Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense multicast upnp ps3 und sonstige dlna geräte

    Scheduled Pinned Locked Moved Deutsch
    6 Posts 2 Posters 6.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bGn
      last edited by

      Huhu,

      ich habe folgendes Szenario

      WAN / Internet
                  :
                  : Cable
                  :
            .–---+-----.
            |  Gateway  |  (FritzBox 192.168.178.1)
            '-----+-----'
                  |           
            .-----+------.     
            | LAN-Switch|
            '-----+------'
                  | 192.168.178.0/24
              WAN 
          DHCP 192.168.178.28
            .-----:------. 
            |  pfS:ense | +-------. (Clients/Servers) Media Server 10.49.100.3
            |                |    DMZ  10.49.100.0/24
            '-----:------'       
                  |  192.168.1.254/24
              LAN         
                  |           
            .-----+------.     
            | LAN-Switch|
            '-----+------'
                  |192.168.1.0
          ...-----+------... (Clients/Servers)

      Meine PS3 ist im 192.168.178.0 Netz
      Mein PS3 Media Server ist im 10.49.100.0 Netz
      Mein Server der gerne auf den USB Port an der Fritzbox über die
      USB Netzwerkfreigabe möchte ist im 192.168.1.0 Netz

      1. Ich möchte gerne von der PS3 den Media Server in der DMZ erreichen.
      2. ich möchte gerne vom Server im LAN den USB Port an der Fritz Box erreichen.

      Das erste Problem meines erachtens ist das UPnP nicht Subnetz übergreifend arbeitet.
      Das zweite Problem sind div. Firewall freigaben für Multicast die mir nicht ganz klar sind.

      Auf meiner Box läuft pfsense 2.0-RC1. Mit meinem Halbwissen hab ich schon gelesen, dass sich der IGMP Proxy
      irgendwie dafür eignet...komme aber auf keinen grünen Zweig.

      Hat jemand was ähnliches am laufen?
      Für jeden Tipp bin ich sehr dankbar

      mfg

      Patrick

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Ziemlich das gleiche Setup habe ich bei mir am laufen.

        IGMP Proxy aktivieren.

        Upstream: DMZ, 10.49.100.0/24
        Downstream: LAN, 192.168.1.0/24
        Speichern und es läuft.
        Wenn du in Zukunft mehrere Interfaces hast, einfach die zusätzlichen Interfaces als weitere downstreams hinzufügen.

        Für Firewall rules nehme ich mal an, dass du eine alles–>alles Regel auf dem LAN hast.
        Wenn du auf der DMZ restriktive Regeln hast, einfach mal den Firewall Log anschauen wenn du versuchst zu connecten und es Funktioniert nicht.
        Soweit ich weiss solltest du auf dem DMZ Interface eine Regel in diesem Stil benötigen:
        source: any, sourceport: any, destination: 239.255.0.0/16, destinationport: any
        Ausserdem IGMP traffic zulassen.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • B
          bGn
          last edited by

          Hi GruensFroeschli,

          Dein Beispiel macht für mich so keinen Sinn da die PS3 im WAN läuft :)

          WAN 192.168.178.22 PS3
          DMZ 10.49.100.3 PS3 Media Server

          Ich habe jetzt folgendes konfiguriert:

          WAN downstream 192.168.178.0/24
          DMZ upstream 10.49.100.0/24

          Rules WAN
          PASS * 192.168.178.0/24 * * * * mit Haken bei Advanced Options für multicast

          Rules DMZ
          PASS * DMZ net * * * * mit Haken bei Advanced Options für multicast

          Müsste von der Logik her ja eigentlich passen, aber weder der Server findet die PS3, noch findet die PS3 den Server…auch nicht nach Suchlauf von der PS3
          allerdings füllt sich das Systemlog

          
May 24 14:33:46 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.1 (ip_hl 24, data 12) 
May 24 14:33:46 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.252 (ip_hl 24, data 8) 
May 24 14:33:45 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:45 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 224.0.0.2 (ip_hl 24, data 8) 
May 24 14:33:45 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:45 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:45 igmpproxy: Note: RECV V2 member report from 192.168.178.1 to 224.0.0.2 (ip_hl 24, data 8) 
May 24 14:33:44 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:44 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 224.0.0.252 (ip_hl 24, data 8) 
May 24 14:33:44 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:44 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:44 igmpproxy: Note: RECV V2 member report from 192.168.178.29 to 224.0.0.252 (ip_hl 24, data 8) 
May 24 14:33:43 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:43 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 224.0.0.251 (ip_hl 24, data 8) 
May 24 14:33:43 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:43 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:43 igmpproxy: Note: RECV V2 member report from 192.168.178.23 to 224.0.0.251 (ip_hl 24, data 8) 
May 24 14:33:43 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.1 (ip_hl 24, data 12) 
May 24 14:33:43 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.251 (ip_hl 24, data 8) 
May 24 14:33:40 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:40 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 8) 
May 24 14:33:40 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:40 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:40 igmpproxy: Note: RECV V2 member report from 192.168.178.1 to 224.0.0.22 (ip_hl 24, data 8) 
May 24 14:33:39 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:39 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 239.255.255.250 (ip_hl 24, data 8) 
May 24 14:33:39 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:39 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:39 igmpproxy: Note: Adding MFC: 192.168.178.22 -> 239.255.255.250, InpVIf: 1 
May 24 14:33:39 igmpproxy: Note: Adding MFC: 10.49.100.4 -> 239.255.255.250, InpVIf: 2 
May 24 14:33:39 igmpproxy: Note: RECV V2 member report from 192.168.178.23 to 239.255.255.250 (ip_hl 24, data 8) 
May 24 14:33:39 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:39 igmpproxy: Note: RECV V3 member report from 192.168.178.1 to 224.0.0.22 (ip_hl 24, data 48) 
May 24 14:33:38 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:38 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 224.0.0.251 (ip_hl 24, data 8) 
May 24 14:33:38 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:38 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:38 igmpproxy: Note: RECV V2 member report from 192.168.178.23 to 224.0.0.251 (ip_hl 24, data 8) 
May 24 14:33:37 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.1 (ip_hl 24, data 12) 
May 24 14:33:37 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.1 (ip_hl 24, data 8) 
May 24 14:33:36 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.1 (ip_hl 24, data 12) 
May 24 14:33:36 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.252 (ip_hl 24, data 8) 
May 24 14:33:33 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.1 (ip_hl 24, data 12) 
May 24 14:33:33 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.251 (ip_hl 24, data 8) 
May 24 14:33:31 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:31 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 224.0.0.252 (ip_hl 24, data 8) 
May 24 14:33:31 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:31 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:31 igmpproxy: Note: RECV V2 member report from 192.168.178.1 to 224.0.0.252 (ip_hl 24, data 8) 
May 24 14:33:30 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:30 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 224.0.0.251 (ip_hl 24, data 8) 
May 24 14:33:30 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:30 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:30 igmpproxy: Note: RECV V2 member report from 192.168.178.29 to 224.0.0.251 (ip_hl 24, data 8) 
May 24 14:33:29 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:29 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 239.255.255.250 (ip_hl 24, data 8) 
May 24 14:33:29 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:29 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:29 igmpproxy: Note: Adding MFC: 192.168.178.22 -> 239.255.255.250, InpVIf: 1 
May 24 14:33:29 igmpproxy: Note: Adding MFC: 10.49.100.4 -> 239.255.255.250, InpVIf: 2 
May 24 14:33:29 igmpproxy: Note: RECV V2 member report from 192.168.178.22 to 239.255.255.250 (ip_hl 20, data 8) 
May 24 14:33:29 igmpproxy: Note: Adding MFC: 192.168.178.22 -> 239.255.255.250, InpVIf: 1 
May 24 14:33:29 igmpproxy: Note: New origin for route 239.255.255.250 is 192.168.178.22, flood 1 
May 24 14:33:29 igmpproxy: Note: The source address 192.168.178.22 for group 239.255.255.250, is valid DOWNSTREAM VIF #1\. 
May 24 14:33:26 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.1 (ip_hl 24, data 12) 
May 24 14:33:26 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.252 (ip_hl 24, data 8) 
May 24 14:33:23 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.1 (ip_hl 24, data 12) 
May 24 14:33:23 igmpproxy: Note: RECV Membership query from 192.168.178.28 to 224.0.0.251 (ip_hl 24, data 8) 
May 24 14:33:22 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:22 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 239.255.255.250 (ip_hl 24, data 8) 
May 24 14:33:22 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:22 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:22 igmpproxy: Note: Adding MFC: 10.49.100.4 -> 239.255.255.250, InpVIf: 2 
May 24 14:33:22 igmpproxy: Note: RECV V2 member report from 192.168.178.22 to 239.255.255.250 (ip_hl 20, data 8) 
May 24 14:33:19 igmpproxy: Note: The IGMP message was from myself. Ignoring. 
May 24 14:33:19 igmpproxy: Note: RECV V2 member report from 10.49.100.254 to 224.0.0.252 (ip_hl 24, data 8) 
May 24 14:33:19 igmpproxy: Warn: unknown Mode in V3 report (673189920) 
May 24 14:33:19 igmpproxy: Note: RECV V3 member report from 10.49.100.254 to 224.0.0.22 (ip_hl 24, data 16) 
May 24 14:33:19 igmpproxy: Note: RECV V2 member report from 192.168.178.1 to 224.0.0.252 (ip_hl 24, data 8)
          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Ah das hab ich nicht gesehen.
            Bin davon ausgegangen, dass die PS3 im LAN liegt.
            Wenn die PS3 im LAN liegt, nehme ich stark an, dass sie als default gateway nicht die pfSense hat und somit auch keine Ahnung hat wie sie den Server erreichen könnte.
            Du musst noch auf dem default gateway der PS3 (Fritzbox) eine statische route für das DMZ subnet einrichtigen welche auf die pfSense zeigt.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • B
              bGn
              last edited by

              das ist schon immer der fall, da ich sonst von meinem PC der auch im "WAN" sitzt nicht auf meinen DC im LAN und in die DMZ komme :)
              wär echt traumhaft wenn du noch ne idee hättest !

              1 Reply Last reply Reply Quote 0
              • B
                bGn
                last edited by

                gefixt! die Server 2008 Firewall war auch noch mitbeteiligt….

                peinlich peinlich

                Trotzdem vielen Dank an den Frosch!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.