DLNA over Subnets, IGMP Proxy, Multicast Routing
-
Hi,
I have a small home network with PFSENSE as firewall/router, running very well (including SQUID).
But I have a problem with devices in different VLANs/subnets using DLNA. I have 3 Panasonic SmartTVs in my VLANMEDIA (192.168.60.1/24) . Each TV can act as DLNA Server and as Client. I have my main PC in VLANDATA (192.168.40.1/24). Through Win7 Media server this PC is also acting as DLNA server and client.
No Media/DLNA Server/Client in one subnet can see any device in the other subnet. All Firewall rules are, for test purposes, "allow any" with IP options enabled. In the logs I see that the firewall is not blocking anything.
I searched the forum and googled long hours, but did not find a solution. Some say DLNA over subnets is not possible at all. Other tried the IGMP proxy or even UPnP / NAT PMP. But I could not find any success stories.
I tried the IGMP Proxy service, but cannot start it at all in most times. I get a "There must be at least 2 Vif's where one is upstream." message when I tried to use any VLAN interface as upstream interface and any selection of VLANs as downstream interface. Also WAN (PPPOE sitting on igb0) cannot be used for "upstream". The only interface that worked as "upstream" was one that I used to access my DSL router that is running in bridge mode and acting basically as modem. For this I used an Outbound NAT configuration. DLNA does also not work. And this has no meaning for my setup.
I read about bugs in the IGMP proxy and problems with VLANS.
Now I am at a complete loss . . .
Maybe somebody can help me.
Does DLNA work over subnets (via routing) (maybe with specific setups)? How?
Does the IGMP proxy work with VLANs?
How to setup the IGMP proxy?Any help appreciated. Thank you
Armin
P.S. To enjoy the DLNA services at all, I set up 2 VLANs on my PC (VLANMEDIA and VLANDATA on one NIC) and connected it via a TRUNK port to my switch. I created static routes (Windows 7, "route"-command) for each subnet to use the intended IF. Everything works fine. Every Device can see the other. But this is not my intented solution. I would like to have PFSENSE do the routing.
Current Setup:
-
IGMP proxy is broken
It will work only on pfsense 2.4I'm, temporaly, using the following work around: a bridge on pfsense with transparent firewall rules between bridge members. Being on same L2, dlna works flawless.
But I will be more happy with a working igmp proxy and L3 separation, since a transparent firewall is more difficult to handle. And the bridge is causing issues on the ubiquit stamanager.
-
I am still a newbie but other experienced users on the forum suggested to use L3 switch (e.g. Cisco SG300 series).
If your budget allows it, might be another venue to consider.
I didn't know IGMP Proxy is broken ! :-\ ??? ::) :P I would have assumed if something is broken, it would be fixed in the minor versions release, therefore if you run the latest version it should be fixed.
I am running 2.3.4-RELEASE (amd64), built on Wed May 03 15:13:29 CDT 2017.
-
I am still a newbie but other experienced users on the forum suggested to use L3 switch (e.g. Cisco SG300 series).
If your budget allows it, might be another venue to consider.
I didn't know IGMP Proxy is broken ! :-\ ??? ::) :P I would have assumed if something is broken, it would be fixed in the minor versions release, therefore if you run the latest version it should be fixed.
I am running 2.3.4-RELEASE (amd64), built on Wed May 03 15:13:29 CDT 2017.
If it was me then what I recommended is using L3 mode if you buy a SG300 switch. A layer 3 switch may be more complicated than most people can handle. If you want the features then there is nothing better in my mind.
-
If it was me then what I recommended is using L3 mode if you buy a SG300 switch. A layer 3 switch may be more complicated than most people can handle. If you want the features then there is nothing better in my mind.
Maybe i'we misunderstood the meaning of having the units on different subnets (as in firewalling between these subnets).
But as soon as someone mentions L3 switches in the same sentence as firewalling i get the "chills".
Connecting all those nets/vlans w. a L3 switch would cake care of the routing , but would also prevent the data to hit the fw interfaces. And effectivly disable any firewalling between the routed vlans./Bingo
-
On the low end L3 switches you are going to have to live with ACL between VLANs for controlling access to the different VLANs. You will not have the firewall granularity as using a firewall on these smaller layer 3 switches as say pfsense. But pfsense will not have the speed in which a small layer 3 switch can pass VLAN traffic either. So it is just a choice as to where you route your layer 3 traffic pfsense or L3 switch. I like separation of duties it seems simpler to me. I also use separate wireless, I don't like it all together.
-
In past IGMP proxy was enough and I worked to have DLNA device in different subnets working.
Now it was from some update that it stopped to work, I hoped that with new release 2.4 everything would be ok.
Unfortunately I update my pfsense to 2.4 but didn't have good news.
In the log those messages are present:
igmpproxy 54874 MRT_DEL_MFC; Errno(49): Can't assign requested address
igmpproxy 54874 The source address 192.168.XXX.YYY for group 239.255.255.250, is not in any valid net for upstream VIF.The player is my pc that is in another subnet different from 192.168.XXX.YYY that I configured in past as upstream in IGMP proxy and it worked at that time.
If I bridge the two card, everything is working because how multicast work.
Someone have more lucky or hope for some miracles?
Thank you -
I just updated to latest 2.4 hoping to use the brand new IGMP proxy.
But unlukly I'm facing the same problems.
Same errors of m4rv1n.
I read that in the past was possible to use IGMP proxy.
Is there any chance to get it working again?
