Chromecast audio/video between VLANs



  • I've seen a few posts on this, but nobody covers it all - and most just tell you to put in blanket "allow everything" rules as a copout.

    Step 1 - turn on Avahi. This is greatly simplified on the latest builds of PFsense - once installed you should just need:
    Check the enable box
    Select the interfaces you WANT broadcast traffic enabled on (on older versions you selected the excluded interfaces)
    Check the box for "enable reflection"

    that should be it for Avahi.

    Step 2 - if you're like me and you've got a lot of devices, I STRONGLY suggest creating an alias for them:
    Firewall >> Aliases
    Name: whatever you want
    Description: whatever you want
    Type: hosts

    Next put in the IP addresses of all your chromecast devices - if you haven't already you REALLY need to do static DHCP for all of them or it will be a nightmare.

    Step 3:
    Once this is done it's time for the firewall rules.
    Go to the VLAN where you source hosts will be (not the VLAN where the chromecasts will be).
    You'll need at least 5 rules.

    Rule 1:
    Action: Pass
    Interface: Host VLAN
    Address Family: IPv6
    Protocol: UDP
    Source: Any
    Destination: single host or alias | ff02::fb | port 5353

    Rule 2:
    Action: Pass
    Interface: Host VLAN
    Address Family: IPv6
    Protocol: UDP
    Source: Any
    Destination: single host or alias | ff02::fb | port 1900

    Rule 3:
    Action: Pass
    Interface: Host VLAN
    Address Family: IPv4
    Protocol: UDP
    Source: Any
    Destination: single host or alias | 224.0.0.251 | port 5353

    Rule 4:
    Action: Pass
    Interface: Host VLAN
    Address Family: IPv4
    Protocol: UDP
    Source: Any
    Destination: single host or alias | 224.0.0.251 | port 1900

    Rule 5:
    Action: Pass
    Interface: Host VLAN
    Address Family: IPv4
    Protocol: TCP
    Source: Any
    Destination: single host or Alias | Chromecast Alias you created earlier | Port 8008-8009

    Now, depending on how strict you want to be, you can set up Rule 5 to be restricted to only certain IPs on your Host VLAN vs. "any".

    That should be it - you should be good to g.

    This was directly from google as far as what ports chromecast uses:

    Which ports does Chromecast use when connecting to external services?

    HTTP:  TCP/80
    HTTPS:  TCP/443
    DNS:  UDP/53
    SNTP:  UDP/123
    

    Which ports are used by Chromecast to communicate with computer/phone/tablet in the same network?

    SSDP:  UDP/1900/multicast
    mDNS:  UDP/5353/multicast
    TCP/8008
    TCP/8009

Log in to reply