Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Make a LAN machine appear on the DMZ with VIP?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      illern
      last edited by

      Hello!

      I have a question about virtual IP:s that I don´t know if it´s possible to do.
      I have failed locating any documentation about this on the forum, wiki or the internet….

      I use Pfsense v1.2.3 and it has 3 NIC:s.
      WAN, LAN and DMZ.

      On the LAN I have a Mediacenter that uses DNLA so i can show pictures from my phone on the mediacenter.
      On the DMZ I have a guest WLAN to allow guest internet access.
      But now I want them also to be able to use the DNLA on my mediacenter.

      But to connect to the DNLA device the phone uses broadcasts to IP 239.255.255.250 and port 1900.

      Is it possible to have the mediacenter appear on the DMZ net as a virtual IP and to get the broadcast to the mediacenter?
      Look at the attached picture for a graphical view of the setup.
      The MC has IP 192.168.0.5 and I want it to appear on the DMZ net with IP 192.168.10.5 as if it was there.

      I have tried with NAT1:1 and also portforward, I can get other services to connect to the mediacenter through the VIP but I cannot get the broadcasts through.

      /Best regards illern, a big fan of the pfsense.

      ![DMZ to LAN PFsense.jpg](/public/imported_attachments/1/DMZ to LAN PFsense.jpg)
      ![DMZ to LAN PFsense.jpg_thumb](/public/imported_attachments/1/DMZ to LAN PFsense.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        What you need is the IGMP proxy.
        On 1.2.3 you can install it from the packages list.
        On 2.0 it's in the base.

        Set the upstream interface to where your DLNA server is.
        All other interfaces should be configured as downstream.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • I
          illern
          last edited by

          Thanks for the reply!

          I have been testing this out for some time now and it will not work for me.
          Have found out that the the packets sent to and from the server to IP 239.255.255.250 are SSDP protocol over UDP.
          Those are non routeble protocol.

          I got the IGMP broadcast through with the proxy as you said but I could not get the SSDP through.

          I think the only solution to this is to connect a second NIC on the Mediaserver and connect it to DMZ.

          /illern.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.