Date: Tue, 20 Mar 2018 03:15:06 +0300 From: Rozhuk Ivan <rozhuk.im@gmail.com> To: "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net> Cc: Andreas Scherrer <ascherrer@gmail.com>, freebsd-net@freebsd.org Subject: Re: Multicast/SSDP not working (on VLAN interface) Message-ID: <20180320031506.10b5cd89@gmail.com> In-Reply-To: <201803192311.w2JNB5lU014039@pdx.rh.CN85.dnsmgr.net> References: <f85a4da6-a06f-e045-36e0-2d82c67e8239@gmail.com> <201803192311.w2JNB5lU014039@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Mar 2018 16:11:05 -0700 (PDT)
"Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net> wrote:
> Are you running with "firewall_type="simple""?
> If so it is set to block all 224/4 packets, see this part
> of /etc/rc.firewall:
> # And stop draft-manning-dsua-03.txt (1 May 2000) nets
> (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST
> (class D), and class E) # on the outside interface
> ${fwcmd} table ${BAD_ADDR_TBL} add 0.0.0.0/8
> ${fwcmd} table ${BAD_ADDR_TBL} add 169.254.0.0/16
> ${fwcmd} table ${BAD_ADDR_TBL} add 192.0.2.0/24
> ${fwcmd} table ${BAD_ADDR_TBL} add 224.0.0.0/4
> ${fwcmd} table ${BAD_ADDR_TBL} add 240.0.0.0/4
>
> ${fwcmd} add deny all from any to "table($BAD_ADDR_TBL)" via
> ${oif}
>
> Your route effected this as your packets are no longer trying to
> use an all interfaces path, but a specific interface, and that is
> probably not ${oif} of your firewall.
>
One more fw tip: pf by default drops all IP packets with options, so IGMP does not work.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180320031506.10b5cd89>