Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to setup IGMP Proxy for VLANs.

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 1.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      miodzicho
      last edited by

      Hi all

      I'm trying to have working IGMP proxy on my pfsense. Idea behind is, I have Domoticz on LAN
      igb1 network, where I have addedd Xiaomi Gateway. Xiaomi Gateway is connected via AP, on vlan 10 and igb1.10.
      Xiaomi Gateway uses IGMP :

      21:47:28.514173 IP lumi-gateway-v3_miio63220096.local.domain.rwhois > 224.0.0.50.9898: UDP, length 136

      and abviously no communication between igb1 and igb1.10

      I do have created FW rules to allow IGMP on both interfaces, with Allow IP options.
      IGMP Proxy is configured like this (not sure if this all correct).

      [2.4.4-RELEASE][admin@router.local.domain]/root: cat /var/etc/igmpproxy.conf

##------------------------------------------------------
## Enable Quickleave mode (Sends Leave instantly)
##------------------------------------------------------
quickleave
phyint igb1 upstream ratelimit 0 threshold 1
altnet 10.36.90.0/23

phyint igb1.10 downstream ratelimit 0 threshold 1
altnet 192.168.50.0/24

phyint igb0 disabled
phyint igb2 disabled
phyint igb3 disabled
phyint igb1.20 disabled


      adding VIF, Ix 0 Fl 0x0 IP 0x015a240a igb1, Threshold: 1, Ratelimit: 0
adding VIF, Ix 1 Fl 0x0 IP 0x010a0a0a igb1, Threshold: 1, Ratelimit: 0
RECV Leave message      from 10.36.90.18     to 224.0.0.2
RECV V2 member report   from 10.36.90.18     to 224.0.0.50
Mebership report was received on the upstream interface. Ignoring.
RECV V2 member report   from 10.36.90.18     to 224.0.0.50
Mebership report was received on the upstream interface. Ignoring.
RECV V2 member report   from 10.36.90.18     to 224.0.0.50
Mebership report was received on the upstream interface. Ignoring.

      Domoticz is on 10.36.90.18 and I see IGMP Xiaomi Gateway talks is sent to 224.0.0.50

      Any help highly appreciated.

      2.4.4-RELEASE (amd64)
      built on Thu Sep 20 09:03:12 EDT 2018
      FreeBSD 11.2-RELEASE-p3
      QOTOM Q355G4 - i5 8G RAM 128G SSD

      1 Reply Last reply Reply Quote 0
      • stephenw10S Online
        stephenw10 Netgate Administrator
        last edited by

        You should probably update your signature. 😉
        2.0.1-RELEASE (i386)

        What exactly is supposed to happen here between those devices?

        Is anything logged on each of them?

        Steve

        1 Reply Last reply Reply Quote 1
        • M Offline
          miodzicho
          last edited by

          It is old signature, indeed. But seems I'm blind, I did not found where I can change it ...
          To be honest, not fully sure, I just found, and noticed they need to communicate with IGMP. Gateway acts as Zigbee gateway for Domoticz. And I want to have them separated on VLAN's.
          When I created bridge between igb1 and igb1.10 all works fine, I see in tcpdump IGMP packets being exchanged. But then, DHCP is being messed up, devices on iot network are receiving IP from LAN range instead of IoT range.

          2.4.4-RELEASE (amd64)
          built on Thu Sep 20 09:03:12 EDT 2018
          FreeBSD 11.2-RELEASE-p3
          QOTOM Q355G4 - i5 8G RAM 128G SSD

          1 Reply Last reply Reply Quote 0
          • stephenw10S Online
            stephenw10 Netgate Administrator
            last edited by

            Indeed you can't bridge those interfaces and keep them as separate subnets.

            Did you try switching the upstream and downstream interfaces? It's not clear to me which way round they should be.

            The other thing to do is to start the proxy in debug mode from the command line to check for any errors:
            igmpproxy -d -vv /var/etc/igmpproxy.conf

            Stop it from Status > Services in the GUI first.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.