Text only | Text with Images

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: papimigas on April 03, 2023, 05:36:57 PM

Title: IGMP Proxy
Post by: papimigas on April 03, 2023, 05:36:57 PM
Hi

I have IPTV, so configured IGMP proxy successfully.
I faced 2 issues when configuring IGMP proxy:
1 - Adding subnets, doesn't allow me subnets with different netmask
2 - Later, I decided to put "any" (0.0.0.0/0) but I only did that by CLI.

Is there any chance we can have "any" option on GUI?

Thank you
Title: Re: IGMP Proxy
Post by: benyamin on April 04, 2023, 10:39:37 AM
Hope you have the appropriate Class D network in your WAN firewall rules...!

Quote from: papimigas on April 03, 2023, 05:36:57 PM
1 - Adding subnets, doesn't allow me subnets with different netmask
Can you provide some more detail on this? For example, what networks were you unable to add?

Normally this would be networks that contains all the upstream hosts (or hosts with /32 CIDR masks); and sometimes the source-specific multicast block 232.0.0.0/8 might also be necessary. I've certainly been able to set multiple networks with different masks in the past, but that was some time ago now.

I presume you setup a downstream interface and also checked the "allow options" advanced option in your firewall rules where necessary...
Title: Re: IGMP Proxy
Post by: papimigas on April 04, 2023, 11:40:04 AM
Quote from: benyamin on April 04, 2023, 10:39:37 AM
Hope you have the appropriate Class D network in your WAN firewall rules...!
I presume you setup a downstream interface and also checked the "allow options" advanced option in your firewall rules where necessary...

Yes, that's ok, I use rules to control.

About upstream, imagine you have to add: 213.13.19.0/20, 224.0.0.0/4

When you add first subnet with 213.13.19.0/20, you try to add second subnet 224.0.0.0/4 but when you choose netmask /4 and save, system save second subnet with /20 too!
It seems first line netmask is sticky :)
Anyone can test.

Thank you
Title: Re: IGMP Proxy
Post by: benyamin on April 04, 2023, 01:58:10 PM
224.0.0.0/24 (part of 224.0.0.0/4) is not routable. It is the local subnetwork block.

Cannot test on mine anymore, but you could try 213.13.19.0/20 and 232.0.0.0/8 instead.

Maybe even try just 213.13.19.0/20 first. That would cover hosts in the range 213.13.16.1 to 213.13.31.254.
Title: Re: IGMP Proxy
Post by: papimigas on April 05, 2023, 02:32:34 PM
I didn't wrote "224.0.0.0/24", I wrote 224.0.0.0/4.

If anyone can test this I would appreciate.

Thank you
Title: Re: IGMP Proxy
Post by: benyamin on April 05, 2023, 11:46:43 PM
Quote from: papimigas on April 05, 2023, 02:32:34 PM
I didn't wrote "224.0.0.0/24", I wrote 224.0.0.0/4.

224.0.0.0/24 is a subnetwork of 224.0.0.0/4. As it is not a routable network, I was suggesting your use case might be very rare. Also, the UI might not like it during validation. Did you try 232.0.0.0/8 instead of 224.0.0.0/4?
Text only | Text with Images