Hi, OpenWrt community!
Please, can somebody explain why multicast UDP packets sent to 239.255.255.235:427 from a computer on a local network behind an OpenWrt router are not DNAT-able, and suggest a work-around?
I have a OpenWrt router running ZeroTier, and wish to forward multicast packets emanating from a computer in a LAN zone to the ZeroTier interface, after changing destination address to an address ZeroTier managed route range.
Why is this important? My goal to split a local network comprising two embedded Ethernet hosts into independent LANs behind geographically separated OpenWrt routers, with each host on its own LAN. A ZeroTier Internet 'tunnel' (for want of a better way of describing ZeroTier magic) allows devices in these different subnets to find one another.
To preserve key functionality, I must find a way for multicast UDP packets advertising available services emitted from one device to reach the other device. After an initial data exchange, unicast addresses are used by both devices.
I conjecture that, so long as the content of multicast packets reaches the listening device on the correct port (427), they should be consumed and processed - the client will commence handshaking regardless of source addresses.
To test this theory, I programmed computers at either end of the ZeroTier bridge to send and receive UPD packets and added the following redirect section on top of a standard OpenWrt/ZeroTier installation (as per https://github.com/mwarning/zerotier-openwrt instructions).
config redirect
config redirect
option name 'UDP_Multicast_Redirect'
option target 'DNAT'
option src 'lan'
option proto 'udp'
option src_dport '427'
option dest_ip '192.168.10.244'
option dest_port '427'
option enabled '1'
option dest 'vpn'
'dest_ip' 192.168.10.244 is the computer programmed to receive UDP (the sending computer is on the 192.168.9.0 subnet), The ZeroTier zone is named 'vpn' (my ZeroTier managed routes are the 192.168.10.0/24 and 192.168.9.0/24 subnets).
OpenWrt routers and ZeroTier work perfectly, and the rule generated by fw4 from the redirect directive successfully readdresses UDP messages so long as destination address lies outside the multicast range. For example, messages addressed to 223.255.255.255 get through, messages addressed to 224.0.0.0 do not.
Evidently, behind the scenes OpenWrt employs a special policy to multicast packets. I can't spot rules in the firewall configuration to explain what's happening but noticed references to 'Multicast Space Registry' that cropped up in Google searches about routers, suggesting the kernel might be applying rules above and beyond those defined by users. Or perhaps I missed a setting, somewhere...
Can anybody help, please?