Make a LAN machine appear on the DMZ with VIP?
-
Hello!
I have a question about virtual IP:s that I don´t know if it´s possible to do.
I have failed locating any documentation about this on the forum, wiki or the internet….I use Pfsense v1.2.3 and it has 3 NIC:s.
WAN, LAN and DMZ.On the LAN I have a Mediacenter that uses DNLA so i can show pictures from my phone on the mediacenter.
On the DMZ I have a guest WLAN to allow guest internet access.
But now I want them also to be able to use the DNLA on my mediacenter.But to connect to the DNLA device the phone uses broadcasts to IP 239.255.255.250 and port 1900.
Is it possible to have the mediacenter appear on the DMZ net as a virtual IP and to get the broadcast to the mediacenter?
Look at the attached picture for a graphical view of the setup.
The MC has IP 192.168.0.5 and I want it to appear on the DMZ net with IP 192.168.10.5 as if it was there.I have tried with NAT1:1 and also portforward, I can get other services to connect to the mediacenter through the VIP but I cannot get the broadcasts through.
/Best regards illern, a big fan of the pfsense.
-
What you need is the IGMP proxy.
On 1.2.3 you can install it from the packages list.
On 2.0 it's in the base.Set the upstream interface to where your DLNA server is.
All other interfaces should be configured as downstream.
-
Thanks for the reply!
I have been testing this out for some time now and it will not work for me.
Have found out that the the packets sent to and from the server to IP 239.255.255.250 are SSDP protocol over UDP.
Those are non routeble protocol.I got the IGMP broadcast through with the proxy as you said but I could not get the SSDP through.
I think the only solution to this is to connect a second NIC on the Mediaserver and connect it to DMZ.
/illern.
