DLNA, IGMP Proxy, VLANs, Subnets... Oh, dear...
-
Well it looks to be working at least some-what as expected.
Do those IPs on the downstream interfaces look correct? 25.240, 30.4, 25.205?
I assume pfSense is using .254 on each interface?
What I don't see there is any traffic from 20.252 but this is not something I look into very often.
Do you see any blocked traffic on vlan 20?
Steve
-
@stephenw10 Thanks for the response.
- Downstream interfaces are correct.
- Nodes are corrects (trusted wired (LG TV) and trusted wireless (Roku) clients - although another one is an HP OfficeJet Pro )
- Not actually seeing MediaHouse (Android, TrustedWiFi) or VLC (Ubuntu, VLC Player) clients, though
- Interface gateways are correct
- Not seeing any blocked traffic on VLAN 20 for the media server (20.252) (all accepted)
May 25 21:20:44 SERVERS20 192.168.20.252:41914 239.255.255.250:1900 UDP May 25 21:20:44 SERVERS20 192.168.20.252:1900 239.255.255.250:1900 UDP May 25 21:20:22 SERVERS20 192.168.20.252:137 192.168.20.255:137 UDP May 25 21:19:44 SERVERS20 192.168.20.252:41914 239.255.255.250:1900 UDP
-
That's what you see blocked on vlan 20?
I'd try doing a packet capture on vlan 20. Check what igmp traffic is there in either direction.
Steve
-
@stephenw10 I am seeing these as being accepted (green check mark); not blocked...
-
Hmm, OK. Check igmp traffic in a packet capture on vlan 20 then.
Or at least check igmp states on vlan 20.
Steve
-
@stephenw10 Hi Steve - Now I am really getting out of my depth (jack of all trades... master of none ).
I did a promiscuous packet capture on VLAN 20 searching only for the media server (20.252) and over the course of about 5 minutes I only saw 4 multicast announcement from the media server. They were Apple Airplay. -
I also increased the TTL on each of the IGMP interfaces to 4. I did not see any change.
-
Here's the relevant (I think) part of the capture:
-
Rather than filter by the server IP I would leave that empty and filter by protocol 'igmp'. We want to be sure the proxy is sending something at least when clients on the downstream side try to find services.
Steve
-
@stephenw10 Thanks - here is the VLAN 20 IGMP filter:
-
Hmm, yeah this is outside what I usually do too.
Was there a client on one of the downstream interfaces trying to connect whilst that was happening?
You might have to use pimd instead. Plenty of others have tried and failed to make this work it seems:
https://forum.netgate.com/post/814716Steve
-
@stephenw10 Hi Steve - two clients on VLAN 25 and 2 on VLAN 30. None of them can find the media server. I tried pimd before (no luck) but I think that you are right - pimd may be a solution.
I wonder if the issue with IGMP proxy being broken since 2.4...
-
And...
pimd works!
Now, all we need is a proper pfSense pimd package an interface.A reminder to anyone else using this:
- you need to back your pimd.conf file up as any updates will removed pimd and the configuration.
- you will need to manually configuration pimd.conf and select your interfaces/VLANs appropriately. (obvious but worth stating )
- make sure you disable IGMP Proxy - they cannot co-exist.
And a big thank you for everyone's input. GREAT FORUM!
-
Nice! What config did it require?
I doubt it be that difficult. Probably time to open a feature request if it does not already exist: https://redmine.pfsense.orgSteve
-
@stephenw10 Not much of a configuration:
# phyint igb0 disable - commented out as not configured phyint igb1 disable phyint igb2 disable phyint igb3 disable # phyint igb4 disable - commented out as not configured phyint igb5 disable phyint igb3.30 enable phyint igb3.100 disable phyint igb3.25 enable phyint igb3.20 enable phyint igb3.201 disable phyint ovpns1 disable phyint ovpns2 disable # bsr-candidate igb3.20 bsr-candidate priority 5 rp-candidate time 30 priority 20 group-prefix 224.0.0.0 masklen 4 spt-threshold packets 0 interval 100
I likely will have to manually restart pimd restart (not a big deal since the firewall won't be restarting often).
-
You can start it at boot with a shellcmd easily enough:
https://docs.netgate.com/pfsense/en/latest/development/executing-commands-at-boot-time.htmlYeah a gui page to select interfaces and set those options should not be hard. All the code exists in other packages.
Steve
-
@stephenw10 Added pimd be added to redmine.