Apple TV Across Networks
How to make Apple TV work across network boundaries using iptables and mdns-repeater.
The Apple TV exists in somewhat of a gray area in a home network. It is both a media player which you might screencast to and a hub for HomeKit IoT devices. If you happen to segment those two networks for security reasons, where do you put the Apple TV? It has to be able to directly reach all the IoT devices but user devices should still be able to stream to it.
Typically these two networks are distinct subnets like 10.0.1.0/24 and 10.0.2.0/24. Let’s say 10.0.1.0/24 is the privileged “user” network with devices that want to stream content to an Apple TV but with an interest in not being exposed to the security issues coming from the10.0.2.0/24 unprivileged IoT network. Conversely, the Apple TV will need direct addressability to the myriad IoT devices in the 10.0.2.1/24 unprivileged network so you also want to put it there.
One answer to this conundrum is to put the Apple TV in a DMZ and then poke the necessary holes for the IoT and user networks. But if you are doing that, then the Apple TV is local to no network that uses it and your DMZ is Swiss cheese. So to simplify things, we could put the Apple TV directly on one of the two existing networks where port forwards are kept to a minimum.
