4. IGMPProxy spamming logs with "The source address 192.168.xxx.xxx for group 239.255.xxx.xxx, is not in any valid net for upstream VIF"

IGMPProxy spamming logs with "The source address 192.168.xxx.xxx for group 239.255.xxx.xxx, is not in any valid net for upstream VIF"

  • A

    Hi

    I have IGMPProxy running in order to provide IP TV.

    There's a significant number of messages in the log which take the form:

    "The source address 192.168.xxx.xxx for group 239.255.xxx.xxx, is not in any valid net for upstream VIF"

    The message (I think) is actually correct. The 192.168.xxx.xxx devices are not set top boxes but are other devices which are sending multicast traffic/requests to join a multicast group, which I don't want to be proxied out to the WAN. I've therefore only specified the specific multicast address ranges that the IPTV needs in the IGMPProxy setup. The group specified in the error messages are outside those ranges, which is why I think the message is actually right.

    I've tried creating a firewall rule to block IGMP traffic coming in over the LAN from anything other than the two set top boxes on the network, but I still get the message in the logs.

    I think the message is correct and is not indicative of a problem with the IPTV/IGMPProxy set up (the IPTV works ok) - is there any way to suppress the message please?

    Thanks.

    0
  • A

    Looking further at this, it appears that there is a later IGMPProxy version that suppresses this message. It appears to be in present in the forthcoming pfSense release - though if you're impatient you can install it manually from here: https://beta.pfsense.org/packages/pfSense_master_amd64-pfSense_devel/All/igmpproxy-0.2.1%2C1.txz

    The other thing that's present in this version is a new "whitelist" directive in the config file, which would enable the user to configure igmpproxy to ignore certain multicast groups altogether. I don't know if the whitelisting capability is being built into the GUI but if not it can be added manually using a suitable patch.

    In the meantime, you can also prevent igmpproxy from spamming the system logs by redirecting all it's output to stderr using the -d switch. This doesn't solve the underlying problem (you need the whitelisting function for that), but just hides the messages (indeed any message) from spamming the system log.

    0
  • P

    Hi,
    Do you know what the process is for installing this manually?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy