Show Posts
1
General Discussion / IGMP Proxy howto
« on: January 31, 2018, 11:21:38 pm »
Could someone clarify how to set up an IGMP proxy correctly? The information that I can find is very scarce and I have yet to come across a good tutorial that describes exactly how this works.
I have 2 interfaces in my OPNSense router (17.7.12):
- bce0 -> LAN with network 192.168.2.0/24
- bce0_vlan102 -> VLAN102 with network 192.168.10.0/24
The VLAN102 interface is meant for IOT stuff to roam free and get hacked
The LAN interface is my private LAN with some clients and servers.
Last week I got a Xiaomi mi home Aqara gateway, which sends it's data (besides to China) over multicast UDP packets on 224.0.0.50. This gateway is in VLAN102 with IP 192.168.10.111
But my home assistant service is running on my NAS which is in the LAN on 192.168.2.131
So if I put my laptop on a port on my switch which tags it as VLAN102, my laptop gets a 192.168.10.x/24 address, and I can see the multicast packets from the Aqara gateway in wireshark just fine.
To bring these packets onto the LAN network, I figured out I should be looking at IGMP PRoxy service, so I installed this package (os-igmp-proxy 1.3) on OPNSense, but I have really no idea how to configure it.
In the meantime I have tried most possible combinations of the following:
- Setting the LAN interface both as up- and downstream
- Setting the VLAN102 interface both as up- and downstream (inverse to the above, off course)
- Tried the following entries as 'Networks' in the proxy config: 224.0.0.50/32, 192.168.2.0/24 & 192.168.10.0/24
But in no situation I can get the packets coming from the Aqara gateway to appear on my LAN network.
I checked the firewall logfiles (I made temporary allow any rules between LAN <-> VLAN102) and nothing is being blocked
Is this just not working, or am I doing something wrong?
Any advise would be highly appreciated!
I have 2 interfaces in my OPNSense router (17.7.12):
- bce0 -> LAN with network 192.168.2.0/24
- bce0_vlan102 -> VLAN102 with network 192.168.10.0/24
The VLAN102 interface is meant for IOT stuff to roam free and get hacked
The LAN interface is my private LAN with some clients and servers.
Last week I got a Xiaomi mi home Aqara gateway, which sends it's data (besides to China) over multicast UDP packets on 224.0.0.50. This gateway is in VLAN102 with IP 192.168.10.111
But my home assistant service is running on my NAS which is in the LAN on 192.168.2.131
So if I put my laptop on a port on my switch which tags it as VLAN102, my laptop gets a 192.168.10.x/24 address, and I can see the multicast packets from the Aqara gateway in wireshark just fine.
To bring these packets onto the LAN network, I figured out I should be looking at IGMP PRoxy service, so I installed this package (os-igmp-proxy 1.3) on OPNSense, but I have really no idea how to configure it.
In the meantime I have tried most possible combinations of the following:
- Setting the LAN interface both as up- and downstream
- Setting the VLAN102 interface both as up- and downstream (inverse to the above, off course)
- Tried the following entries as 'Networks' in the proxy config: 224.0.0.50/32, 192.168.2.0/24 & 192.168.10.0/24
But in no situation I can get the packets coming from the Aqara gateway to appear on my LAN network.
I checked the firewall logfiles (I made temporary allow any rules between LAN <-> VLAN102) and nothing is being blocked
Is this just not working, or am I doing something wrong?
Any advise would be highly appreciated!