0

I have hostapd running on two wireless devices in isolated and bridged mode: wlp1s0 is behind the bridge wan, and wlp5s0 is behind the bridge iot. The exact configuration for each bridge is the one described here. wan has the subnet 192.168.2.0/24n and iot the subnet 192.168.3.0/24.

I'm trying to setup SSDP forwarding from wan to iot so I can connect to Sonos players on iot using a controller on wan. I'm following this guide. Note that it's written with two different VLANs in mind but I assume the same should work for two different bridges.

I have thus set up an igmpproxy instance with the configuration

phyint wan upstream   ratelimit 0 threshold 1
phyint iot downstream ratelimit 0 threshold 1

For testing purposes I have disabled packet filtering entirely between the two bridges on the firewall.

I would expect this setup to be enough, but the controller on wan cannot see the players on iot. The players do register correctly to the IGMP proxy (192.168.3.29 is one of the players):

igmpproxy[13948]: SENT Membership query   from 192.168.3.1     to 224.0.0.1
...
igmpproxy[13948]: RECV V2 member report   from 192.168.3.29    to 239.255.255.250
igmpproxy[13948]: Should insert group 239.255.255.250 (from: 192.168.3.29) to route table. Vif Ix : 1
igmpproxy[13948]: Updated route entry for 239.255.255.250 on VIF #1

I can check using TCP dump that the controller indeed sends SSDP packets (192.168.2.67 is the controller):

> tcpdump -i wan port 1900
...
16:16:07.600003 IP 192.168.2.67.49628 > 239.255.255.250.ssdp: UDP, length 202
16:16:07.600003 IP 192.168.2.67.49628 > 255.255.255.255.ssdp: UDP, length 202
...

and it seems igmpproxy is receiving these correctly:

igmpproxy[13948]: Vif bits : 0x00000002
igmpproxy[13948]: Setting TTL for Vif 1 to 1
igmpproxy[13948]: Adding MFC: 192.168.2.67 -> 239.255.255.250, InpVIf: 2
...
igmpproxy[13948]: Current routing table (Insert Route):
igmpproxy[13948]: -----------------------------------------------------
igmpproxy[13948]: #0: Src0: 192.168.2.67, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000002, dHosts
igmpproxy[13948]: -----------------------------------------------------

I am not seeing these packets being forwarded with tcpdump though. I would expect some packet on iot with destination the IPs that got registered for multicast on 239.255.255.250 (so the sonos player in particular). Hence I assume this is what causes the discovery to fail.

Why am I not seeing the SSDP packets being forwarded ? What should I change for the Sonos controller to discover the players through SSDP ?

Improve this question

1 Answer 1

Reset to default
0

The problem was actually on the firewall side.

I had only disabled packet filtering on the bridge layer because my understanding from this answer was that traffic between bridges only went through the bridge layer of the firewall. But it seems that if the two bridges are different then the traffic still goes through the IP layer, which makes sense.

The solution was thus to open the necessary ports between the two bridges in the forwarding hook of the IP family, instead of in the bridge family.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.