Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    multicast between VLANs

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    igmpvlanmulticast
    5 Posts 2 Posters 1.7k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      doejohn
      last edited by

      Hello,

      I am trying to get multicast working from one VLAN to another. Server is in VLAN10, sending to 239.12.255.254 and client is in VLAN20

      I have enabled IGMP proxy and created two igmp proxy instances:

      • VLAN10 upstream 239.12.255.254/32
      • VLAN20 downstream 239.12.255.254/32

      Then I add a firewall-rule on VLAN20to pass IPv4 IGMP with "allow IP options" checked.

      But it still does not work.

      What am I missing?

      Maybe somebody has an example of multicast routing between VLANs?

      Where can I find this "IGMP log" that is mentioned on the IGMP proxy page?

      J 1 Reply Last reply Reply Quote 0
      • J Offline
        Jarhead @doejohn
        last edited by

        @doejohn Look into the Avahi and PIMD packages.
        I have multicast going across a Wireguard VPN with those two.
        Also have Sonos working across VLANs, basically like you want, with them.

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          doejohn @Jarhead
          last edited by

          @Jarhead said in multicast between VLANs:

          @doejohn Look into the Avahi and PIMD packages.

          Thanks for your suggestions, @Jarhead, I'll take a closer look into this.

          Isn't avahi for mDNS? I'm not sure this is needed in this case...

          If I understand correctly, PIMd is for routers to find best path to servers. So makes sense primarily when multiple routers are involved, which is not the case here.

          Since IGMP-Proxy is a standard package, I'd expect it should work for at least simple cases.

          But the documentation of IGMP-Proxy is also not very clear. It states, exactly ONE upstream instance can exist. This would mean, multicast-sources can sit only on one inerface. This does not make any sense to me. And it is totally unclear, what additional firewall rules are needed to actually make the whole thing work.

          Maybe somebody can bring some light in here? Maybe an example of an actually working configuration?

          J 1 Reply Last reply Reply Quote 0
          • J Offline
            Jarhead @doejohn
            last edited by Jarhead

            @doejohn Ahh, sorry, didn't read your post close enough. Just saw the title and went to typing.
            I actually just got the mDNS over the Wireguard working and was a little amazed it did work so I was over anxious with my reply.

            1 Reply Last reply Reply Quote 0
            • D Offline
              doejohn
              last edited by

              So I installed the pimd package

              • Added the two VLANs to the PIMD interfaces list and enabled them
              • Add one pfsense interface as RP address for PIMd (192.168.12.1)
              • left all other pimd configuration options at defaults

              In addition, I add on each of the interfaces a firewall rule to pass everything, also checked the "Allow IP options" on those rules. Logging enabled.
              In addition, I add on each interface at the very end a "catch all" blocking rule, also with logging enabled. This is so that I can see if my "pass" rule misses anything.

              Then I started VLC multicast streaming server on 192.168.12.101 (vlan12):

              cvlc  BigBuckBunny_320x180.mp4  --sout "#rtp{dst=239.255.1.2,port=5004,ttl=10,mux=ts,sap,name=Bunny}" --no-sout-all --sout-keep --loop
              

              PIMD status shows the server in its routing table:

              Virtual Interface Table ======================================================
              Vif  Local Address    Subnet              Thresh  Flags      Neighbors
              ---  ---------------  ------------------  ------  ---------  -----------------
                0  192.168.1.1      192.168.1                1  DR NO-NBR
                1  192.168.2.1      192.168.2                1  DR NO-NBR
                2  192.168.10.1     192.168.10               1  DISABLED
                3  192.168.12.1     192.168.12               1  DR NO-NBR
                4  79.239.182.225   79.239.182.225/32        1  DISABLED
                5  192.168.1.1      register_vif0            1 
              
               Vif  SSM Group        Sources             
              
              Multicast Routing Table ======================================================
              ----------------------------------- (S,G) ------------------------------------
              Source           Group            RP Address       Flags
              ---------------  ---------------  ---------------  ---------------------------
              192.168.12.101   239.255.1.2      192.168.12.1     CACHE SG
              Joined   oifs: .....j              
              Pruned   oifs: ......              
              Leaves   oifs: ......              
              Asserted oifs: ......              
              Outgoing oifs: .....o              
              Incoming     : ...I..              
              
              TIMERS:  Entry    JP    RS  Assert VIFS:  0  1  2  3  4  5
                         205    60     0       0        0  0  0  0  0  0
              ----------------------------------- (S,G) ------------------------------------
              Source           Group            RP Address       Flags
              ---------------  ---------------  ---------------  ---------------------------
              192.168.12.101   239.255.255.255  192.168.12.1     CACHE SG
              Joined   oifs: .....j              
              Pruned   oifs: ......              
              Leaves   oifs: ......              
              Asserted oifs: ......              
              Outgoing oifs: .....o              
              Incoming     : ...I..              
              
              TIMERS:  Entry    JP    RS  Assert VIFS:  0  1  2  3  4  5
                         205    60     0       0        0  0  0  0  0  0
              --------------------------------- (*,*,G) ------------------------------------
              Number of Groups: 4
              Number of Cache MIRRORs: 8
              ------------------------------------------------------------------------------
              

              Then I start client on 192.168.1.196 (vlan1):

              vlc rtp://239.255.1.2:5004
              

              but dont get a video. This works fine, if client and server are on the same VLAN.

              Packet capture on pfsense vlan1 interface shows that the client is trying to join the group:

              22:31:55.963481 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA))
                  192.168.1.196 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.255.1.2 to_in { }]
              
              22:31:56.735594 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA))
                  192.168.1.196 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.255.1.2 to_in { }]
              
              22:31:57.327523 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA))
                  192.168.1.196 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.255.1.2 to_ex { }]
              
              22:31:57.827784 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 48, options (RA))
                  192.168.1.196 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 239.255.1.2 is_ex { }] [gaddr 224.0.0.251 is_ex { }]
              
              22:31:57.955683 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA))
                  192.168.1.196 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.255.1.2 to_ex { }]
              
              22:32:11.647572 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 48, options (RA))
                  192.168.1.196 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 239.255.1.2 is_ex { }] [gaddr 224.0.0.251 is_ex { }]
              

              But I can't see anything in the firewall logs, though logging is enabled (see above).

              Any ideas how to further debug this problem?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.