Igmpproxy does not work

aronese

Hello to all,
I split my network in some subnetworks, each separated by vlan: this network has been operating for years without problems.

At home I use Konnex (a standard for building automation) for which I have:

• the pc that runs the software (ETS) is on a network:  192.168.10.0/24

• the gateway IP / KNX is on another network:  192.168.50.0/24

the transmission between ETS and the gateway is multicast (224.0.23.12) then I have to enable IGMP proxy.
Unfortunately I could not get it to work.
(ETS and the gateway work well because if I put them on a single subnet they work well)

My network is structured as follows:

• WAN x.x.x.x

• MODEM 192.168.3.0/24

• LAN Backup 192.168.2.0/24    (not used)

• LAN DEFAULT 192.168.10.0/24

• LAN FAMIGLIA 192.168.20.0/24 (where there is ETS)

• CAM 192.168.40.0/24

• DOMOTICA 192.168.50.0/24 (where reside the Knx Gateway)

• MANAGEMENT 192.168.99.0/24

• WIFI ADMIN 192.168.210.0/24

• WIFI FAMIGLIA 192.168.220.0/24

• WIFI OSPITI 192.168.230.0/24

each subnet has a vlan:

192.168.10.0/24 Vlan_10
192.168.50.0/24 Vlan_50
and so on.

I configured  igmpproxy as suggested here on the forum, namely:

• igmpproxy upgrade to version 0.1 (not beta 2)

• edit /etc/inc/services.inc putting
  mwexec**_bg**("/usr/local/sbin/igmpproxy -v -v {$g['tmp_path']}/igmpproxy.conf");

igmpproxy service configured as:

LAN_DEFAULT  //  upstream  // 224.0.0.0/4
DOMOTICA  //  dowmstream  // 192.168.50.0/24

and I added the two rules:

LAN_DEFAULT
IPv4 UDP  pass any to destination 224.0.0.0/4

DOMOTICA
IPv4  pass IGMP to any, and activated the flag on “Advanced option → This allows packet IP option to pass.”

It should be all right, but not working.

The file /tmp/igmpproxy.conf is as follow:

##------------------------------------------------------
## Enable Quickleave mode (Sends Leave instantly)
##------------------------------------------------------
quickleave
phyint re1_vlan10 upstream ratelimit 0 threshold 1
altnet 224.0.0.0/4

phyint re1_vlan50 downstream ratelimit 0 threshold 1
altnet 192.168.50.0/24

phyint pppoe0 disabled
phyint re0 disabled
phyint re2 disabled
phyint re1_vlan20 disabled
phyint re1_vlan40 disabled
phyint re1_vlan99 disabled
phyint re1_vlan210 disabled
phyint re1_vlan220 disabled
phyint re1_vlan230 disabled

and it seems ok.

I tried to do a minimum of debugging and notice two strange things:

1. if I do the command "netstat -g4" I get the following output:

IPv4 Virtual Interface Table
 Vif   Thresh   Local-Address   Remote-Address    Pkts-In   Pkts-Out
  0         1   192.168.3.1                             0          0
  1         1   192.168.2.1                             0          0
  2         1   192.168.10.1                            0          0
  3         1   192.168.20.1                            0          0
  4         1   192.168.40.1                            0          0

IPv4 Multicast Forwarding Table
 Origin          Group             Packets In-Vif  Out-Vifs:Ttls
 192.168.10.101  239.255.255.250         0  65535   

Question: why I only see 5 virtual interfaces?
in particular I do not see Vlan_50 that is the one where ETS runs. To me it does not seem right ….

2. if I do the command "ifconfig | grep RUNNING" I get:

re0: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 1500
re1: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 1500
re2: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 1500
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
re1_vlan10: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 1500
re1_vlan20: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 1500
re1_vlan40: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 1500
re1_vlan50: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
re1_vlan99: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
re1_vlan210: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
re1_vlan220: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
re1_vlan230: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492</up,pointopoint,running,noarp,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,allmulti,simplex,multicast></up,broadcast,running,allmulti,simplex,multicast></up,broadcast,running,allmulti,simplex,multicast></up,loopback,running,multicast></up,broadcast,running,allmulti,simplex,multicast></up,broadcast,running,allmulti,simplex,multicast></up,broadcast,running,allmulti,simplex,multicast> 

MULTIALL appears on the first interface, but not from VLAN 50 (the same as before). Why?

Thank you in advance for your help!!
Andrea

EvilUnicorn

I'm trying something quite similar. Did you find a fix yet?

aronese

No sorry. :-\

I had other evidence, for example by removing the first VLAN. In doing so the vlan_50 had appeared as output of "netstat -g4" (not seen before). From there I had found on freebsd forum a post that talked about a known issue related to a maximum limit of virtual interfaces …. but then I gave up: I was losing too much time.

In the end I think it's the igmp proxy module to be quite buggy, maybe the developer should think of alternatives .....