Multicast/SSDP not working (on VLAN interface)
Andreas Scherrer
ascherrer at gmail.com
Tue Mar 20 22:08:18 UTC 2018
Hi
Thank you, Rodney and Ivan, for coming back to me (and so quickly).
On 20.03.18 00:11, Rodney W. Grimes wrote:
...
>> So I suspect that "something" is dropping the M-SEARCH packets for some
>> reason after they are received. And I cannot get rid of the feeling that
>> it has something to do with the fact that the incoming interface is a
>> VLAN interface...
>> My first guess, anti spoofing, seems not to be the problem (I am using
>> ipfw and "not antispoof in" but that does not seem to drop any traffic).
>
> Are you running with "firewall_type="simple""?
> If so it is set to block all 224/4 packets, see this part
> of /etc/rc.firewall:
...
No, my firewall is made from "hand curated" ipfw rules.
And I am pretty sure (never 100%, but 99% this time), that this is not a
firewall issue. Why?
I have the following rule that should accept traffic from my client(s)
to 239.255.255.250:1900 in place:
allow ip from any to not me in recv re1\*
And, when I place a rule like this just before and after that rule:
count log ip from any to any via re1\*
I see hits before but not after the "allow" rule. Hence, the policy
accepts the packet(s). No?
Also, just adding the route for 224.0.0.0/4, without touching the ipfw
rules, makes things work... And I am *not* using "verrevpath" in my ifpw
rules (I do use "antispoof", but as the packets hit the rule(s)
mentioned above, that does not seem to be the problem).
I might give Ivan's code a try, but I am not very good at compiling and
installing software :(
If anybody is able to provide an additional hint in the mean time, I am
more than happy to follow up.
Best
andreas
More information about the freebsd-net
mailing list