Hi There,
Please excuse the lenghty post, I wanted to explain/have all the information I can possibly write down
I've been trying to have "udpbroadcastrelay" plugin to relay SSDP (Simple Service Discovery Protocol) between two subnets, LAN and Bridge. However, I've hit a roadblock with this setup.
The peculiar thing is that mDNS (Multicast DNS) works flawlessly using the same plugin and setup!
I hope that someone can help shed some light on this issue and help me get SSDP relay working as smoothly as mDNS does in my setup. If anyone has experience with the "udpbroadcastrelay" plugin in OPNsense or has encountered a similar issue, your insights and guidance would be greatly appreciated. Thanks in advance for any assistance or suggestions!
SIDENOTE:-
I have used BOTH of :
- os-udpbroadcastrelay 1.0_3 (frpm repo)
- compiled from source (Github) so i can use --msearch option
-
My Setup
- Virtualized OPNsense in Proxmox
- Pass-Through (WAN)
- 2 VirtIO Interfaces (LAN & Bridge)
- OPNsense Version: OPNsense 23.7.10_1-amd64 FreeBSD 13.2-RELEASE-p7
- Proxmox Version: proxmox-ve: 8.1.0 (running kernel: 6.5.11-7-pve)
- Virtualized OPNsense in Proxmox
-
Troubleshooting Attempts:
I've tried various solutions from different sources to resolve this issue, including:
-
HOW TO - Configure OPNsense for TV7 (init7) Multicast Stream
LAN
First we have to enable allow options on the default LAN rule Default allow LAN to any rule.- Navigate to Firewall -> Rules -> LAN
- Edit the rule with the description "Default allow LAN to any rule" by clicking the pencil.
- Scroll down until you see Advanced Options: and click on Show/Hide
- Make sure that the allow options checkbox is checked
- Click Save
- Back on Overview click on Apply changes to enable the changed rule
-
[SOLVED] - Multicast bridge problem | Proxmox Support Forum
maybe try to disable multicast snooping on bridges ?
echo 0 > /sys/class/net/vmbrX/bridge/multicast_snooping
-
Linux: Disabling Multicast snooping on bridges
Snooping should be enabled on either the router / switch or on the linux bridge, but it may not work if enabled on both. If you have a hosting provider that has igmp snooping enabled on the multicast switch, it may be necessary to disable snooping on the linux bridge. In that case use:
post-up ( echo 1 > /sys/devices/virtual/net/$IFACE/bridge/multicast_querier )
post-up ( echo 0 > /sys/class/net/$IFACE/bridge/multicast_snooping )
To help diagnose the issue effectively, here is what i managed to gather:
FW Ruleset
LAN Rule Set | |||||||
---|---|---|---|---|---|---|---|
Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
IPv4 | LAN net | * | * | * | * | * | Default allow LAN to any |
Bridge Rule Set | |||||||
---|---|---|---|---|---|---|---|
Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
IPv4 | Bridge net | * | * | * | * | * | Allow Bridge to any rule (Manual Entry) |
cat /tmp/rules.debug
LAN Rule Set
pass in log quick on vtnet0 inet from {(vtnet0:network)} to {any} keep state label "3070463c8d527cf93da451fa4f88c7cb" # Default allow LAN to any rule
Bridge Rule Set
pass in log quick on vtnet1 inet from {(vtnet1:network)} to {any} keep state label "2681e3c4a046e0ab9b3ab64679df3edc" # Allow Bridge to any rule
Interfaces
igc0: flags=8963 metric 0 mtu 1500
description: WAN (wan)
options=4802028
ether xx:xx:xx:xx:xx:xx
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect (1000baseT )
status: active
nd6 options=29
vtnet0: flags=8963 metric 0 mtu 1500
description: LAN (lan)
options=800a8
ether xx:xx:xx:xx:xx:xx
inet 192.168.100.3 netmask 0xffffff00 broadcast 192.168.100.255
media: Ethernet autoselect (10Gbase-T )
status: active
nd6 options=29
vtnet1: flags=8963 metric 0 mtu 1500
description: Bridge (opt1)
options=800a8
ether xx:xx:xx:xx:xx:xx
inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
media: Ethernet autoselect (10Gbase-T )
status: active
nd6 options=29
CLI USED
./udpbroadcastrelay -d -d --id 1 --port 1900 --dev vtnet1 --dev vtnet0 --multicast 239.255.255.250 --msearch dial
2023/12/29 21:48:17.555 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=438 tos=0x00 DSCP=0 ttl=4)
Found NOTIFY search term upnp:rootdevice
2023/12/29 21:48:17.555 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=438 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:17.593 <- [ 10.10.10.46:52323 -> 239.255.255.250:1900 (iface=vtnet1 len=462 tos=0x00 DSCP=0 ttl=4)
Found NOTIFY search term urn:schemas-sony-com:service:Party:1
2023/12/29 21:48:17.593 -> [ 10.10.10.46:52323 -> 239.255.255.250:1900 (iface=vtnet0 len=462 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:17.593 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=447 tos=0x00 DSCP=0 ttl=4)
Found NOTIFY search term uuid:00000001-0000-1010-8000-045d4bdcbc2f
2023/12/29 21:48:17.593 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=447 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:17.614 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=490 tos=0x00 DSCP=0 ttl=4)
Found NOTIFY search term urn:schemas-upnp-org:device:MediaServer:1
2023/12/29 21:48:17.614 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=490 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:17.637 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=502 tos=0x00 DSCP=0 ttl=4)
Found NOTIFY search term urn:schemas-upnp-org:service:ContentDirectory:1
2023/12/29 21:48:17.637 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=502 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:17.663 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=504 tos=0x00 DSCP=0 ttl=4)
Found NOTIFY search term urn:schemas-upnp-org:service:ConnectionManager:1
2023/12/29 21:48:17.663 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=504 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:18.315 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4)
Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1
Applying default action FORWARD
2023/12/29 21:48:18.315 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:18.373 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4)
Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1
Applying default action FORWARD
2023/12/29 21:48:18.373 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:18.460 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4)
Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1
Applying default action FORWARD
2023/12/29 21:48:18.460 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:24.824 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=127 tos=0x00 DSCP=0 ttl=4)
Found M-SEARCH search term urn:schemas-upnp-org:device:MediaServer:1
Applying default action FORWARD
2023/12/29 21:48:24.824 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=127 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:24.924 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=127 tos=0x00 DSCP=0 ttl=4)
Found M-SEARCH search term urn:schemas-upnp-org:device:MediaServer:1
Applying default action FORWARD
2023/12/29 21:48:24.924 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=127 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:25.425 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=118 tos=0x00 DSCP=0 ttl=4)
Found M-SEARCH search term urn:ses-com:device:SatIPServer:1
Applying default action FORWARD
2023/12/29 21:48:25.425 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=118 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:48:25.525 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=118 tos=0x00 DSCP=0 ttl=4)
Found M-SEARCH search term urn:ses-com:device:SatIPServer:1
Applying default action FORWARD
2023/12/29 21:48:25.525 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=118 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:49:16.556 <- [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet1 len=267 tos=0x00 DSCP=0 ttl=4)
Found NOTIFY search term upnp:rootdevice
2023/12/29 21:49:16.556 -> [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet0 len=267 tos=0x04 DSCP=1 ttl=4)
2023/12/29 21:49:16.577 <- [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet1 len=276 tos=0x00 DSCP=0 ttl=4)
Found NOTIFY search term uuid:00000004-0000-1010-8000-045d4bdcbc2f
2023/12/29 21:49:16.577 -> [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet0 len=276 tos=0x04 DSCP=1 ttl=4)
Lan Wireshark Capture
No. | Time | Source | Destination | Protocol | Length | Info |
---|---|---|---|---|---|---|
920 | 09:13:01.207756 | 10.10.10.46 | 239.255.255.250 | SSDP | 349 | NOTIFY * HTTP/1.1 |
921 | 09:13:01.229336 | 10.10.10.46 | 239.255.255.250 | SSDP | 349 | NOTIFY * HTTP/1.1 |
922 | 09:13:01.290046 | 192.168.100.75 | 239.255.255.250 | SSDP | 217 | M-SEARCH * HTTP/1.1 |
923 | 09:13:01.292706 | 10.10.10.46 | 192.168.100.75 | UDP | 354 | 50201 → 59796 Len=312 |
924 | 09:13:02.292100 | 192.168.100.75 | 239.255.255.250 | SSDP | 217 | M-SEARCH * HTTP/1.1 |
925 | 09:13:02.294187 | 10.10.10.46 | 192.168.100.75 | UDP | 354 | 50201 → 59796 Len=312 |
926 | 09:13:03.308643 | 192.168.100.75 | 239.255.255.250 | SSDP | 217 | M-SEARCH * HTTP/1.1 |
928 | 09:13:03.310873 | 10.10.10.46 | 192.168.100.75 | UDP | 354 | 50201 → 59796 Len=312 |
929 | 09:13:04.309797 | 192.168.100.75 | 239.255.255.250 | SSDP | 217 | M-SEARCH * HTTP/1.1 |
930 | 09:13:04.311739 | 10.10.10.46 | 192.168.100.75 | UDP | 354 | 50201 → 59796 Len=312 |
932 | 09:13:04.803218 | 192.168.100.75 | 239.255.255.250 | SSDP | 143 | M-SEARCH * HTTP/1.1 |
933 | 09:13:04.805015 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 50201 → 53037 Len=264 |
934 | 09:13:05.800708 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 37333 → 53037 Len=264 |
936 | 09:13:07.799676 | 192.168.100.75 | 239.255.255.250 | SSDP | 143 | M-SEARCH * HTTP/1.1 |
937 | 09:13:07.801449 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 50201 → 53037 Len=264 |
938 | 09:13:08.045029 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 37333 → 53037 Len=264 |
962 | 09:13:10.807982 | 192.168.100.75 | 239.255.255.250 | SSDP | 143 | M-SEARCH * HTTP/1.1 |
963 | 09:13:10.811017 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 50201 → 53037 Len=264 |
964 | 09:13:12.695351 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 37333 → 53037 Len=264 |
1068 | 09:14:02.720283 | 192.168.100.75 | 239.255.255.250 | UDP | 1123 | 49620 → 3702 Len=1081 |
1080 | 09:14:02.977262 | 192.168.100.75 | 239.255.255.250 | UDP | 1123 | 49620 → 3702 Len=1081 |
1119 | 09:14:03.205658 | 192.168.100.75 | 239.255.255.250 | UDP | 666 | 59260 → 3702 Len=624 |
1152 | 09:14:03.442876 | 192.168.100.75 | 239.255.255.250 | UDP | 1123 | 49620 → 3702 Len=1081 |
1237 | 09:14:03.907019 | 192.168.100.75 | 239.255.255.250 | UDP | 1123 | 49620 → 3702 Len=1081 |
1284 | 09:14:04.593450 | 192.168.100.75 | 239.255.255.250 | SSDP | 143 | M-SEARCH * HTTP/1.1 |
1285 | 09:14:04.595580 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 50201 → 52272 Len=264 |
1286 | 09:14:04.608593 | 192.168.100.75 | 239.255.255.250 | SSDP | 179 | M-SEARCH * HTTP/1.1 |
1301 | 09:14:04.862324 | 192.168.100.75 | 239.255.255.250 | UDP | 666 | 59260 → 3702 Len=624 |
1324 | 09:14:05.215444 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 37333 → 52272 Len=264 |
1371 | 09:14:06.231131 | 192.168.100.75 | 239.255.255.250 | SSDP | 217 | M-SEARCH * HTTP/1.1 |
1372 | 09:14:06.233068 | 10.10.10.46 | 192.168.100.75 | UDP | 354 | 50201 → 58452 Len=312 |
1392 | 09:14:06.865155 | 192.168.100.75 | 239.255.255.250 | UDP | 666 | 59260 → 3702 Len=624 |
1401 | 09:14:07.232162 | 192.168.100.75 | 239.255.255.250 | SSDP | 217 | M-SEARCH * HTTP/1.1 |
1402 | 09:14:07.234422 | 10.10.10.46 | 192.168.100.75 | UDP | 354 | 50201 → 58452 Len=312 |
1408 | 09:14:07.595062 | 192.168.100.75 | 239.255.255.250 | SSDP | 143 | M-SEARCH * HTTP/1.1 |
1409 | 09:14:07.597369 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 50201 → 52272 Len=264 |
1410 | 09:14:07.610422 | 192.168.100.75 | 239.255.255.250 | SSDP | 179 | M-SEARCH * HTTP/1.1 |
1443 | 09:14:08.234467 | 192.168.100.75 | 239.255.255.250 | SSDP | 217 | M-SEARCH * HTTP/1.1 |
1444 | 09:14:08.234644 | 192.168.100.75 | 239.255.255.250 | SSDP | 143 | M-SEARCH * HTTP/1.1 |
1445 | 09:14:08.236807 | 10.10.10.46 | 192.168.100.75 | UDP | 354 | 50201 → 58452 Len=312 |
1446 | 09:14:08.237538 | 10.10.10.46 | 192.168.100.75 | UDP | 306 | 50201 → 52272 Len=264 |
1448 | 09:14:08.265899 | 192.168.100.75 | 239.255.255.250 | SSDP | 175 | M-SEARCH * HTTP/1.1 |
1450 | 09:14:08.297109 | 192.168.100.75 | 239.255.255.250 | SSDP | 169 | M-SEARCH * HTTP/1.1 |
1453 | 09:14:08.334904 | 192.168.100.75 | 239.255.255.250 | SSDP | 167 | M-SEARCH * HTTP/1.1 |