Some Update on the dlna server thing.
Even when i allow all traffic between the networks there is no dlna discovery possible.
DLNA uses 239.255.255.250 and 224.0.0.22 as mutlicast grps (but im not sure...).
Is it possible to add multicast route then this should work?
How to do this with openwrt?
//edit
can this work?
Do i have to add netmasks?
config route
option interface 'lan'
option target '239.255.255.250'
option type 'multicast'
config route
option interface 'isolated'
option target '239.255.255.250'
option type 'multicast'
config route
option interface 'lan'
option target '224.0.0.0'
option type 'multicast'
config route
option interface 'isolated'
option target '224.0.0.0'
option type 'multicast'
//Edit2
I think those 2 routes should be enough but havent tested yet. will report later.
(should cover all local used mutlicast grps maybe overkill)
config route
option interface 'lan'
option target '224.0.0.0'
option netmask '240.0.0.0'
option type 'multicast'
config route
option interface 'isolated'
option target '224.0.0.0'
option netmask '240.0.0.0'
option type 'multicast'
igmproxy is only useful in nated environment i think?
pimd is used in networks with multiple gateways to distribute the multicasts between gateways?
maybe smcroute is the tool to use here?
But with smcroute it is only possible to join certain multicast grps?
In this case 239.255.255.250 and 224.0.0.22 ?
For example:
phyint lo disable
phyint wlan0 disable
phyint ifb4eth0 disable
phyint eth0 disable
phyint eth1 disable
phyint eth1.1 enable ttl-threshold 1
phyint eth1.2 enable ttl-threshold 1
mroute from eth1.1 group 239.255.255.250 to eth1.2
mroute from eth1.2 group 239.255.255.250 to eth1.1
//Edit
smcroute approach works fine, using the config from above.
The following firewall rules are needed to allow the isolated netowrk access to the dlna server.
I use plex here which uses tcp port 32469.
config rule
option target 'ACCEPT'
option src 'isolated'
option dest 'lan'
option name 'Allow-Isolated-DLNA-Discover'
option family 'ipv4'
option proto 'udp'
option dest_ip '239.255.255.250'
option dest_port '1900'
config rule
option target 'ACCEPT'
option src 'isolated'
option dest 'lan'
option name 'Allow-Isolated-Plex'
option family 'ipv4'
option proto 'tcp'
option dest_ip '192.168.0.1'
option dest_port '32469'
If you use plex and enable rebind protection in dnsmasq, you maybe get an dns rebind attack message.
To avoid this add this to your dhcp conf file.
config dnsmasq
...
list rebind_domain 'plex.direct'
..
//edit
The setup was not perfect. It only worked if the clients were already online and the server started afterwards.
Other way around it did not work.
So for smcroute config. Only the mroute lines are needed. no need for the mgroup lines.
Updated config above.
These lines are also needed it seems. (add to firewall.user)
Multicast have a default ttl of 1. Which is not sufficient.
So we let iptables increase the ttl by one when the multicasts passing one interface.
iptables -t mangle -A PREROUTING -i eth1.1 -d 239.255.255.250 -j TTL --ttl-inc 1
iptables -t mangle -A PREROUTING -i eth1.2 -d 239.255.255.250 -j TTL --ttl-inc 1
(Last edited by shm0 on 1 Jul 2016, 19:10)