Samsung TV SSDP (DLNA) relay from IOT -> HOME vlan

hardware_bxl

Ok, tested PIMD but did not work, tried many other ways, but eventually found: https://github.com/marjohn56/udpbroadcastrelay
That is also available as package in pfSense, but I compiled and installed the latest version with m-search dial support.

Running the following cmd at boot (or in debug mode when testing): /usr/local/sbin/./udpbroadcastrelay --id 2 --port 1900 --dev re2.13 --dev re2.20 --multicast 239.255.255.250 -s 1.1.1.2 --msearch dial -f > /dev/null
where re2.13 is IOT vlan and re2.20 is HOME vlan.

Related firewall rules:

On both VLANs:

On IOT VLAN:

This last rule is needed to allow the opening of random ports by SSDP for the reply packets (after monitoring, I found that it was opening these ports).

The result is frustrating.. if it works, it keeps working as long as the udpbroadcastrelay is running, it seems to have cached values it needs. To get it working, the only thing I could do was to search in Youtube for devices, then restarting udpbroadcastrelay zillion times until it for some reason found the TV.
But when it restarted (or maybe also after certain time, I did not check that yet), it fails again.

I checked and it seems the udpbroadcastrelay is indeed relaying the notify and (important) m-search packets.
But as told by the author of the tool:

If you are running udpbroadcastrelay on a router, it can be an easy way to relay broadcasts between VLANs. 
However, beware that these broadcasts will not establish a RELATED firewall relationship between the source and 
destination addresses. This means if you have strict firewall rules, the recipient may not be able to respond to the broadcaster. 
For instance, the SSDP protocol involves sending a broadcast packet to port 1900 to discover devices on the network. 
The devices then respond to the broadcast with a unicast packet back to the original sender. 
You will need to make sure that your firewall rules allow these response packets to make it back to the original sender.

I thought this could have nothing to do with the firewall rules when I first started to analyze, but I am not 100% sure now.

Can somebody say me from experience maybe what I am missing, or just some general advise is welcome too!

Thanks!

stephenw10

Hmm, what exactly are you trying to discover the TV with? Or from the TV to what?

If you just open the firewall rules entirely does it work every time?

Steve

hardware_bxl

@stephenw10 said in Samsung TV SSDP (DLNA) relay from IOT -> HOME vlan:

If you just open the firewall rules entirely does it work every time?

You're making a great point, because when I started to explore this, of course i put my phone in the same IOT vlan and checked the working, obviously it worked.
Then I opened the firewall rules, not entirely, but allowed IOT to HOME, with the relay tool I could instantly see the TV from my phone.
From there I worked until I got the rules as I posted and that seemed to be ok.

However, when I put back my original configuration and made the final changes to the fw rules and the relay tool, it didn't work as I already said.
Now even if I allow IOT to HOME, I still have not always discovery!
And I don't know why, something has changed, but I have no idea what. I even tried open the fw entirely between the 2 vlans, but nothing.

And yes, I removed the relay tool, did a pkg install udpbroadcastrelay and replaced with my compiled newer version etc. Nothing.
But because it sometimes suddenly works (also for example if I start the relay tool multiple times, not always though), i keep trying... also it makes me wonder if my original 'success' was maybe just a random event and also not a proper way!

hardware_bxl

@stephenw10 said in Samsung TV SSDP (DLNA) relay from IOT -> HOME vlan:

what exactly are you trying to discover the TV with? Or from the TV to what?

Since mdns is working fine and I can use the ipad for Airplay (this uses mdns), I needed solution for android devices and since the tv use DLNA, I use my oneplus phone with Youtube app to try and stream to any found devices and the Samsung TV (Samsung S95BA) is what I try to stream to.

hardware_bxl

Nobody can help with this or has any experience with it?

stephenw10

Personally I have spent enough time battling protocols that were never intended to operate between subnets. I just put the clients and servers on the same layer2 whilst streaming avoid the problems.

viragomann

@stephenw10
I gave this up as well. Now I run my DLNA server within a container which is connected to the layer 2 network of the TV.

johnpoz

@viragomann said in Samsung TV SSDP (DLNA) relay from IOT -> HOME vlan:

I gave this up as well.

Not that I "gave up" - I never even considered it to be honest. Breaking L2 is not a good thing.. My printer sits on the same network that my clients that would need to use discovery "airprint' connect. My other devices can just point to the fqdn/ip of the printer that sits on that network, no need for discovery.

So everything that would need to use that printer can. No breaking of L2 needed.

hardware_bxl

@stephenw10
@viragomann
@johnpoz

I kind of agree with what you all are saying and I already made the decision to not continue this route, though that still is not taking away my desire to get this working, because I hate when I can't get things done, even though I already have set different plans.
I cannot stand the fact that it randomly works and then keeps working, most likely because it knows how to get to the streaming device (by the way, in English, the streaming device, is that the phone or the tv?) - but then when restarting the relay tool, it fails again.
That seems to me that fw rules should be at least decent enough, because it's allowing the action to stream and there is discovery, only at random times.
Probably relaying of SSDP is different than mDNS, as I mentioned before, because of opening random ports for replies, I guess that must be relayed too and my bet is that there is most likely the point of failure, but it can easily still be the fw rules.

Anyway, probably not getting the solution for this and I can be ok with that, but then I still need some kind of other solution, because the tv is making too much noise for me, so i need it separated at least for my paranoid mind :-)

I thought of the open protocol for streaming, nymphcast i believe if i remember correctly, then have some Pi to work with this, would that be any good?
I read viragomann's solution with dlna server, that would be some solution too, the dlna server sits in both networks, isolated in a container?

I hope to get some more suggestions to keep me going ;-) thanks all

johnpoz

@hardware_bxl yeah ssdp would be different than avahi which is only for mdns. there is pimd and or udp broadcast package.. Neither of which I have any play time with.

DLNA is great for say grandma.. to get her devices to work. What exact media server are you using that your trying to find via dlna from your TV?

I use plex, which also has dlna, but I have actually gone out of my way to remove all that noise from my network.. I have acls on my switches to block all the ssdp broadcast shit it sends out, etc. I have zero need for it, since the plex clients don't actually need it to function. They know what the IP of your server is, and connect directly to the IP on port 32400..

What server are you trying to connect too.. I am pretty familiar with all the major media server software, plex, emby, jellyfin..

If what your using requires dlna - I would pick a different product. dlna would be fine if your on 1 flat network.. But if your wanting to segment your network up.. dlna was never meant to work across subnets..

stephenw10

Yup I hate when I know something can work but it won't!

But I also hate client devices that can only auto discover when you know it would work perfectly well if you just enter an IP. Grrrr...

viragomann

@johnpoz said in Samsung TV SSDP (DLNA) relay from IOT -> HOME vlan:

DLNA is great for say grandma.. to get her devices to work.

And me. Sadly my Samsung TV provides no other possibility to stream media files from another device over the network than this.

johnpoz

@viragomann you know you can pickup a roku or firestick for like 15$ ;) when they go on sale or prime day, etc.. I see the 4k firestick currently for $25..

stephenw10

Yup that^. That is why "Smart TVs" are a terrible idea. There's no incentive for Samsung (or any manufacturer) to keep updating their firmware. Display + replaceable-smart-bit will always be superior.

viragomann

@stephenw10
I know. However, it's way more comfortable to have all functions integrated in a single box, and can control them all with a single remote.

And as my TV is in my IoT wifi, which neither does allow communications between the wifi clients nor to other local subnets, but only the isolated DLNA server, which is bridged to the IoT on pfSense, if have not much security concerns regarding this to be honest.