4. IGMPProxy spamming logs with "The source address 192.168.xxx.xxx for group 239.255.xxx.xxx, is not in any valid net for upstream VIF"

IGMPProxy spamming logs with "The source address 192.168.xxx.xxx for group 239.255.xxx.xxx, is not in any valid net for upstream VIF"

  • A

    Hi

    I have IGMPProxy running in order to provide IP TV.

    There's a significant number of messages in the log which take the form:

    "The source address 192.168.xxx.xxx for group 239.255.xxx.xxx, is not in any valid net for upstream VIF"

    The message (I think) is actually correct. The 192.168.xxx.xxx devices are not set top boxes but are other devices which are sending multicast traffic/requests to join a multicast group, which I don't want to be proxied out to the WAN. I've therefore only specified the specific multicast address ranges that the IPTV needs in the IGMPProxy setup. The group specified in the error messages are outside those ranges, which is why I think the message is actually right.

    I've tried creating a firewall rule to block IGMP traffic coming in over the LAN from anything other than the two set top boxes on the network, but I still get the message in the logs.

    I think the message is correct and is not indicative of a problem with the IPTV/IGMPProxy set up (the IPTV works ok) - is there any way to suppress the message please?

    Thanks.

    0
  • A

    Looking further at this, it appears that there is a later IGMPProxy version that suppresses this message. It appears to be in present in the forthcoming pfSense release - though if you're impatient you can install it manually from here: https://beta.pfsense.org/packages/pfSense_master_amd64-pfSense_devel/All/igmpproxy-0.2.1%2C1.txz

    The other thing that's present in this version is a new "whitelist" directive in the config file, which would enable the user to configure igmpproxy to ignore certain multicast groups altogether. I don't know if the whitelisting capability is being built into the GUI but if not it can be added manually using a suitable patch.

    In the meantime, you can also prevent igmpproxy from spamming the system logs by redirecting all it's output to stderr using the -d switch. This doesn't solve the underlying problem (you need the whitelisting function for that), but just hides the messages (indeed any message) from spamming the system log.

    0
  • P

    Hi,
    Do you know what the process is for installing this manually?

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy