, without a router.
This sounds interesting. I’ve not considered the concept of overlapping subnets. I’ll look into that.
What router OS are you using?
Pfsense
I can’t see the image the other reply had but I installed the Avahi package on pfSense to get mDNS between networks. That worked for me (slightly different scenario, but similar to you)
Try setting up the . I’ve used this in the past to get Google home speaker groups to work across vlans.
The easiest way is to expand the netmask on your router so that it can see both. 255.255.250.0
This gives you a lot more space than you’re asking for but it works
You can also set up virtual box to use “host networking”, up to you.
This is interesting. Do you mean that I should configure the private subnet itself to also contain addresses in the iot subnet? What would that mean for “isolating” the subnets? Would it be possible for iot devices to not see private devices?
Also, can you please explain what virtualbox’s host network is? What does it do?
Thanks!
Yes, configure it to be one large subnet so that they can all talk to each other
That does wreck your isolation
Host networking would allow the VM to act as if it was another machine on your network and not a machine inside a host. Your physical network card would end up with 2IP addresses
If you want isolation, I would actually go more complex than this and I would give Home Assistant two separate virtual network cards, one which is on the IOT network and one that is not.  you will have to set up priority for them so that it understands which one it should use to go out to the Internet. I’m not actually sure how well Home Assistant handles two network cards, i’d have to look up the info, but it should be able to
If it can’t, you will have to put a reverse proxy in front of it with some fancy rules