Multcasting between 2 network

Hello,

I'm trying to allow the mutlicasting traffic between 2 IP of 2 differents network without success :frowning:

  • Wlan2 : 192.168.3.253 (sender)
  • Lan : 192.168.1.254 (receiver)

Multicast traffic : IP SonoffAtelier.lan.5353 > 224.0.0.251.5353

My last test was to allow all traffic between these IP >> same result :frowning:

root@OpenWrt:~# iptables-save
# Generated by iptables-save v1.8.3 on Tue Jan  7 07:57:27 2020
*nat
:PREROUTING ACCEPT [48:4034]
:INPUT ACCEPT [8:448]
:OUTPUT ACCEPT [2:144]
:POSTROUTING ACCEPT [4:248]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:postrouting_wlan1_rule - [0:0]
:postrouting_wlan2_rule - [0:0]
:postrouting_wlan3_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:prerouting_wlan1_rule - [0:0]
:prerouting_wlan2_rule - [0:0]
:prerouting_wlan3_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
:zone_wlan1_postrouting - [0:0]
:zone_wlan1_prerouting - [0:0]
:zone_wlan2_postrouting - [0:0]
:zone_wlan2_prerouting - [0:0]
:zone_wlan3_postrouting - [0:0]
:zone_wlan3_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0.1 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i wlan1 -m comment --comment "!fw3" -j zone_wlan1_prerouting
-A PREROUTING -i wlan2 -m comment --comment "!fw3" -j zone_wlan2_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i wlan3 -m comment --comment "!fw3" -j zone_wlan3_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0.1 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o wlan1 -m comment --comment "!fw3" -j zone_wlan1_postrouting
-A POSTROUTING -o wlan2 -m comment --comment "!fw3" -j zone_wlan2_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o wlan3 -m comment --comment "!fw3" -j zone_wlan3_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wlan1_postrouting -m comment --comment "!fw3: Custom wlan1 postrouting rule chain" -j postrouting_wlan1_rule
-A zone_wlan1_prerouting -m comment --comment "!fw3: Custom wlan1 prerouting rule chain" -j prerouting_wlan1_rule
-A zone_wlan2_postrouting -m comment --comment "!fw3: Custom wlan2 postrouting rule chain" -j postrouting_wlan2_rule
-A zone_wlan2_prerouting -m comment --comment "!fw3: Custom wlan2 prerouting rule chain" -j prerouting_wlan2_rule
-A zone_wlan3_postrouting -m comment --comment "!fw3: Custom wlan3 postrouting rule chain" -j postrouting_wlan3_rule
-A zone_wlan3_prerouting -m comment --comment "!fw3: Custom wlan3 prerouting rule chain" -j prerouting_wlan3_rule
COMMIT
# Completed on Tue Jan  7 07:57:27 2020
# Generated by iptables-save v1.8.3 on Tue Jan  7 07:57:27 2020
*mangle
:PREROUTING ACCEPT [986:598445]
:INPUT ACCEPT [170:18704]
:FORWARD ACCEPT [808:578334]
:OUTPUT ACCEPT [187:59168]
:POSTROUTING ACCEPT [972:635850]
-A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Tue Jan  7 07:57:27 2020
# Generated by iptables-save v1.8.3 on Tue Jan  7 07:57:27 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:forwarding_wlan1_rule - [0:0]
:forwarding_wlan2_rule - [0:0]
:forwarding_wlan3_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:input_wlan1_rule - [0:0]
:input_wlan2_rule - [0:0]
:input_wlan3_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:output_wlan1_rule - [0:0]
:output_wlan2_rule - [0:0]
:output_wlan3_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_dest_REJECT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_DROP - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
:zone_wlan1_dest_ACCEPT - [0:0]
:zone_wlan1_dest_REJECT - [0:0]
:zone_wlan1_forward - [0:0]
:zone_wlan1_input - [0:0]
:zone_wlan1_output - [0:0]
:zone_wlan1_src_ACCEPT - [0:0]
:zone_wlan2_dest_ACCEPT - [0:0]
:zone_wlan2_dest_REJECT - [0:0]
:zone_wlan2_forward - [0:0]
:zone_wlan2_input - [0:0]
:zone_wlan2_output - [0:0]
:zone_wlan2_src_ACCEPT - [0:0]
:zone_wlan3_dest_ACCEPT - [0:0]
:zone_wlan3_dest_REJECT - [0:0]
:zone_wlan3_forward - [0:0]
:zone_wlan3_input - [0:0]
:zone_wlan3_output - [0:0]
:zone_wlan3_src_ACCEPT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0.1 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i wlan1 -m comment --comment "!fw3" -j zone_wlan1_input
-A INPUT -i wlan2 -m comment --comment "!fw3" -j zone_wlan2_input
-A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i wlan3 -m comment --comment "!fw3" -j zone_wlan3_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -s 192.168.3.253/32 -m comment --comment "!fw3: Sonoff atelier - Block wan access" -j zone_wan_dest_DROP
-A FORWARD -s 192.168.3.252/32 -m comment --comment "!fw3: Sonoff garage - Block wan access" -j zone_wan_dest_DROP
-A FORWARD -m comment --comment "!fw3: Zone * to wlan3 forwarding policy" -j zone_wlan3_dest_ACCEPT
-A FORWARD -m comment --comment "!fw3: Zone * to wlan3 forwarding policy" -j zone_wlan3_dest_ACCEPT
-A FORWARD -i eth0.1 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i wlan1 -m comment --comment "!fw3" -j zone_wlan1_forward
-A FORWARD -i wlan2 -m comment --comment "!fw3" -j zone_wlan2_forward
-A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i wlan3 -m comment --comment "!fw3" -j zone_wlan3_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0.1 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o wlan1 -m comment --comment "!fw3" -j zone_wlan1_output
-A OUTPUT -o wlan2 -m comment --comment "!fw3" -j zone_wlan2_output
-A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o wlan3 -m comment --comment "!fw3" -j zone_wlan3_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o eth0.1 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_REJECT -o eth0.1 -m comment --comment "!fw3" -j reject
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wlan1 forwarding policy" -j zone_wlan1_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wlan2 forwarding policy" -j zone_wlan2_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_REJECT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0.1 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_DROP -o eth0.2 -m comment --comment "!fw3" -j DROP
-A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
-A zone_wlan1_dest_ACCEPT -o wlan1 -m comment --comment "!fw3" -j ACCEPT
-A zone_wlan1_dest_REJECT -o wlan1 -m comment --comment "!fw3" -j reject
-A zone_wlan1_forward -m comment --comment "!fw3: Custom wlan1 forwarding rule chain" -j forwarding_wlan1_rule
-A zone_wlan1_forward -m comment --comment "!fw3: Zone wlan1 to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_wlan1_forward -m comment --comment "!fw3: Zone wlan1 to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_wlan1_forward -m comment --comment "!fw3: Zone wlan1 to wlan2 forwarding policy" -j zone_wlan2_dest_ACCEPT
-A zone_wlan1_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wlan1_forward -m comment --comment "!fw3" -j zone_wlan1_dest_REJECT
-A zone_wlan1_input -m comment --comment "!fw3: Custom wlan1 input rule chain" -j input_wlan1_rule
-A zone_wlan1_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wlan1_input -m comment --comment "!fw3" -j zone_wlan1_src_ACCEPT
-A zone_wlan1_output -m comment --comment "!fw3: Custom wlan1 output rule chain" -j output_wlan1_rule
-A zone_wlan1_output -m comment --comment "!fw3" -j zone_wlan1_dest_ACCEPT
-A zone_wlan1_src_ACCEPT -i wlan1 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wlan2_dest_ACCEPT -o wlan2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wlan2_dest_REJECT -o wlan2 -m comment --comment "!fw3" -j reject
-A zone_wlan2_forward -m comment --comment "!fw3: Custom wlan2 forwarding rule chain" -j forwarding_wlan2_rule
-A zone_wlan2_forward -s 192.168.3.253/32 -d 192.168.1.254/32 -m comment --comment "!fw3: t1" -j zone_lan_dest_ACCEPT
-A zone_wlan2_forward -m comment --comment "!fw3: Zone wlan2 to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_wlan2_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wlan2_forward -m comment --comment "!fw3" -j zone_wlan2_dest_REJECT
-A zone_wlan2_input -m comment --comment "!fw3: Custom wlan2 input rule chain" -j input_wlan2_rule
-A zone_wlan2_input -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Block wlan2 admin" -j DROP
-A zone_wlan2_input -d 192.168.1.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Block wlan2 admin" -j DROP
-A zone_wlan2_input -d 192.168.2.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Block wlan2 admin" -j DROP
-A zone_wlan2_input -d 192.168.2.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Block wlan2 admin" -j DROP
-A zone_wlan2_input -d 192.168.3.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Block wlan2 admin" -j DROP
-A zone_wlan2_input -d 192.168.3.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Block wlan2 admin" -j DROP
-A zone_wlan2_input -d 192.168.4.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Block wlan2 admin" -j DROP
-A zone_wlan2_input -d 192.168.4.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Block wlan2 admin" -j DROP
-A zone_wlan2_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wlan2_input -m comment --comment "!fw3" -j zone_wlan2_src_ACCEPT
-A zone_wlan2_output -m comment --comment "!fw3: Custom wlan2 output rule chain" -j output_wlan2_rule
-A zone_wlan2_output -m comment --comment "!fw3" -j zone_wlan2_dest_ACCEPT
-A zone_wlan2_src_ACCEPT -i wlan2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wlan3_dest_ACCEPT -o wlan3 -m comment --comment "!fw3" -j ACCEPT
-A zone_wlan3_dest_REJECT -o wlan3 -m comment --comment "!fw3" -j reject
-A zone_wlan3_forward -m comment --comment "!fw3: Custom wlan3 forwarding rule chain" -j forwarding_wlan3_rule
-A zone_wlan3_forward -m comment --comment "!fw3: Zone wlan3 to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_wlan3_forward -m comment --comment "!fw3: Zone wlan3 to * forwarding policy" -j ACCEPT
-A zone_wlan3_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wlan3_forward -m comment --comment "!fw3" -j zone_wlan3_dest_REJECT
-A zone_wlan3_input -m comment --comment "!fw3: Custom wlan3 input rule chain" -j input_wlan3_rule
-A zone_wlan3_input -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Block wlan3 admin" -j DROP
-A zone_wlan3_input -d 192.168.1.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Block wlan3 admin" -j DROP
-A zone_wlan3_input -d 192.168.2.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Block wlan3 admin" -j DROP
-A zone_wlan3_input -d 192.168.2.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Block wlan3 admin" -j DROP
-A zone_wlan3_input -d 192.168.3.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Block wlan3 admin" -j DROP
-A zone_wlan3_input -d 192.168.3.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Block wlan3 admin" -j DROP
-A zone_wlan3_input -d 192.168.4.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Block wlan3 admin" -j DROP
-A zone_wlan3_input -d 192.168.4.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Block wlan3 admin" -j DROP
-A zone_wlan3_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wlan3_input -m comment --comment "!fw3" -j zone_wlan3_src_ACCEPT
-A zone_wlan3_output -m comment --comment "!fw3: Custom wlan3 output rule chain" -j output_wlan3_rule
-A zone_wlan3_output -m comment --comment "!fw3" -j zone_wlan3_dest_ACCEPT
-A zone_wlan3_src_ACCEPT -i wlan3 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Tue Jan  7 07:57:27 2020
root@OpenWrt:~#

May be the problem is not to allow the traffic between these IP, but to route the IGMP traffic coming from 192.168.3.253 to 192.168.1.0 ?

Thanks in advance foryour help.

OpenWrt cannot multicasting Orange TV flux ( HD+ , HD or SD ) and not found solution, why ?

Tested Openwrt clone PandoraBox or Padavan and not this problem ( not use IGMP )

I followed the guide https://oldwiki.archive.openwrt.org/doc/howto/udp_multicast

Igmpproxy configuration :

config igmpproxy
        option quickleave 1
#       option verbose [0-3](none, minimal[default], more, maximum)

config phyint
        option network wlan2
        option zone wlan2
        option direction upstream
        list altnet 0.0.0.0/0


config phyint
        option network lan
        option zone lan
        option direction downstream

Network configuration :

config interface 'lan'
        option ifname 'eth0.1'
        option proto 'static'
        option ip6assign '60'
        option delegate '0'
        option igmp_snooping 1
        list ipaddr '192.168.1.1/24'

Firewall configuration :

config rule
        option src 'wlan2'
        option proto 'igmp'
        option target 'ACCEPT'
        option family 'ipv4'
        option dest 'lan'

config rule
        option src 'wlan2'
        option proto 'udp'
        option dest 'lan'
        option dest_ip '224.0.0.0/4'
        option target 'ACCEPT'
        option family 'ipv4'

May be I forgot something ?
I read that normally the package kmod-bridge should be installed, but the package is not available on «opkg list». Is it normal ?

Edit : Just saw that this package is into the kernel.

These instructions are outdated. You should read the new wiki only.

Thanks for your reply.

I already applyed the modifications but it's the same result, see below the logs :

openwrt log by tcpdump -i wlan2 igmp (192.168.3.0)

15:33:46.391603 IP Google-Home-Mini.lan > 239.255.255.250: igmp v2 report 239.255.255.250
15:33:46.781223 IP Chromecast.lan > 239.255.3.22: igmp v2 report 239.255.3.22
15:33:46.781383 IP Chromecast.lan > 239.255.3.22: igmp v2 report 239.255.3.22
15:33:49.054446 IP SonoffGarage.lan > 224.0.0.251: igmp v2 report 224.0.0.251
15:33:49.054546 IP SonoffGarage.lan > 224.0.0.251: igmp v2 report 224.0.0.251
15:33:49.738987 IP SonoffAtelier.lan > all-systems.mcast.net: igmp v2 report all-systems.mcast.net
15:33:49.739127 IP SonoffAtelier.lan > all-systems.mcast.net: igmp v2 report all-systems.mcast.net
15:33:52.882191 IP OpenWrt.lan > 224.0.23.12: igmp v2 report 224.0.23.12

Jeedom log by tcpdump igmp (connected on openwrt by Lan : 192.168.1.0)

15:35:28.048728 IP OpenWrt.lan > all-systems.mcast.net: igmp query v2
15:35:29.254967 IP Diskstation.lan > 224.0.0.251: igmp v2 report 224.0.0.251
15:35:31.125155 IP OpenWrt.lan > all-routers.mcast.net: igmp v2 report all-routers.mcast.net
15:35:33.148798 IP Knx.lan > 224.0.23.12: igmp v2 report 224.0.23.12

The igmp traffic coming from wlan2 is not routed to the lan (Sonoffxxxx).

I had a look for similar problems, it seems that they are using a different program, not igmpproxy.

Local subnetwork

Addresses in the range of 224.0.0.0 to 224.0.0.255 are individually assigned by IANA and designated for multicasting on the local subnetwork only. For example, the Routing Information Protocol (RIPv2) uses 224.0.0.9 , Open Shortest Path First (OSPF) uses 224.0.0.5 and 224.0.0.6 , and Multicast DNS uses 224.0.0.251 . Routers must not forward these messages outside the subnet from which they originate.

:thinking:

Apples Bonjour (mDNS = 224.0.0.251) supports Wide Area Bonjour (uses Unicast) to make name resolution possible across multiple subnetworks.

However, I think its possible to use Avahis reflector mode to make mDNS possible over multiple subnets.

finally i have found in relay mode

igmpproxy

config igmpproxy
        option quickleave 1
#       option verbose [0-3](none, minimal[default], more, maximum)

config phyint
        option network wwan
        option zone wwan
        option direction upstream
        list altnet 0.0.0.0/0

config phyint
        option network lan
        option zone lan
        option direction downstream

after:
uci commit igmpproxy
/etc/init.d/network restart

Thanks a lot @shm0 :wink:
It's working correctly, it's little damage that it's not possible to adjut the filtering. All IGMP is transmited on all interfaces setted. It'll be fine to be able to set the direction of the reflexion and/or set a ip source authorized.

I'll work a last day on igmppyoxy before to adopt Avahi.

Finally adopter Avahi, with the rule :

iptables -A input_wlan2_rule -p udp ! -f --dport 5353 -d 224.0.0.0/4 -s 192.168.3.253 -j ACCEPT
iptables -A input_wlan2_rule -p udp ! -f --dport 5353 -d 224.0.0.0/4 -s 192.168.3.252 -j ACCEPT
iptables -A input_wlan2_rule -p udp ! -f --dport 5353 -d 224.0.0.0/4 -j DROP

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.