Config igmpproxy to allow multicast udp from WAN to LAN

hello,
i finally got igmpproxy installed and my router settings are set to default. What settings need to be changed to allow multicast from WAN to LAN ?
I read many posts on this topic but I can't get it to work. Please help.
PC1(10.0.0.50) sends multicast stream (239.1.1.1:1234) to a switch and PC2 is connected over LAN to my router (192.168.1.1). Then I connected the WAN to the switch. Below are my current igmpproxy settings.

config igmpproxy
        option quickleave 1

config phyint
        option network wan
        option direction upstream
        list altnet 0.0.0.0/0

config phyint
        option network lan
        option direction downstream

You also need the name of the firewall zone, so the firewall makes the rule.

config igmpproxy
        option quickleave 1

config phyint
        option network wan
        option zone wan
        option direction upstream
        list altnet 0.0.0.0/0

config phyint
        option network lan
        option zone lan
        option direction downstream

I'll try that immediatelly.
I also have these settings(Pictures)
Are these correct ? or should i reset all of them ?firewall firewall2 IGMP

I'm not even sure why you've shown me your firewall. Igmpproxy should handle everything.

Perhaps that's why you're having problems.

SO I should reset the router to default settings. just install igmpproxy again with just the settings you posted above and it works ?
how can I check if igmproxy is running via ssh command in putty ?

Again, I'm not sure why you created the firewall rules, or why you think they're needed. I don't have them in my setup. I also don't know what other things you are resetting to default. If you added those rules for IGMP, I advise you remove them for testing of igmpproxy, simple.

  • Have you installed and properly configure igmpproxy yet?
  • Is it working?

  • You can check that any program is running with the top command.
  • You can list firewall rules, and see the ones that igmpproxy creates
  • You can use tcpdump to see IGMP traffic on your LAN and WAN
  • You can also use tcpdump to see traffic to the multicast addresses 224.0.0.0/4
1 Like

https://openwrt.org/docs/guide-user/network/wan/udp_multicast

in /etc/config/igmpproxy I put this:

config igmpproxy
        option quickleave 1

config phyint
        option network wan
        option direction upstream
        list altnet 0.0.0.0/0

config phyint
        option network lan
        option direction downstream

In /etc/config/firewall I put this:

config rule
        option src      wan
        option proto    igmp
        option target   ACCEPT
config rule
        option src      wan
        option proto    udp
        option dest     lan
        option dest_ip  224.0.0.0/4
        option target   ACCEPT
        option family   ipv4

I also enabled IGMP snooping on WAN and LAN interface. Doesn't work.

what about this line ? list altnet 0.0.0.0/0

  • Why did you again fail to add the option zone lines in your config? THEY ARE NEEDED FOR THE FIREWALL TO WORK!!!
  • Why are you adding a firewall rule (before testing) again!?!?

Why did you do this!?!?

What about it?


If you don't wanna follow the suggestions above, just let me know why.

hello ? I made all these changes because of this https://openwrt.org/docs/guide-user/network/wan/udp_multicast

as posted by vgaetera

So, you're saying that you don't wish to add:

  • option zone wan
    and
  • option zone lan

OK, then igmpproxy won't work.

That documentation seems to be outdated. The init script of igmpproxy sets up Firewall rules automatically now based on the specified zones in the igmpproxy settings.

Please remove all manual rules you have created, and setup your igmpproxy config as instructed by @lleachii with the zones defined. I am also running igmpproxy without any manual rules.

Make sure you reload the new igmpproxy config once you have set it up correctly.

1 Like

alright sorry for that mistake. I will try again.

1 Like

Woah, please change that firewall back to default immediately. You are allowing outside WAN traffic to be forwarded to your LAN.

That would only be safe if the WAN interface isn't connected to the internet. But even if that were true, that forward is completely unneeded.

I am not sure what else you changed, but it might be best to simply reset the router back to defaults, install igmpproxy, set it up (including the zone options) and watch the magic happen :slight_smile:

1 Like

I assigned 10.0.0.100 to the WAN port and its connected to PC1 which has 10.0.0.50 which sends a stream 239.1.1.1:1234

I reset the router and copied this into igmpproxy config:

config igmpproxy
        option quickleave 1

config phyint
        option network wan
        option zone wan
        option direction upstream
        list altnet 0.0.0.0/0

config phyint
        option network lan
        option zone lan
        option direction downstream

Then I saved it and rebooted the router and I still can't view the stream.

Try quickleave 0.

Ok I tried . not working

The switch you are using in your test setup, does it have igmp snooping? Is it a managed switch? Are the upstream PC and the downstream router on the same vlan and able to talk to each other?

239.1.1.1 does not satisfy the 224.0.0.0/0 rule that igmpproxy automatically creates. Please send the multicast stream to an address that does. 224.x.x.x would be easiest :slight_smile:

1 Like

i removed the switch for testing. so i'm connected directly to the WAN. I will try a different address thanks

1 Like