Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PIMD, UDP Broadcast Relay, IGMP Proxy, Avahi

    General pfSense Questions
    4
    8
    880
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • LaxarusL
      Laxarus
      last edited by Laxarus

      Hello,

      I've been reading a couple of articles and trying to learn these services (PIMD, UDP Broadcast Relay, IGMP Proxy, Avahi) but the more I read, the more confusing it becomes. Can someone explain these services to me in a way different than those technical pages that I read so that it is not so confusing?

      Can they work together?
      Example:
      If I enable UDP Broadcast with 224.0.0.251 and port 5353, do I need avahi anymore in this case?
      Where does igmp come into play in this case? (IGMP proxy and PIMD)
      Why does igmp proxy asks us to define networks if I have already selected an interface already? The interface network should already be defined and there should not be any reason to define networks right?
      If I enable both UDP Broadcast with 224.0.0.251 and port 5353 and avahi, then create a firewall rule in a restricted vlan to pass 224.0.0.251:5353, this should not be necessary anymore considering the packets are reflected via pfsense right? But I've seen instances that this firewall rule might be necessary with appletv airplay.

      1 Reply Last reply Reply Quote 1
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What exactly are you trying to make work?

        Some of those services ceratinly can conflict if you just enable everything,

        Steve

        LaxarusL 1 Reply Last reply Reply Quote 0
        • LaxarusL
          Laxarus @stephenw10
          last edited by

          @stephenw10 said in PIMD, UDP Broadcast Relay, IGMP Proxy, Avahi:

          What exactly are you trying to make work?

          Some of those services ceratinly can conflict if you just enable everything,

          Steve

          Hi Steve, sorry for the late reply, I was testing some stuff and did not want to give a reply before coming to some conclusion. As I was getting random crashes which I suspected due to some clash happening and I was right.
          More like, I am trying to understand how they work and how to utilize them.
          I don't want to go into details of my setup as it might get complicated but I can summarize that I have multiple vlans with
          "Mobile" vlan for wifi devices, (unrestricted access to all)
          "IOT" vlan for iot devices,
          "Media" vlan for smart TVs, appletv and media player)
          "Camera" vlan for cameras
          LAN (unrestricted access to all)
          I need airplay, chromecast and homekit to work properly across vlans
          I need to be able to access camera feeds from homekit etc.
          I can give more details with firewall rules and such but I would not want to go off topic too much. I believe if I understand how these services work, I can come up with something that is suitable for my setup.

          After disabling PIMD, I get no more random crashes.
          This is my UDP broadcast setup
          558b4221-5a1b-4ad0-b2db-69cbacfd919c-image.png

          Avahi is enabled for the concerned interfaces

          54062d4c-8c01-4b31-a1cc-23bfb6336e5d-image.png

          This is my disabled PIMD setup which was clashing with something

          10dd953a-3fd5-4ed0-9fc1-e3d8acd9e738-image.png

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Ok, what's working? What's not working?

            LaxarusL 1 Reply Last reply Reply Quote 0
            • LaxarusL
              Laxarus @stephenw10
              last edited by Laxarus

              @stephenw10 said in PIMD, UDP Broadcast Relay, IGMP Proxy, Avahi:

              Ok, what's working? What's not working?

              I did not test it extensively since I work abroad and I am away most of the time, I connect to my home remotely. But as I have said previously, I am not exactly looking for a solution to my problem but trying to understand how these packages work so that I can come up with something that fits my situation the best.

              Correct me if I am wrong since I am a layman, and I would really appreciate if someone corrects me on this. From what I read so far, I understand that Avahi just publishes some services with mdns names to UDP 224.0.0.251:5353 with source address for the potential clients to connect to that source address.
              No client uses UDP 224.0.0.251:5353 for connecting but listening something like a radio broadcast.
              The catch for avahi, is to have some specific avahi service names to be present.
              For UDP broadcast, it engulfs all the UDP 224.0.0.251:5353 broadcast regardless of the service names. So by that logic, I should not need avahi if udp broadcast is working in that range, correct?
              For PIMD and IGMP proxy, I have no idea where to start.

              D 1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Well my first choice here will always be to use none of them if at all possible. They are all something of a cludge to allow connections for devices that expect to operate in a single subnet. With the exception of actual multicast traffic like IPTV stuff that requires it.

                So I'd try to make whatever you have work without any of those packages first. Then add only what you need.

                1 Reply Last reply Reply Quote 0
                • D
                  DBMandrake @Laxarus
                  last edited by DBMandrake

                  @Laxarus We use UDP Broadcast Relay, IGMP Proxy and Avahi services on our network.

                  UDP Broadcast Relay is really only useful for relaying Wake on Lan packets between VLAN's and that's what we use it for, so a server that is only on one VLAN can wake PC's on other VLAN's. (In fact we also wake PC's at a remote site across an OpenVPN link by running a copy of UDP Broadcast Relay at both ends of the VPN link)

                  UDP Broadcast Relay exists to work around the fact that FreeBSD does not support IP directed broadcasts in any way shape or form which would be the normal way to send Wake on LAN packets to another VLAN.

                  If you aren't trying to do Wake on LAN between VLAN's, you don't need UDP Broadcast Relay.

                  IGMP Proxy we use to help route IPTV multicast traffic from specific VLAN's to a main VLAN where an IP TV streaming server is located. You also need specific firewall rules to make this cross VLAN routing of multicast traffic work, IGMP Proxy on its own is not enough.

                  Avahi we use primarily for allowing Airplay 2 streaming to occur between VLAN's in a carefully controlled way.

                  There is an IOT VLAN which has Smart TV's and Apple TV's, Avahi is configured on this VLAN as well as the Staff and Student VLAN's.

                  This allows iOS devices on Staff and Student VLAN's to discover the TV's and connect to them without being able to connect to each other, however you still need protocol specific firewall rules for Airplay to allow traffic to flow to the IOT VLAN for airplay connections to actually work.

                  Avahi only helps with the announcement and discovery of devices and bonjour services.

                  We do also use Avahi for a couple of Printers that advertise via Bonjour.

                  While Avahi also supports Chromecast and Microsoft display mirroring I have not really tested this.

                  I don't know much about PIMD but it looks like it would overlap with the functionality of IGMP Proxy and running both together is likely to clash.

                  Configuring multicast routing between VLAN's is not for the feint of heart and can be challenging to set up and troubleshoot.

                  P 1 Reply Last reply Reply Quote 1
                  • P
                    Popolou @DBMandrake
                    last edited by Popolou

                    We use UDP Broadcast Relay for SSDP control which in our experience, the other packages had difficulty handling.

                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.