OPNsense Forum
English Forums => General Discussion => Topic started by: ralph on September 12, 2017, 08:26:54 pm
-
Hello,
I did search Google and also this forum intensively, but unfortunately I couldn't figure out why I cannot forward multicast messages between VLANs.
My current setup consists of several VLANs used by different groups of devices. E.g. VLAN2 (192.168.2.0/24) is for smart home appliances (light bulbs, washing machine, ....), VLAN3 (192.168.3.0/24) is for multimedia appliances like Sonos or AndroidTV, and VLAN5 (192.168.5.0/24) is for "trusted" clients like family phones and PCs.
Now I managed to enable Sonos devices (VLAN2) being discoverable by trusted clients (VLAN5) by setting up the IGMP proxy service. I defined VLAN5 as upstream with netmask 192.168.5.0/24 ,VLAN3 as downstream with netmask 192.168.3.0/24. I also opened up UDP port 1900-1905 and TCP 3500 (Android) 3400 (PC) in VLAN3. VLAN5 has full inter-vlan routing privileges (i.e. pass IP4* 192.168.0.0/16). With this settings in place, I can control my sonos with all my devices although they are in different VLANS. ll is good and Robbert is your fathers brother.
But, since a few days, we have one of those Siemens HomeConnect washing machines at home, which I added to VLAN2 (192.168.2.32/32). I found out already that HomeConnect uses 224.0.0.51 to multicast its devices, and thus I need to proxy this multicasts to VLAN5. If I add VLAN2 with netmask 192.168.2.0/24 to the IGMP proxy service and enable connections for the washing machine (192.168.2.32/32) in both ways on all ports (although I know that it only uses port 80), my phone in VLAN5 fails to recognize it.
Now, can anyone provide me a tip or point me in the right direction to solve my problem?
What I want to basically achieve is that devices in VLAN2 and VLAN3 can only be discovered in VLAN5.
My hardware setup is like this:
MODEM -> OPNsense (spawning the VLANS) -> Netgear smart switch (24 ports) -> Netgear smart switch (8 ports) -> Unifi AP
I'll be happy to provide any additional information one might need to help me solving this issue.
Thanks for your time, your help is very much appreciated.
Cheers,
Ralph