Hi OPNSense Gurus! ;)
I have recently begun implementing VLANs to great effect (using OPNSense 23.7.12). Everything works well (although my firewall rules are still quite permissive while working through it, so I am not really surprised at things working in general).
One of my VLANs -- VLAN6 -- is for "entertainment devices."
On VLAN6 I have a Logitech Squeezebox which successfully pulls its DHCP reserved IP address (10.11.6.10). It needs to make a UDP broadcast on port 3483 to find the LogitechMediaServer (10.11.1.100) which serves music.
Since VLANs won't pass UDP packets across the VLAN boundary, I thought I could use port forwarding (which I otherwise successfully use for remote access of a couple PCs on the network). Unfortunately this does not work for reasons unclear to me.
Attached are images of what the NAT and LAN firewall rules look like for it, as well as the port forwarding setup (this may somehow be in error -- my experience with port forwards in OPNSense to date as been letting WAN requests into specific computers). The Aliases used for Squeezebox ports and devices have been reviewed to be correct!
Finally, I have attached a screenshot of my attempt to setup the "UDP Broadcast Relay" plugin. FYI: when it was enabled, the port forward was disabled (and vice-versa) so there should be no "trampling" going on. Also, I tried both with and without enabling "TTL for ID."
You will note in the background this same relay is highlighted in green. This seems to indicate the relay is running. When the relay is NOT running there is a corresponding error in the general log.
There is neither a broadcast/multicast address nor a source address entered as those two things seem to cause the relay to fail startup. Also, @marjohn56 specifically mentioned leaving those blank in relation to Squeezebox / LMS setups in this linked post (https://forum.opnsense.org/index.php?topic=15721.msg87083#msg87083)
In the case of attempting the "UDP Broadcast Relay" solution, I have a "wide open" floating firewall rule which bidirectionally passes any and all tcp/udp packets to ALL sources and destinations on the single 3483 "discovery" port used by Squeezeboxen. Just in case, I have an additional floating FW rule which passes all traffic on port 9000 to ALL sources and destinations (LMS requires this for streaming, but it should nt be required for discovery).
Anyway, with this (temporary) level of "openness," I am surprised I can not get this to work! [I can't show the FW rules as I do not have ability to attach another image . . . ]
I am posting this here because the thread for UPD Broadcast Relay is "stuck" on an unanswered question on Dec. 18 (https://forum.opnsense.org/index.php?topic=15721.msg184469#msg184469), more than one month ago.
Any and all hints would be appreciated. I am probably doing something really dorky and fully expect to facepalm when I hear back! :-[
It been ages since last time I used SqueezeBox on OPNsense ;D
However I do know that I did not use any forward / relay stuff. I just had firewall rules, since:
QuoteSince VLANs won't pass UDP packets across the VLAN boundary
Sounds like you may not understand the challenge. As far as I can see after some googling (sorry, to long time ago, needed to refresh) there are a few ports that needs to be able to connect between LANs:
QuoteMake sure these ports are unblocked and have network access:
TCP 9000, 9090, 3483
UDP 3483
So firewall rules for them all between VLANs. No port forwad, no relay.