DLNA + BRIDGE + IGMP PROXY

infinityz

Hi All,

I'm struggling on the configuration in object since 1 week, with no luck :-/
I've installed pfSense 2.1.3 on a watchguard XTM 510. The appliance has 6 gigabit ports + 1 fast ethernet port.
I've configured 1 port as WAN, where my cable modem is directly connected to, and I've bridged all the other ones.
Everything is working as expected, but my dlna server, which running on my NAS, is not discovered by any devices.
I have ONLY 1 subnet, 128.1.1.0/24 I've tried to enable the IGMP Proxy but I'm not sure how to configure upstream and downstream since everything should be managed on the same interface (bridge0).

Can someone shed a light :-)

Many thanks

stephenw10

Do you actually own 128.1.1.0/24? That's not a private IP.
If you've correctly bridged the NICs then there should be no need to use a proxy, all traffic should reach all the NICs.
Have you moved the bridge filtering location with the sysctrls? What firewall rules do you have? Anything in the logs?

Steve

johnpoz

NetRange:      128.1.0.0 - 128.1.255.255
OrgName:        BBN Communications
OrgId:          BBNP
Address:        10 Moulton Street
City:          Cambridge
StateProv:      MA
PostalCode:    02138
Country:        US

Never understand why people would grab netblocks they don't own and use them?  Why would you use that IP range and not a rfc1918 block?, and agreed if your bridged you have not need of doing any proxy.  I personally don't understand why you would bridge, when you can get an actual get switch for pennies.

Use the interfaces for other segments..  Then you would need to use igmp proxy.

stephenw10

I have one of these boxes and I currently have all 6 Gig-E NICs bridged.
However I'm using it as a test box for 2.2, I don't need more than 2 interfaces but it's useful to connect multiple clients behind it directly. Also it tests bridging.  ;)
I agree that even the cheapest gigabit desktop switch makes a better switch than bridging NICs in pfSense.  There are some useful differences though. You can still filter between the bridged network segments even though they are in the same subnet. You can packet capture traffic directly. You can remotely reconfigure the network or add/remove rules without having to actually physically move cables. Once you've divided up your network sufficiently if you still have NICs left over you may as well bridge them to an existing interface so you can quickly connect things directly if needed.

Steve

infinityz

Thank you very much to everyone who gave me an answer :-)
I've changed my subnet with a common class c. Also, enabling the packets with IP options to pass, has made the trick.
About to use a real switch instead to bridge all the ports, it is for performance issue or there is something else?

Thanks again

stephenw10

It is performance mostly. Dedicated chips in even the cheapest switches are always going to be faster than software, at least in latency terms.  Also it's cost. In most situations it costs far more to add NICs to get more ports than it does to connect a switch. Of course in a box like the XTM5 you already have 7 NICs so you may as well use all of them as I outlined above.  :)

Steve

johnpoz

As mentioned performance is prob always going to be better with an actual switch.. As "test" or lab ports with bridge sure ok..  I personally would use those ports when/if you want to add more segments to your network.

Or even in a lagg sort of setup for bandwidth or failover, etc.
https://doc.pfsense.org/index.php/LAGG_Interfaces

Leveraging interfaces on the device your running pfsense on for "switch" ports by bridging them into a network segment would rarely be best use of the interface.  If as mentioned you need to filter between two physical sections of your network segment then ok bridge interfaces would allow you to do that, etc.

infinityz

UPDATE:

Changed my configuration accordingly to your suggestions.

WAN: public IP from cable modem

WLAN: 192.168.1.1 DHCP enabled

LAN: 192.168.2.1 DHCP enabled

Everything is working as expected, but the transfer speed between WLAN and LAN is very slow, 1mbyte/sec roughly
No traffic shaping or QoS enabled of course…..any idea? :-\

johnpoz

Your wireless sucks?  Would be my first guess ;) hehehe

How are you testing?  Last test I got 271Mbps over a wireless AC connection without even trying to tweak anything..  And my pfsense is virtual on old N40L hardware, etc.  Plug something in with a wire on pfsense wlan segment what are your speeds then?

What is your wireless AP, clients?  Are you G, N, AC?  How are you doing the test showing 1MBps?

Did you completely remove all the bridging stuff..  Maybe you got multicast you don't want flooding your wlan causing issues?

infinityz

@johnpoz:

Your wireless sucks?  Would be my first guess ;) hehehe

How are you testing?  Last test I got 271Mbps over a wireless AC connection without even trying to tweak anything..  And my pfsense is virtual on old N40L hardware, etc.  Plug something in with a wire on pfsense wlan segment what are your speeds then?

What is your wireless AP, clients?  Are you G, N, AC?  How are you doing the test showing 1MBps?

Did you completely remove all the bridging stuff..  Maybe you got multicast you don't want flooding your wlan causing issues?

I'd agree with you about the wireless that sucks :-) But this is not the case, with my previous configuration, all ports bridged, my speed was around 50mbytes/sec.
the AP configuration didn't change.

johnpoz

50MBytes ps over wireless?  So 400Mbps roughly – yeah I find that a little hard to believe ;)

stephenw10

Yup, need to clarify bits or bytes.
Such a dramatic reduction look for a duplex mismatch. Are you using the fxp interface? I've seen some odd behaviour on that NIC.

Steve

infinityz

The AP has 4 gigabit ports, so it's acting as a switch if I connect to it over cable I can easily achieve 50mbytes/sec as transfer speed. Wirelessly 12mbytes/sec
WLAN –> EM1
LAN --> EM2

The numbers above are coming from my previous setup, where all the ports were bridged, only 1 subnet and 1 dhcp server.

stephenw10

So how were your NICs/subnets/cables arranged when you saw only 1MB/s?

Steve

johnpoz

wired I see 900Mbps..  Yeah 50MBps over a wired gig connection would be common place..

If your AP has switch ports, its most likely a wireless router that your just using as AP would be my guess.

How are you wired currently would help us point to your problem - I would agree 1MB or 1Mb over a wire something is major wrong.. duplex mismatch would be my first bet too.

infinityz

Ok, I've made some more test!
I've enabled the HW offload and I've attached a laptop directly to the WLAN interface. Transfer rate between WLAN and LAN 80mbytes/sec (yes megabytes)
Re-connected the AP to WLAN, configured my laptop in wireless N 5ghz 450mbps rock solid at 2 mt from the AP. Transfer from WLAN to LAN 1 mbytes/sec
Speedtest on internet, wo WLAN to WAN 93mbps/sec

So looks like the problem is the wireless…but how is possible I'm getting better speed over wireless on internet then on internal lan?

infinityz

Ok, I've found the problem! For some reason my killer wireless card had the bandwidth control enabled….it's a "feature" from Atheros.

Many thanks for your help and sorry to wasted your time :-/

stephenw10

Never would have thought of that. Thanks for reporting back.

Steve