Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense receive all multicast traffic

    Off-Topic & Non-Support Discussion
    2
    7
    523
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GaraQuor last edited by GaraQuor

      Hello,
      We use 2 pfsenses as firewall/dhcp/igmp-querier in HA (carp) on a pretty large network (+-500 devices) with a lot of local multicast traffic.
      We only have layer2 switchs with igmp snooping enabled and everything looks fine.

      But when we go in the Traffic Graph, we see that the pfsense receive ALL the multicast traffic, when we test on a pc connected to any switch in the network (with wireshark, promisc mode) we only receive data from joined multicast groups.

      Someone would have an idea of what's going on ?

      Thanks :)

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by johnpoz

        Not sure what that has to do with pfsense.. Block the multicast traffic at your switch if you don't want pfsense interfaces to see it. Not like pfsense is going to be joining multicast groups.

        igmp-querier

        So your running igmp proxy?

        Why would you not do that on your switch?

        1 Reply Last reply Reply Quote 0
        • G
          GaraQuor last edited by

          Hello,
          We not use igmp proxy (We only have multicast on the same lan), we use a igmp-querier (which send global member queries).
          But yes we can try run a querier on a layer 3 switch :) (We will test tomorrow)

          And carp use multicast no ? So pfsense is ACTUALLY joining multicast group :/ but effectively not 239.x.x.x.x multicast group. (Or it use a special 'trick' ?)

          We just do not know why this happens and why that multicast groups only seem to arrive on the pfsense, not on the other 500 computers in the network.

          If we don't find why we can effectively block multicast group in switch but that not a 'real' solution...
          And we have already try to "block unknown multicast address" but has no effect

          johnpoz 1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator @GaraQuor last edited by

            @GaraQuor said in Pfsense receive all multicast traffic:

            we use a igmp-querier (which send global member queries).

            And where exactly are you doing that in pfsense?

            1 Reply Last reply Reply Quote 0
            • G
              GaraQuor last edited by GaraQuor

              Hello,
              We use a hand made querier.

              After a lot of test, whoever sends the igmp query packets receive all the local multicast traffic.
              I do not know if this is a problem of the igmp snooping implementation in the L2 switches we use (netgear prosafe plus) or if it's a normal behavior...

              So we put the querier on a L3 switch in the center of the network, this is not a great solution but it's better than nothing.
              Thanks for the help 😉

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                @GaraQuor said in Pfsense receive all multicast traffic:

                We use a hand made querier.

                So don't you think that should of been mentioned in your OP... Guess your hand made queirer isn't working..

                1 Reply Last reply Reply Quote 0
                • G
                  GaraQuor last edited by GaraQuor

                  The hand made querier work perfectly.
                  We have the same comportment and the same result with the querier implemented in the L3 switch: All the multicast traffic is sended to the querier (so the implementation written by netgear for his own switches).

                  When I created the topic I did not know that.

                  It's been years since we've been working like this before going to a pfsense firewall and pointing that out, our previous firewall did not have such advanced statistics. So I never thought that the problem could come from the querier himself.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense Plus
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy