UDP Broadcast Relay

Started by marjohn56, February 03, 2020, 06:34:50 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 ... 14
User actions
September 10, 2020, 04:41:31 PM #30
Quote from: marjohn56 on September 07, 2020, 09:10:54 PM
forget the broadcast address, the source address, leave them blank, just put the port and lan interfaces and try that. you'll likely as not need firewall rules too, but First just see if it fires up.
Thanks marjohn56, this put me on the right track. It works beautifully now - can control my Logitech server from within my guest VLAN.
September 10, 2020, 04:51:40 PM #31
@pumo: I don't have a direct answer on the solution based upon the use of the udpbroadcastrelay plugin. I have a working solution based upon the standard opnsense firewall capabilities. It took a bit of work to hunt for the right ports beeing used but these are the rules I use for my IoT LAN where the CC's are active
September 11, 2020, 06:15:29 PM #32
The daemon sends any log info to the system log, but it doesn't log very much anyway, it's very lightweight. The best option to find out what's going on is to run it from the shell directly and work out the problem from there. There are examples of the commands to use here. https://github.com/marjohn56/udpbroadcastrelay
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
September 12, 2020, 10:10:26 AM #33 Last Edit: September 12, 2020, 10:12:15 AM by pumo
Little update. I got some strange problems with precense detection in home assistant so I removed igmp proxy upstream. And now chromecasting still works with Sony android tv.
So udp broadcast relay is enough with 5353 224.0.0.1 multicast address is enough, but its slow to find Sony.
And there is no firewall rules with it. My wifi APs are ubiquiti models and in controller there is igmp snooping enabled in all VLANs.
It didnt help with home assistant but thats another story.
September 12, 2020, 03:06:58 PM #34
It's an odd thing, but I had to turn off snooping on my switches to get Sky to work, it could be something odd with my DLink switches though. Try it, see if it makes any difference.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
September 12, 2020, 04:46:30 PM #35
I'll try that if mibox or sony disappears. But now those have been found all the time.
I hqve couple chromecast audios but I will leave those in LAN vlan for now.
September 21, 2020, 07:48:51 PM #36
I assume I am going to have to setup a firewall rule based on the log beow:

filterlog[12364]   16,,,0,igb1,match,block,in,4,0x0,,1,15941,0,DF,17,udp,129,172.16.20.1,239.255.255.250,48581,1900,109

Trying to access my Sonos that sits in my IOT VLAN (20) from the my LAN. I have a FW rule that allows access to VLAN20 (IOT), but the VLAN20(IOT) does not have access to my LAN network. I assume I am on the right track here?

Thanks
September 21, 2020, 09:32:47 PM #37
Yes, you needs to specifically allow the address of the device on the IOT LAN that needs to seen on the LAN segment your sending the requests from. Port 1900 will be forwarded to the IOT VLAN, but the response won't be on port 1900, so you need to allow all ports back, but limit it to the sonos only.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
September 21, 2020, 10:41:09 PM #38
Not having much success, but here is the FW rule I setup, see attached.



Any feedback would be appreciated. One question, if you setup a FW rule to pass traffic between the 2 networks wouldn't that defeat the purpose of this plugin?

Thanks
September 21, 2020, 11:43:10 PM #39
You only set a firewall rule in one direction. I do not use Sonos, but I do use Sky which uses the same ports, so on my IOT VLAN have one rule for the Sky box.


Action - Pass
Protocol - Any
Source 10.4.15.91 - The Sky box itself
Destination - QPVLAN - The LAN where my PC's and laptops live.
Port Range - Any - The ports change all the time


So this rule allows the Sky box to send traffic back to the private QPVLAN, and only that device.



OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
September 22, 2020, 12:20:00 AM #40
Thanks for the reply and that is straight-forward and works fine. where I am confused is specific to the plugin, obviously when you have that FW rule enabled you can communicate across networks and I was under the impression that the plugin would take care of not having to create FW rules.

I'm sorry, but call me confused, which is not difficult...

TIA
September 22, 2020, 12:36:59 AM #41
No,  It can't create a firewall rule as it has no idea what the address is of the device that will respond to the broadcast; the only way that would work would be to open up the firewall to every device which would rather defeat the purpose of the firewall in the first place.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
September 24, 2020, 01:10:50 AM #42 Last Edit: September 24, 2020, 01:14:39 AM by guyp2k
Have this working w/ Sonos app and Roon endpoints, now I am working on the Spotify app. Anyone have any specifics for Spotify?

I read where Spotify uses TCP 4070, but that was unsuccessful.

Installed mDNS repeater and that addressed the issue w/ Spotify and other devices on other VLANs.

@marjohn56, will your plugin do mDNS?


Thanks
September 24, 2020, 08:35:17 AM #43
No.. it doesn't do mDNS.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
September 29, 2020, 01:11:16 AM #44
Quote from: brinm00 on September 10, 2020, 04:41:31 PM
Quote from: marjohn56 on September 07, 2020, 09:10:54 PM
forget the broadcast address, the source address, leave them blank, just put the port and lan interfaces and try that. you'll likely as not need firewall rules too, but First just see if it fires up.
Thanks marjohn56, this put me on the right track. It works beautifully now - can control my Logitech server from within my guest VLAN.

What did you end up configuring?

Thanks.
Print
Go Up Pages 1 2 3 4 5 ... 14
User actions