IGMP Proxy vs PIMD package use case
-
TL;DR: Question at end.
Hello all, new pfSense and SG-1100 user here. I'm currently looking at employing pfSense between a small (single /24 subnet) isolated network of test development machines (LAN side) and another similar-sized network of semi-trusted but not accredited/approved vendor or subcontractor machines (WAN side) for the purpose of software integration testing.
Due to the nature of the software in use, there is a lot of streaming data using multicast (with senders on both the LAN and WAN side). I'm currently researching the best method to allow this bi-directional multicast traffic as necessary.
I was very interested when I stumbled upon the IGMP Proxy service, which I set up and tested yesterday. I had a multicast sender on the WAN side and a multicast listener on the LAN side. Using WireShark on a WAN-side PC I was able to verify that the pfSense WAN interface appropriately sent proxied IGMP join/leave messages when a LAN client did. I also verified reception of the multicast data at the LAN client. Excellent!
However, there doesn't seem to be a way to use the IGMP Proxy to send multicast in the reverse direction (that is, originating in LAN and sending out WAN). This seems strange since I imagined that process would be even easier. (Instead of having to broker joins/leaves using WAN IP, it literally just needs to forward the datagrams from LAN side out of WAN side, unless I'm missing something).
With that said I found the PIMD package and started trying that out (remember to disable IGMP Proxy!). I spent a decent amount researching PIM-SM/SSM but didn't get far with configuration. That is because in my test environment, I do not have another router on the WAN side that is capable of doing PIM. There is a consumer grade router that supports static routes and that's about it. I found some threads about Sonos speakers but in those cases it looks like were using PIM between some VLANs managed entirely by the pfSense box (no extra router to worry about).
In some cases the WAN side is just a small group of static IP machines plugged into an unmanaged switch. In some cases the WAN side has a switch with the ability to specify static routes. In some cases the WAN side has a managed L3 switch but this contractor/vendor (whoever I need to connect this LAN to for some type of integration event) does not have network professionals ready to modify their network settings. (In this case I would utilize port forwards as opposed to static routes).
In this particular case, the WAN side has a consumer-grade router that supports static routes but not PIM. Thus, I was unable to get PIM working in this setup to route multicast between LAN and WAN. (PIM seems overkill here anyways since my pfSense WAN port is on the same subnet as the multicast participant and thus no RP should really need to exist)
I'm currently using a couple of .NET Core applications that I wrote in order to listen to multicast and forward as unicast and vice versa, and I deploy these apps on the WAN side and LAN side in order to get my bi-directional multicast data across these networks. This works great but it is clunky.
Is there any way to get multicast traffic from LAN to WAN and also WAN to LAN by only modifying the configuration of pfSense in the middle? Thanks!