UDP Broadcast Relay and firewalling

[Gandalf2434]

Hey there,
I am currently dividing my network in several vlans. Doing this I created a vlan where I connected my Denon Heos speakers to, to separate them from the rest of my network. In another vlan I have my smartphone (and other trusted components) that should control the speakers.
It got it up and running, but am not that happy, and am not sure if I did it the right way.
I installed the service UDP Broadcast Relay and added a line for each multicast-call the speakers should need (see attachment).
After this I added a firewall-rule for every interface (controller-vlan and speaker-vlan) as "in"-rules to allow access to exactly those destinations (239.255.255.250:1900 and 224.0.0.251:5353).
But I am not sure if I have to allow the traffic in both directions (well it seems it only works this way). But as a side-effect, if I run mdns-scan in the speaker-vlan I can see services (smb, sftp) running in my "trusted" vlan, which sould not be visible to the speakers. Well, the speakers can not access those services due to firewall-rules but it feels wrong that those services are even found. Can I somehow control that those services are not seen?

Denon posted some informations which ports need to be opened to run those speakers, but there is no information in which direction this traffic is established, of what destination the traffic is send to (internet, controller, speaker). This makes it difficult to set the right firewall-rules: https://support-uk.denon.com/app/answers/detail/a_id/4717/~/network-requirements-for-heos

[Mks]

Hi,

have a look on this thread https://forum.opnsense.org/index.php?topic=15721.0, there you'll find all the information what you need for an initial setup.

br

[Gandalf2434]

Thanks a lot. I am reading the posts and try to get my infos there.