6100 with 22.05 blocking IGMP
-
Have a look:
Multicast ExplainedIf you want to use Multicast, you have to setup your Network right, use a Querier.
-
@nocling I don't want to use multicast over different interfaces. That's not my point. I'm confused about the logging of that.
-
Default Rule and default logging is all.
You can use a Rule to block this and disable logging. -
Except that isn't the default IPv4 block rule. And what is shown would not be blocked by the referenced IPv6 rule.
Check the current ruleset in /tmp/rules.debug. Make sure it shows that rule identifier against that rule. As I said the most likely thing is that the ruleset was updated since the logs was made.
Is it still showing that rule against current multicast blocks?Steve
-
@stephenw10 Did a workaround by deleting the DMZ interface and added a block rule (not logging) on all the other interfaces.
rules.debug is showing this for that action:
antispoof log for $4_LAN ridentifier 10000025204_LAN is the parent interface for the VLAN's.
-
Ah, the anti-spoof rule makes more sense there. It's blocking traffic from 4_LAN subnet coming in on a different interface. It looks like the switch is doing something with the multicast traffic it probably shouldn't be doing.
-
@stephenw10 But that must be new. Well I think I have to check Ubiquiti forums. Thanks!
-
This post is deleted! -
Might IGMP spoofing the cause for this? Did disable it and logs are gone.
-
Quite possibly, yes.
-
@stephenw10 Was thinking about if the reassigning of the interfaces via editing the config file was a problem. Is there a possibility that firewall rules don't match with the interface names? (igb0 / ix1)
-
No. The rules reference the internal names in the config (wan, lan, opt1, opt2 etc) so if you reassign opt2 from igb0 to ix1 the rules will follow it.
Steve
