Chromecast audio/video between VLANs

tcsac

***Quick update - as mentioned below you now also need 8443, Google added that at some point and has basically nuked all documentation on the internet about port usage.

I've seen a few posts on this, but nobody covers it all - and most just tell you to put in blanket "allow everything" rules as a copout.

Step 1 - turn on Avahi. This is greatly simplified on the latest builds of PFsense - once installed you should just need:
Check the enable box
Select the interfaces you WANT broadcast traffic enabled on (on older versions you selected the excluded interfaces)
Check the box for "enable reflection"

that should be it for Avahi.

Step 2 - if you're like me and you've got a lot of devices, I STRONGLY suggest creating an alias for them:
Firewall >> Aliases
Name: whatever you want
Description: whatever you want
Type: hosts

Next put in the IP addresses of all your chromecast devices - if you haven't already you REALLY need to do static DHCP for all of them or it will be a nightmare.

Step 3:
Once this is done it's time for the firewall rules.
Go to the VLAN where you source hosts will be (not the VLAN where the chromecasts will be).
You'll need at least 5 rules.

Rule 1:
Action: Pass
Interface: Host VLAN
Address Family: IPv6
Protocol: UDP
Source: Any
Destination: single host or alias | ff02::fb | port 5353

Rule 2:
Action: Pass
Interface: Host VLAN
Address Family: IPv6
Protocol: UDP
Source: Any
Destination: single host or alias | ff02::fb | port 1900

Rule 3:
Action: Pass
Interface: Host VLAN
Address Family: IPv4
Protocol: UDP
Source: Any
Destination: single host or alias | 224.0.0.251 | port 5353

Rule 4:
Action: Pass
Interface: Host VLAN
Address Family: IPv4
Protocol: UDP
Source: Any
Destination: single host or alias | 224.0.0.251 | port 1900

Rule 5:
Action: Pass
Interface: Host VLAN
Address Family: IPv4
Protocol: TCP
Source: Any
Destination: single host or Alias | Chromecast Alias you created earlier | Port 8008-8009, 8443

Now, depending on how strict you want to be, you can set up Rule 5 to be restricted to only certain IPs on your Host VLAN vs. "any".

That should be it - you should be good to g.

This was directly from google as far as what ports chromecast uses:

Which ports does Chromecast use when connecting to external services?

HTTP:  TCP/80
HTTPS:  TCP/443
DNS:  UDP/53
SNTP:  UDP/123

Which ports are used by Chromecast to communicate with computer/phone/tablet in the same network?

SSDP:  UDP/1900/multicast
mDNS:  UDP/5353/multicast
TCP/8008
TCP/8009

Toube

Thanks for this.
I just got my Vlans for the iot network up and running.. for me it was enough to install avahi and enable it on the selected interfaces.

Now I can simply be logged on the LAN wifi and still be able to cast my 2 chromecast even if they are on different vlan / ip-space.

burntoc

@tcsac @Toube Do Google Home groups get populated across VLANS for you this way? I am able to cast to specific devices, but I can't see speaker groups unless I join the VLAN they're on.

burntoc

FYI to anyone still coming across this topic. I was able to solve my issue. Some of the details are found in feature request I opened once I realized the package fixed my issues:

https://redmine.pfsense.org/issues/10818

tman222

@burntoc said in Chromecast audio/video between VLANs:

FYI to anyone still coming across this topic. I was able to solve my issue. Some of the details are found in feature request I opened once I realized the package fixed my issues:

https://redmine.pfsense.org/issues/10818

Hi @burntoc - I think adding a package is a great idea. Do you mind sharing some more details on how you are currently running UDP broadcast relaying manually? I'm interested in experimenting with this as well. Thanks in advance.

EDIT: I found your other thread here and followed instructions there - works great!

https://forum.netgate.com/topic/155698/how-can-i-get-this-udp-relay-package-for-casting-across-vlans

nedyah700

This was very helpful! I had to add Port 8443 to Rule 5. Using a new Nest Hub and that port was preventing communication.

incognito

I can not get this working with a chromecast gen. 2

I have chromecast on a IOT VLAN.
In Avahi I have picked "allow" mode and picked the IoT VLAN and the regular LAN where my source phone is at.
Then clicked the repeat tickbox and set up my pfsense domain and hostname settings.

Then I have followed the rest of the instructions for firewall rules.

I still can not find the chromecast when trying to cast from my phone.. Any advice or anything?

incognito

@incognito said in Chromecast audio/video between VLANs:

I can not get this working with a chromecast gen. 2

I have chromecast on a IOT VLAN.
In Avahi I have picked "allow" mode and picked the IoT VLAN and the regular LAN where my source phone is at.
Then clicked the repeat tickbox and set up my pfsense domain and hostname settings.

Then I have followed the rest of the instructions for firewall rules.

I still can not find the chromecast when trying to cast from my phone.. Any advice or anything?

EDIT:
Actually it did work.. Seems like it took some time to get working. Maybe was a cache thing..